analyzing c source code and other reversing tips

Code flow

Understand from scitools is pretty good and you can try out all features using their trial license.

Code flows can be tricky when a project has a complex build process like a bunch of macro definitions. If you can obtain a compiled binary then your best option might be to through it into a disassembler like IDA proBinary ninja, or Hopper.

Code browser

I was surprised how useful Opengrok ended up being. Can take a while to start when initially indexing files.

The tool starts a webserver which allows you to easily search and jump around your code.

You can install using this docker image.

Static analysis

Clang static analyzer. Debian package available for install. Can be integrated into build process. Output is html format and defaults to /tmp

Fuzzing

afl (american fuzzy lop). Debian package available for quick install

First you instrument during compile phase using

$ afl-gcc ./bug.c -o ./bug
$ sudo apt-get install g++-multilib libc6-dev-i386
$ afl-gcc ./bug.c -m32 -o ./bug

You need to make sure you specify inputs during the fuzzing stage. Source code has testcases folder.

Then you start fuzzing

$ afl-fuzz -o /tmp -i ./inputs ./bug

References

Trail of bits ctf guide

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s