Highest Voted Questions - Reverse Engineering Stack Exchange

15

votes

1 answer

How can BIOS routines be disassemblied?

There was once a disassembler on DOS named Sourcer that can disassembly BIOS routines. However, how do we access to BIOS ROM from software to do such a thing?

asked Jun 01 '16 at 03:22

Amumu

253
2
6

15

votes

1 answer

Bypassing certificate pinning in android

I've spent the past 4 months trying to bypass certificate pinning in the Facebook android application so I can understand how it works, but I'm having trouble doing so. I have tried using android SSL trust Killer and cydia substrate, but there…

asked Mar 14 '16 at 17:45

John Avery

151
1
1
6

14

votes

8 answers

Repackaging APK file using baksmali and smali

I am a student interested in Android Security. I was trying to modify a APK file using baksmali and smali. However, I am not able to run the repackaged app in my mobile. When I click on the icon it say "Unfortunately, test has stopped" and exists.…

asked Jan 17 '15 at 16:34

aMa

303
2
4
8

14

votes

3 answers

Extracting a firmware image via U-Boot

I have a inexpensive Chinese IP-Camera that runs a linux (busybox, to be precise) off a 8-MB SPI flash IC. I'm trying to get access to the device. It has a hardware serial port, and I've gotten access to it, but the linux terminal appears to be…

asked Sep 24 '14 at 09:15

Fake Name

241
1
2
5

14

votes

2 answers

windows - Why is the imagebase default 0x400000?

Having stumbled upon this question (and answer): https://stackoverflow.com/questions/2170843/va-virtual-adress-rva-relative-virtual-address on my quest for understanding Windows' PE format, I'm wondering: why is the default imagebase value 0x400000?…

asked Sep 15 '14 at 18:00

user4520

595
8
21

14

votes

3 answers

What Linux software can I use to explore entropy of a file?

I've heard of tools that could be used to graph entropy of a file. Is there a graphical Linux program that I could use for this job that would let me conveniently explore which blocks of a file have certain entropy patterns that could suggest…

binary-analysis

asked Jul 23 '14 at 10:24

d33tah

317
1
2
10

14

votes

2 answers

Using QEmu monitor interface to extract execution traces from a binary?

My original point was to build something a bit more powerful and generic than a PTRACE system call for Linux platforms. The problem with PTRACE is that it only run on your own system and architecture. An idea would be to run a virtual machine (or,…

asked Jun 30 '14 at 09:21

perror

19,083
29
87
150

14

votes

1 answer

Howto clone Android RSA SecurID Software Token

At the moment I try to figure out how the RSA SecurID Software Token protects itself from getting cloned to another android device. The token I imported has no device binding enabled and I already figured out that the device binding can be exploited…

asked Oct 17 '13 at 09:37

Christopher Dreher

149
1
3

14

votes

1 answer

Is there an equivalent of 'Run trace' as in OllyDbg for IDA PRO?

I have been looking for the equivalent of the "Run Trace" option of OllyDbg in IDA Pro. Can anyone mention if there is one and how to use it ?

asked Jul 15 '13 at 22:50

Higet

437
4
8

14

votes

2 answers

What are some ways to pass raw bytes to a program via the Linux terminal?

I want to pass raw bytes to a (C) program using the Linux Bash shell. I find that when I try to pass for example "\x00\xFF\xAB", the program receiving the input actually gets the ASCII character codes for the string, rather than interpret them as…

asked Apr 19 '20 at 08:48

the_endian

1,860
17
39

14

votes

5 answers

Decryping TLS packets between Windows 8 apps and Azure

In Windows Store application development for Windows 8, there is a class called remoteSettings that lets a developer store batches of data so that the user will have access to it across several machines, as long as they are logged in with the same…

asked Mar 23 '13 at 23:42

Bill Sempf

333
2
7

14

votes

2 answers

How do you set registers as structs within a function in IDA?

For example, in the following disassembly: .text:007C6834 014 mov eax, [esi+4] .text:007C6837 014 mov dword ptr [esi], offset ??_7CAvatar@@6B@ ; const CAvatar::`vftable' How would I be able to set the type of…

asked May 25 '13 at 20:10

Avery3R

1,258
1
12
31

14

votes

4 answers

Debugger hiding plugin for WinDbg?

Are there any good WinDbg hiding plugins like OllyDbg's? Or a plugin that's open source and still in development for this purpose?

asked May 23 '13 at 04:11

shebaw

685
6
13

14

votes

1 answer

How can I debug or monitor a Windows Phone 8 application?

I'm interested in debugging and monitoring a Windows Phone 8 application for which I do not have the source code. Android and iOS can both be rooted/jailbroken, which allows me to use tools like GDB (and others) to debug and monitor a running…

windowsphone

asked May 01 '13 at 16:57

Mick

7,562
3
26
40

14

votes

2 answers

Any way to represent the file-memory relation in a Portable Executable (PE) file?

I am looking for a way to automatically represent the relation between the content of a PE file and how it would be loaded in memory - either an IDA plugin, a combination of pefile script+R/SVG... Something that could look like this (hand drawn):…

asked Apr 28 '13 at 16:30

Ange

6,694
3
28
62

Most Popular