Highest Voted Questions - Reverse Engineering Stack Exchange

13

votes

3 answers

Remove code signature from a Mac binary

How can I remove the code signature from a binary so that I can patch it without the binary refusing to run afterwards? Needless to say, I'm not the original creator of the binary, nor I have the certs that were used to sign the binary.

asked Sep 30 '16 at 09:14

alexandernst

287
1
2
9

13

votes

0 answers

Reverse Engineering 2 byte checksum on RFID card

I am currently researching my studentcard. Money is stored on this card. But the vending machine also checks a checksum on the card. I already did a lot of effort to find it but didn't succeed. The information: Studentcard layout: Some transaction…

crc

asked May 23 '16 at 09:41

6kgstront

139
3

12

votes

1 answer

How to read NSCR1000 data files?

Terminal app on OSX stores the information about its windows and content in its state files in Library/Saved Application State/com.apple.Terminal.savedState. I did the backup of the file before the crash to be able to restore my data, but I don't…

asked Jul 23 '15 at 15:51

kenorb

485
1
8
23

12

votes

2 answers

Java .class bytecode debugger

What is the good Java debugger for .class files, if no source code available? jdb is seems pretty weak :( I don't need to decompile .class, but I want to debug bytecode.

java

asked Jan 10 '15 at 04:57

Drop Drop

123
1
4

12

votes

3 answers

How to detect thumb mode in ARM disassembly?

I try to build a small disassembler for ARM, and I would like to know how do objdump manage to sort out the normal mode instructions (32-bits instruction wide) from the thumb mode instructions (16-bits instruction wide) without having to look at the…

asked Aug 15 '14 at 22:18

perror

19,083
29
87
150

12

votes

2 answers

Extract non-extractable private key from OS X Keychain

I'm trying to extract a non-extractable private key as a .p12 file from Keychain Access.app or /usr/bin/security on Mac OS X 10.9.4. Basically, it appears that security import has a -x option to specify that private keys are non-extractable after…

asked Aug 08 '14 at 22:30

cnst

299
2
7

12

votes

2 answers

Why I can not directly get the content of `.bss` section?

Test is on Linux 32bit. I use this command to get the context of .text .rodata and .data section: objdump -s -j .text elf_binary objdump -s -j .rodata elf_binary objdump -s -j .data elf_binary But basically when I tried to use this to get the…

asked May 01 '14 at 21:50

lllllllllllll

2,485
2
32
50

12

votes

2 answers

Replacing common x86 instructions with less known ones

Is there any kind of software or research or paper which discusses replacement of frequent x86 instructions with ones which are less common and thus less understandable to the attacker (floating point/SSE/Virtualization/undocumented) while still…

asked Feb 04 '14 at 10:07

Babken Vardanyan

223
2
6

12

votes

3 answers

IDA plugin/script for generating signature statistics (for all sigs) for a target?

I have more than 40 different IDA signature files (besides the built-in ones) and sometimes I don't want to go through the hassle of examining what signatures may be relevant for a given target. Instead I just want to apply all signatures, one at a…

asked Jan 28 '14 at 13:03

johnrl

221
1
3

12

votes

2 answers

Detecting recursive functions in IDA

How can I detect/mark recursive functions in IDA? Trivial method would be to check every function's call list and if it calls itself then it's recursive. I'ld like to put a comment or some kind of indicator that would help me distinguish these…

asked Jan 20 '14 at 12:49

Dominik Antal

2,038
22
39

12

votes

5 answers

Are there any OllyDbg anti-debug/anti-anti-debug plugins what work with Windows 7 / NT 6.x?

Title says it all. I'm trying to RE a video game which is packed with Themida and the second I attach OllyDbg it crashes. When on XP, I can use StrongOD and PhantOm but neither of these work properly on Windows 7. I could use the XP machine via RDP…

asked Jan 19 '14 at 19:49

David S.

223
1
2
6

12

votes

2 answers

Why does the Java compiler add an extra try-catch block?

Suppose we compile this method using Java 6+ compiler: void test(int x) { try { x += 777; } finally { x -= 333; } } The disassembled code would look like this: test(I)V TRYCATCHBLOCK L0 L1 L2 null TRYCATCHBLOCK…

asked Jan 07 '14 at 17:46

ponomandr

221
1
5

12

votes

1 answer

Understanding the most recent heap implementation under Linux

A few days ago, I was wondering how one could teach himself heap-based overflow exploitation. So I searched through documentation, subsequently practicing what I read in order to have a better insight of how the heap works under Linux. We are told…

asked Dec 04 '13 at 20:26

Geoffrey R.

307
2
8

12

votes

1 answer

Are those code snippets and file paths in a C++ binary some sort of standard debug information?

This C++ binary has code snippets and paths to sourcecode files everywhere, which is probably some sort of debug info. Is this something standard? (Is this RTTI) If so, how is this called? Are there plugins/tools to help with this?

asked Oct 09 '13 at 19:39

samuirai

3,079
4
23
37

12

votes

1 answer

Delphi Pascal Try..Except..Finally block

I'm having trouble reverse-engineering a specific Delphi Pascal .exe (old vsn., pre-1995 so probably v.3). From the system calls I understand this is probably a try..except..finally block, but I am at a loss finding the 'normal' route through the…

asked Oct 06 '13 at 23:42

Jongware

2,364
2
16
30

Most Popular