FAQ Database Discussion Community


Watch a value instead of an address?

debugging,reverse-engineering,disassembling,ida
I'm new to reverse-engineering all in all and been having real difficulty to find exactly what makes a message box appears in the application which I don't have the source code for. I tried using the very slow search for text to see if it would find the "Error when...

Bypassing Windows ASLR by determining the library address using shared pages

windows,security,reverse-engineering,exploit,aslr
I am quite familiar with ASLR, but today I heard a new interesting fact about the implementation of ASLR in Windows. In order to optimize performance if process A and B load the same dll Windows will only load it once to physical memory and both processes will share the...

trying to disassemble

assembly,reverse-engineering,x86-64,att
The assignment is to interpret some assembly code to find a phrase that will run without calling "explode bomb". I'm using gdb to disassemble the current phase. I'm stuck and any advice on whether I'm moving in the right direction would be very appreciated. 0x0000000000400fb5 <+0>: sub $0x18,%rsp 0x0000000000400fb9 <+4>:...

How to understand the output of objdump, about indirect jmp?

linux,kernel,reverse-engineering,x86-64,disassembling
When objdump -S my_program, usually I can see the following indirect jmp instruction, which is typically used for switch/case jump table: ffffffff802e04d3: ff 24 d5 38 2e 10 81 jmpq *-0x7eefd1c8(,%rdx,8) How to understand the address -0x7eefd1c8? It means the table's base address is 0xffffffff802e04d3 - 0x7eefd1c8? Also, how can...

Unknown CRC Calculation

reverse-engineering,checksum,crc,crc16
I'm trying to reverse engineer the communication protocol from an old serial device. I've figured out most of it, but am stuck on the CRC algorithm used. I have host software that I can generate request messages, so I've included a dump of relatively short messages sent by the host...

How to do to have a generic Entity for SQL audit tables with JPA or Hibernate?

generics,jpa,entity,reverse-engineering,generic-programming
I want to show all datas of my audit tables in a jsf page from SQL server. I dont khnow how to do for this ? I have to khnow the fieled of every audit table in the database to create a Entity class , or there a generic Entity...

Can't reproduce working C bitwise encoding function in Python

python,security,python-2.7,encoding,reverse-engineering
I'm reverse engineering a proprietary network protocol that generates a (static) one-time pad on launch and then uses that to encode/decode each packet it sends/receives. It uses the one-time pad in a series of complex XORs, shifts, and multiplications. I have produced the following C code after walking through the...

Understanding x86 syntax regarding a C 'bomb'

c,assembly,x86,parameter-passing,reverse-engineering
I've been given an executable file written originally in C, that plays a guessing game. I as the player am supposed to guess 5 numbers, and if I do it right, the bomb does not go off. However, as soon as I miss one, I lose and the bomb explodes....

C struct to complete assembly code for function

c,assembly,struct,reverse-engineering
I was given the following code skeleton: typedef struct node { _______________ x; _______________ y; struct node *next; struct node *prev; } node_t; node_t n; void func() { node_t *m; m = ______________________; m->y /= 16; return; } with the following assembly code generated on an IA-32 linux machine: func:...

Imprecision of ASM jump instructions observed in debugger

assembly,x86,reverse-engineering,machine-code,ollydbg
I am making some inline modifications to an application in OllyDbg and am noticing some strange behavior. These are the instructions I wrote, copied directly from the debugger: 2005FE35 4C DEC ESP 2005FE36 77 21 JA SHORT 2005FE59 ; 23 byte difference To be clear, I only modified the opcodes...

DotPeek not proper deserialize dll

c#,.net,reverse-engineering,decompiling,dotpeek
I decompile DLL (Neodynamics.SDK.WebClientPrint) by dotPeek 1.4 to see what is happen inside, but there is something strage c# code (please look at attachments). There are Var declaretion without var name I think some var are numbers, they don't have name Why that code was generated? Does dll could be...

how to reverses strrev using php

php,reverse-engineering
Can anyone explain to me how I can reverse this string...

How to break code on a click event?

windows,reverse-engineering,ida
I have this application that I need to disassemble. I don't have a clue on how to stop the running code on the desired location, so I decided my best guess would be breaking upon a button click. But how do I capture button clicks? I know it has probably...

Is it possible to reverse a bitshift and addition

java,reverse-engineering,bit-shift
is it possible to reverse this in java? byte config = (byte)((X << 6) + Y); knowing that X is 0,1,2 or 3 (2 bits) and Y is between 0 and 24 (5 bits)...

How is following HTTP url string parameter encoded and decoded? &=& vs &&

reverse-engineering,url-encoding
I was going through some website and stumbled upon following bug in it, while playing with different combinations for url parameters. When I append ?&=& to any valid url on this website I get following error: /p is part of url (java.lang.ArrayIndexOutOfBoundsException). Chrome parses the string as below: But this...

Beginner Software RE help, RAM Addresses, library loading, where to start?

unix,reverse-engineering,code-injection,ram,dylib
To start this off, I use OS X which is a UNIX based system. I have beginner theoretical knowledge in C++ and would like to expand my knowledge by software reverse engineering. Every guide I get into seems to jump in half way and I seem to miss a giant...

Can a JavaScript method be called with <>: <>?

javascript,methods,reverse-engineering
I have to reverse-engineer a snippet of JavaScript code and although I know what should happen, it's the first time I see syntax like this and I would like to know what happens. Here is what I have: // @param {function} a callback method function generateUri(a) { a: if (some...

Injecting only function and running it through CreateRemoteThread? c++

windows,winapi,assembly,x86,reverse-engineering
I'm trying to inject this function: void doubleValue(int pointer){ *((int*)pointer) *= 2; } Into a process via VirtualAllocEx & WriteProcessMemory: int size = 1024 * 1024 * 4; HANDLE h = GetCurrentProcess(); void * func = &doubleValue; int arg = (int)&HP; DWORD adr = (DWORD)VirtualAllocEx(h, 0, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE); WriteProcessMemory(h,...

Stuck on reversing TripleDES in .NET

.net,cryptography,reverse-engineering,tripledes
I'm stuck on a target and I'm wondering to know is it possible to reverse this part of code, the goal is deal with 'nodeData' to get 'True' condition in 'result'. As i'm not familiar on this type of cryptography so I cannot understand this part of code. BTW I...

Converting a signed jar file to working non-error throwing unsigned jar file by reverse engineering

java,reverse-engineering,code-signing,keytool,jarsigner
I have been searching online about Java Jar signing concepts for some time now to understand what is actually happening when one actually signs his/her jar file.I have looked into various articles pertaining to this , however i ended up reading ones with complex jargons which were not simple to...

Reverse engineering a Docker deployment on private cloud

docker,reverse-engineering
I am working on a software that has to be deployed on private cloud of a client. The client has root access, as well as hardware. I don't want the client to reverse engineer our software. We can control two things here: we have access to a secure port of...

dev/ttyO0 used in AR Drone 2.0 - Reverse Enginnering

linux,reverse-engineering,ar.drone
I read an interesting article about coding for the AR Drone 2.0 from Parrot. In this code they us nodeJS to talk to the drone. Therefore the code starts out with creating a Stream to /dev/ttyO0 I am starting out to learn more about the background of linux functionalities and...

Unclear behavior DOS application's function

dos,reverse-engineering,pascal,ida,disassembler
I'm trying to reverse some DOS application. It's uses *.VAR file like database (perhaps encoding this file). That's application looks like system for testing students. The application shows random questions from the DB-file and get your answer. In this place programm read VAR-file length, then open the file and assign...

Reverse Engineering - Find Missing Values

variables,actionscript,reverse-engineering
In the following function, I need to find the values for "a" and "b" or "a" and "toliau". Maybe it's because it's early, but I can't figure this out. Currenty I have solved for the following, but it appears to be incorrect: a = vrt vrt = 'LBLUVTBXQ' b= "xxx9xx8"...

Low Level Bluetooth Packet Analysis

ios,sockets,networking,bluetooth,reverse-engineering
I have a fitness tracker that uses Bluetooth LE, and my iPhone 6+. Unfortunately the app doesn't disclose the raw data coming out of the tracker and zero way to export it, while this data is very interesting to me. I purchased a Bluetooth LE sniffer from Adafruit and used...

Why these “exported” variables are double-defined?

c,binary,reverse-engineering,x86-64,elf
I am testing some 64-bit ELF binaries on x86/Linux. I compiled apache server using gcc, with its default configuration (optimization level O2 I guess). I stripped the httpd binary with strip command, and I use this command to check the exported variables inside the httpd ELF binary. For example, for...

Decompile an imported module (e.g. with uncompyle2)

python,reverse-engineering
my task is to export an imported (compiled) module loaded from a container. I have a Py.-Script importing a module. Upon using print(module1) I can see that it is a compiled python (pyc) file, loaded from an archive. As I cannot access the archive, my idea was to import the...

count number of api calls from classes.dex

android,reverse-engineering,dalvik
I was wondering if it is possible to count the number of times an API is called by parsing the classes.dex file. I know ways to get all the API's called but wanted to know if there is a way to get the number of times an api was called...

Reverse Engineering: changing AL register without overwriting instructions

debugging,assembly,executable,reverse-engineering,x86-64
I am trying to learn more about reverse engineering by debugging and patching a 64 bit windows executable. I am using x64dbg (Much like ollydbg but with 64 bit support) I have some assembly that looks roughly like this: call test_exe.44AA9EB20 mov byte ptr ds:[44AB9DA15], al [More instructions...] [More instructions...]...

Preventing reverse engineering with binary code and secret key

reverse-engineering,deobfuscation
I am working on a software program that has to be deployed on private cloud server of a client, who has root access. I can communicate with the software through a secure port. I want to prevent client from reverse engineering my program, or at least make it "hard enough"....

What is the algorithm to calculate some values padding?

file,structure,padding,reverse-engineering
I reversing some game file to translate it and already understand everything, aside of how to determine some blocks padding. For example, I have this in one file (two entries by 36 byte each and then zero padding. 96 bytes total): 01 08 01 80 00 00 00 09 00...

lldb read memory pointer

memory,reverse-engineering,lldb
It is possible to easily read a memory at a location pointed to by a another address. For example, $r0 = 0x15942600 at this memory address there is AC B8 EC 14 Now to read the memory at 0x14ecb8ac, I will have to do: mem read $r0 mem read 0x14ecb8ac...

Windows Heap Chunk Header Parsing and Size Calculation

debugging,heap,reverse-engineering,windbg,heap-memory
How can I calculate heap chunk size from raw bytes read from memory. I tried below thing. 0:001> !heap Index Address Name Debugging options enabled 1: 00500000 2: 00280000 3: 008f0000 4: 00ab0000 5: 00cc0000 0:001> !heap -a 00500000 .. .. Heap entries for Segment00 in Heap 00500000 address: psize...

UML tool for reverse engineering a Java Project [closed]

java,eclipse,eclipse-plugin,uml,reverse-engineering
I am currently working on a Java project with "IBM Rational Software Architect"(Licensed Version) as an IDE .My task is to understand the code flow and need to prepare Technical Document as the project is very big (a lot of codes, classes, packages, etc) and undocumented. Since, the project is...

C loop code from assembly

c,for-loop,assembly,reverse-engineering
I was given this assembly code and a skeleton of a for loop. I was supposed to fill in the blanks in the skeleton (indicated by "____" here). I also provided what I am pretty sure is correct but I'm not 100% positive. Here is the assembly: foo: pushl %ebp...

gdb:How to print value at memory address in ASM

assembly,x86,gdb,reverse-engineering
0x08048c62 <+0>: sub $0x2c,%esp 0x08048c65 <+3>: lea 0x1c(%esp),%eax 0x08048c69 <+7>: mov %eax,0xc(%esp) 0x08048c6d <+11>: lea 0x18(%esp),%eax 0x08048c71 <+15>: mov %eax,0x8(%esp) 0x08048c75 <+19>: movl $0x804a73d,0x4(%esp) 0x08048c7d <+27>: mov 0x30(%esp),%eax 0x08048c81 <+31>: mov %eax,(%esp) 0x08048c84 <+34>: call 0x80488d0 <[email protected]> => 0x08048c89 <+39>: cmp $0x1,%eax How do I print out what is...

Reverse engineer assembly code to c code

c,assembly,reverse-engineering,x86-64,conditional-statements
I think this is actually a pretty simple problem. I have to reverse engineer this assembly code to c code. I'll also provide what I think is going on so you can hopefully point to where I went wrong and I can learn from my mistakes now. .LFBO pushq %rbp...

Call non-exported method from static library

objective-c,c,static-libraries,reverse-engineering
I am using a static library built by someone else in my Objective-C project. There is a C method in the library that I want to call, but it is not exported. How can a call this method from Objective-C code?