top | item 36175675

(no title)

eftel | 2 years ago

I’m currently trying to make sense of a binary file that is used by a proprietary program to import data.

The file is generated on a server out of my control but I’m able to see that some kind of key is being sent alongside the data. (To encrypt it?)

How would one approach something like this? Where could I look for freelancers who are able to help with this?

discuss

xmcqdpt2|2 years ago

Do you have access to the program that reads the data? If so, you can use a debugger to step through the parser for the file, even if symbols are stripped [1]. You can breakpoint on syscalls, such as when the file gets opened [2] and then step through and look around memory for the decrypted version. If you have an idea of what the file should contain you can probably identify patterns this way.

I'm not an expert on this topic at all though.

[1] Of course you then have less information but it's still possible to see the assembly while the file gets parsed. See for example,

http://felix.abecassis.me/2012/08/gdb-debugging-stripped-bin...

[2] https://sourceware.org/gdb/onlinedocs/gdb/Set-Catchpoints.ht...

xvilka|2 years ago

For this kind of task, using low-level debugger tools is probably better. Rizin[1][2]/Cutter[3][4] could help. We also have GSoC participant this year who works hard on improving debuginfo and debugging support[5]. I personally also like Binary Ninja, they recently made their debugger stable enough[6].

[1] https://rizin.re/

[2] https://github.com/rizinorg/rizin

[3] https://cutter.re/

[4] https://github.com/rizinorg/cutter

[5] https://rizin.re/posts/gsoc-2023-announcement/

[6] https://binary.ninja/2023/05/03/3.4-finally-freed.html#debug...

scrollaway|2 years ago

The most straightforward way will be to reverse engineer the program that imports the data.

Look for reverse engineer freelancers. Many of them in the video game space.