How do you reverse engineer custom file formats such as archives?
Are there any resources on doing this?
Reverse engineering
Josiah Allen
Other urls found in this thread:
security.stackexchange.com
micahflee.com
bugzilla.gnome.org
youtube.com
ownedcore.com
beginners.re
cloudblogs.microsoft.com
twitter.com
Oliver Ward
Oh it's pretty simple. You craft a file that's supposed to go into decoder. You make small changes and see what happens. If compression is involved, it's most likely deflate or generic lossy file compressors, so bypassing it should be trivial. If not, you're shit out of luck. Reverse-engineering a compression format is like reverse-engineering an encryption algorithm.
Chase Green
Wait disregard that. You use disassembler to produce assembly of the decoder. Then you study the assembly and try to figure out what it does, and craft a file to confirm your theories.
Lincoln Jackson
what if the decoder binary is unavailable?
Blake Butler
Then you use the previously described approach. Needless to say it's much harder.
Cooper White
Mostly drunk.
Parker Wood
Depends if you are allowed to study the source or disasm of another implementation.
If you can't for legal reasons you essentially will do small changes to the input and try to find what it changed in the output. It is also very useful to know what you should expect to be stored and you gain this knowledge with familiarity with other formats. Eventually you map out everything and then try to work backwards by changing fields to unseen values or change bytes which haven't been mapped out yet.
Lincoln Gonzalez
The only country that I know who authorize reverse engineering is Germany.
Benjamin Roberts
read this
Jaxon Ramirez
and this
Benjamin Jenkins
IDA Pro and a decompiler. You don't do that shit by hand anymore, sonny.
Robert Edwards
Can I hook IDA Pro up to mednafen and use it to disassemble PSX games?
Dylan Hall
Or simply use Terry's disassembler.
Thomas Morris
...
Brayden Foster
nobody cares
James Reed
security.stackexchange.com
Anyone knows good methods to check if a pdf is safe? Preferably one which focuses on pdfs, as general antimalware seems not to be very effective in finding malicious elements in pdfs.
Nicholas Cook
But only so that government agencies can always reverse anything without ever needing any warrants. You didn't think this was with the average citizen in mind, did you.
Colton Allen
Don't pdf exploits depend on the viewer that is being used?
Ethan Adams
According to Tor and Whonix devs, the PDF reader security goes as this:
Airgapped machine, online viewers that render it on server side, Tor Browser's built-in PDF viewer, local viewers without scripts support, local PDF viewers with scripts support (probably proprietary).
Jordan Gonzalez
...
Asher Reyes
pdftotext
pdftohtml
pdftops
pdftopng
Those should do everything you need. Comes with xpdf and/or poppler-utils.
Austin Jackson
micahflee.com
bugzilla.gnome.org
An interesting read too. Not a PDF viewer vulnerability, but rather a vulnerability of RedHat/GNOME Nautilus, a file manager that is notorious for lacking image preview in year of Our Lord and Savior 2018 that leads to executing privileged scripts when a user thinks he's opening a PDF.
Samuel Long
so, if we don't put on too much tinfoil, Tor Browser's PDF viewer is perfect, right?
Parker Cruz
cianiggers btfo
Nicholas Foster
Why and how? Qubes will explicitly *require* ME/PSP, or how ist that to be understood? What sense would that make given that it would be in direct opposition to its goals?
Jace James
It will require CPU features that are only available on CPUs that have botnet controllers.
Landon Cox
Can't you do the "clean room" reverse engineering, where one person disassembles and figures out how it works and then tells a second person how it works, who rewrite an implementation?
Samuel Miller
Unless the encoding is really complex understanding compiler-produced assembly will take ages. works better, but only if they don't try to obfuscate it.
No disassembler comes even close to IDA. If it didn't cost a fortune I'd buy it for Linux, can't even find a pirate version for x64.
Christopher Hill
...
Lucas Cruz
it should be hardcoded not to be able to reverse itself.
Caleb Parker
youtube.com
What sense does that make
Lincoln Williams
From what I remember her justification was that Intel CPUs are the only ones that are viable so you might as well make use of their "security features" since you are trusting them anyway (she pretty much ignores AMD). To her ME is not that different from some academic vulnerability at the transistor level.
Matthew Gutierrez
Binary Ninja is pretty good, but it supports less archiectures and has weaker subroutine / cross referencing detection. Be warned as it is proprietary software like IDA.
I should eventually take some time to find a good free software alternative for my use cases.
Kayden Carter
i hate to agree because technology and hacking is all about curiosity and its good to ask questions, but seriously there are so many sources of information. it seems strange that you wouldnt read a pdf before asking
Matthew Martinez
lol
James Collins
Did she imply this before of after Spectre hit the news?
Ryder Perez
before
Nathan Myers
...and then cracked with a competing disassembler.
Luke Garcia
IDA 6.6 out, some chinks bought it under the name "Acme Chinese Pirate" and leaked it.
Adam Myers
Jesus, I thought Aussies were meming when they said China was buying them all out
Logan Morales
Did you test the link? It doesn't say it's for Linux either. For Windows and Mac there's a leak of the 7.0.
Samuel Moore
Back in the '80s I used to use a sector editor to modify my game's save files and achieve maximum damage. Here's how I did it with Bard's Tale:
It's probably harder now though.
Zachary Hernandez
This nigga hasn't even touched radare2
Daniel Hernandez
They offer a free version of 7.0 with less features
Adam Bailey
It's not free, but rather gratis.
Benjamin Scott
This is stupid, you need to either have JS enabled or click on some stupid dialogue box.
Aiden Scott
Logan Foster
Those mean the same thing in English.
Ayden Bell
...
Henry Moore
...
Luis Rivera
Freedom isn't free, user. You're no American or you'd know that.
Ian Long
Yeah like no fucking debugger.
Luis Cruz
This is some heroic reverse engineering.