Reversing Statically-Linked Binaries with Function Signatures

Reversing Statically-Linked Binaries with Function Signatures - bin 0x2D

Рет қаралды 62,958

LiveOverflow

Күн бұрын

Пікірлер: 72

@tox1cnoth160 5 жыл бұрын

dude i love those zoom ins and the cartoonish arrows, it makes your videos so enjoyable to watch, they are a beauty

@ggsap 10 күн бұрын

is that satire

@jaredmeit6127 5 жыл бұрын

I really like these videos. It is just like the early ones that I subscribed for. Although I do like your recent content, this format is my favourite. Covering 1 topic concisely as part of a series that gets gradually more in-depth.

@MCTTABOB 5 жыл бұрын

i have spent hours reversing static stripped bins without knowing this, labeling stuff by hand.. thanks so much haha

@PwnySlaystation01 5 жыл бұрын

I'm good with this type of video too, however I really have a hard time with the low audio. I don't see anyone in the comments mentioning it, so maybe it's just me, but I have to crank my laptop volume almost up to full to hear you in this format. Upping the volume a bit would be greatly appreciated!

@netanelkomm5636 9 ай бұрын

This guy's intro rocks

@youtubeargentina349 2 жыл бұрын

Thanks a million for this amazing video. You answered many of my questions in just a few minutes :)

@matevarga3040 5 жыл бұрын

PLS KEEP the comntent good. Q_Q Im happy you have daily but I'm a bit concern about it. Bit of thinking. Actually this small bits keep me entertained and I also learn the same time. It's very digestable. It's a win. Wish you good luck /life/etc. .

@hanshansli2238 5 жыл бұрын

Love the shorter videos. And right in the sweet spot in terms of difficulty, at least for me

@mnageh-bo1mm 5 жыл бұрын

Hi you... we need vids about reversing more common software.

@AneeshDogra 5 жыл бұрын

How about reverse engineering Source engine? @LiveOverflow!

@mnageh-bo1mm 5 жыл бұрын

@@AneeshDogra sounds interesting

@zCri 5 жыл бұрын

Epic hacker man is back at it again

@Davi-c4q 5 жыл бұрын

How are these signatures made? it's some kind hash function of all the bytes used by the function, substituting `call`s by the bytes of the internal functions?

@enocknicolas7163 5 жыл бұрын

daily uploads👍👌

@EvilSapphireR 5 жыл бұрын

I spent a good 1 hour understanding this video and the weird flow of the statically linked stripped binary. So if I'm not wrong, whenever dynamic linking happens in a process with a debugger attached to it the debugger watches for the symbols being used for the linking and can subsequently tell the user the function names?

@EE-cc5bd 5 жыл бұрын

The stripped binary only has its own debug symbols removed, but still has its import table (symbols referring to external functions/variables to be dynamically bound). So no need for a debugger, a proper disassembler is enough. (It is the most common form of executable, no debug symbols and dynamic linking). The second part of the video is about using signatures to identify functions that we know of from another binary, it's a difficult task since the assembly can change between different compilations and thus different versions of a library. There are different identification methods around: flair (pattern + cross references), yara (behavior based, return value), ..

@meithecatte8492 5 жыл бұрын

I'm pissed the video isn't 13:37 long.

@xrafter Жыл бұрын

Why?

@1.4142 Жыл бұрын

still waiting for a 13:37 long video

@athuljose6094 5 жыл бұрын

Could you make a list of all resources that could help in learning like wargame sites ? I don't know if you have something like this already on your site. Thanks for these videos mate.

@phmen6706 5 жыл бұрын

da mwnuseee

@ECX0x100h Жыл бұрын

How do we determine what libc version is embedded within a static/stripped binary?

@yuxin7440 5 жыл бұрын

Great video, can you also created a video talking about other common anti debugging techniques and how to bypass them?

@thewelder3538 Жыл бұрын

This seems to be a lesson in why you don't decompile code, you disassemble it. If you understand x86 enough, you can always see exactly what is happening and you don't run into problems where you end up with rogue function calls that shouldn't be there.

@pep1878 5 жыл бұрын

I would love to see some reversing with cutter (if you abandoned gdb/r2...) which also added the ghidra decompiler....

5 жыл бұрын

Hello. I am studiying and developing a Deep learning algorithm. I wonder, is there any deep learning method to extract and recognize the binary sembols. Deep learning is very good at it. It can learn almost all sembols and behaviour of compiler. I know it takes very long time but it can learn.

@blackbeard4532 5 жыл бұрын

Noice keep them coming!

@MrHatoi 4 жыл бұрын

Would be nice to have the links for stuff you used in the video

@pseudo_goose 5 жыл бұрын

wait a moment, that breadboard computer looks familiar ....

@lancemarchetti8673 Жыл бұрын

Awesome.

@zuhayr1337 5 жыл бұрын

The haiiiiiirrrrr!!!!! 😍😍

@zacwesleybrown 5 жыл бұрын

Cool video

@anthonything 5 жыл бұрын

big cool

@BlackHermit 4 жыл бұрын

Great volumeeeeeeeeeeeee! :)

@adrianstangu80 4 жыл бұрын

GBU !

@chanakanztech4108 5 жыл бұрын

nice!

@Veso266 5 жыл бұрын

Where is a .pdb file for not stripped binaries on linux Because on windows if you remove .pdf file you loose all symbols

@LiveOverflow 5 жыл бұрын

it's in the ELF binary itself, no external symbol file needed. If you strip a ELF binary you can see the size is smaller.

@Veso266 5 жыл бұрын

@@LiveOverflow can you use Ghidra to reverse engeneer linux bin on windows or you have to use linux to reverse linux binaries?

@Demonslay335 4 жыл бұрын

@@Veso266 Ghidra can reverse Linux binaries on any host platform. Same goes for IDA.

@metaorior 5 жыл бұрын

nice

@lordkauck 5 жыл бұрын

Hold up, who's the hot guy he hired? Lmfao

@blizzy78 5 жыл бұрын

Now decompile a Go program.

@xrafter Жыл бұрын

Or rust or anything other than C.

@BosakMaw 5 жыл бұрын

But can you reverse a linked list?

@gyroninjamodder 5 жыл бұрын

Why would a program use md5 in 2019? MD5 has been broken for a long time.

@LiveOverflow 5 жыл бұрын

Ah well. Then I don’t know why any programmer would still write code with buffer overflow vulnerabilities. Or why XSS still exists. Or why iPhones still get jailbroken. Why are they not just writing secure code?!?!?

@gyroninjamodder 5 жыл бұрын

@@LiveOverflow That is not a fair comparison. People consciously choose to use MD5 where buffer overflows, XSS, and jail vulnerabilities happen on accident. Buffer overflows can be effectively eliminated by using a language that keeps tracks of buffer sizes with dependent types. XSS can be effectively mitigated by using refinement types to keep track of whether data is sanitized. Preventing escaping from a jail is much more complicated, but using formal verification of your specification and design can help avoid it.

@eIicit 5 жыл бұрын

@@gyroninjamodder you are missing the point, friend.

@gyroninjamodder 5 жыл бұрын

@@eIicit What point am I missing?

@antiteal3050 5 жыл бұрын

md5 is pretty fast, pretty wide spread, and it's good enough for most tasks. the holes that it has aren't too significant enough for everyone to switch to another hash function. it's "good enough" when generating checksums and the like.

@patatopotate4692 5 жыл бұрын

Could you play that piano for us please? :)

@DoorThief 5 жыл бұрын

Fifth! Love your videos

@patrick1020000 5 жыл бұрын

Could you make a video using the built-in Ghidra function identifier? It is possible to create signatures that way

@techchannel1781 5 жыл бұрын

Hah Can you do that using android phone

@Afif87123 5 жыл бұрын

First

@yumbuboyumbubo8230 5 жыл бұрын

Real Hackers don't use Ghidra, or GDB Back in the good old days -- the "Golden Era" of computers, it was easy to separate the men from the boys (sometimes called "Real Men" and "Quiche Eaters" in the literature). During this period, the Real Men were the ones that understood binary code, and the Quiche Eaters were the ones that didn't. A real computer programmer said things in assebly. (they actually talked in capital letters, you understand)

@saintjohnny45 5 жыл бұрын

Nothing against your face, but it was way easier to focus on the content before.

@LiveOverflow 5 жыл бұрын

I’m just trying to have some fun with daily videos in december. Calling it haxember. It’s just the 4th day old style videos are not gone. I just have to do a different style to be able to make daily stuff. It’s just an experiment ;)