Questions tagged [binary-code]
The binary-code tag has no summary.
59 questions
-1
votes
1
answer
294
views
Confused about memory examination using gdb
I started reading "Hacking, The Art of Exploitation" and I am confused about some things regarding memory examination.
When I disassemble main, I get an output of all memories where the ...
- 1
0
votes
1
answer
734
views
ROP - ret VS ret 0
I'm doing a binary challenge from pwnable.kr and I'm examining a some ROP gadget.
Until now I've always used gadget ending with ret or syscall/int 0x80, but now ROPgadget gave me a gadget ending with ...
- 103
1
vote
1
answer
614
views
How is it possible to simply a decode Bluetooth communications from a medical device?
Excuse the naive question but I'm trying to understand a bit about security in home health and medial devices and a recent report about how home Covid test results can be altered has left me a bit ...
- 333
-1
votes
1
answer
1k
views
What can I do with reverse engineering
I have come across a lot of guides and blogs about reverse engineering where they use labs to teach various techniques and methods to break binaries. My question is what actual use cases does reverse ...
0
votes
0
answers
31
views
The difference between a virtual door-lock and a public key [duplicate]
The thing that helped me to understand what is a "public key" was to parallel it with a door lock:
The door lock is public in the sense that anyone can try to unlock it and the door key is ...
0
votes
1
answer
357
views
What technologies used in a web browser, if any, can be used to push a binary from a server to a client machine?
This question is about if any technologies used by a web browser (HTTP, TCP, JavaScript, etc.) can be used to push a binary file from the web server to a random folder on the client.
This is for a ...
user63673
1
vote
1
answer
250
views
Is there any way to get a unicode character that has a byte of 23?
I am pentesting a web application. It makes a backend call to another application, and I am trying to hijack that call.
I have gained control over the URL path, query parameters, and fragment that is ...
- 99
0
votes
0
answers
546
views
Is there any good way to avoid bypass .so file?
I have a C code project, I want to use .so lib to verify certificate for valid.
I know there is a way to crack .so file by using below tools:
1.IDA_Pro_v6.8_and_Hex-Rays_Decompiler_
2.WinHex
3....
- 935
2
votes
1
answer
471
views
Does recompiling a binary from source code make it more secure/obscure?
Using standard hardening options like PIC, Stack Protection ...
does a mere recompilation make a program more secure against attacks?
You have the source code of a program, compile it two times with ...
- 21
0
votes
1
answer
177
views
How can I find out what's in this NASA JPL "Spy" command line program for macOS and how safe it is?
Discussion under this answer in Space Exploration SE links to items in NAIF; NASA Planetary Data System Navigation Node links for MacIntel_OSX_64bit
I'm looking at these two.
spy: https://naif.jpl....
user115702
1
vote
0
answers
485
views
0
votes
1
answer
151
views
Protect password from apache user by making file executable-only
I (will) have a binary executable file. It's only permission is user-execute. It cannot be read by user, group, or world. The owner of the file is the Apache user. I don't want the apache user to be ...
- 105
2
votes
0
answers
189
views
Can binary firmware packages be executed on the system?
Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default.
From my limited understanding of their functionality, a binary firmware ...
- 273
1
vote
1
answer
2k
views
Writing to .fini_array
I'm learning about format string exploits, and am attempting to use one on an example program to overwrite the .fini_array section in virtual memory with a stack address containing shellcode (and ...
9
votes
0
answers
2k
views
How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?
My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.
When it comes to advertising, the type of ...
- 483
0
votes
0
answers
278
views
Different gdb results
I'm trying to use overthewire narnia problems as a way to learn about binary exploitation and I'm getting different results than any of the walkthroughs
I was looking at https://tuonilabs.wordpress....
- 123
2
votes
0
answers
503
views
Binary exploitation
I am trying to upsolve a challenge from a CTF I played but I just can't get it right. I think you have to somehow manage to use buffer overflow, but I can't see what I'm doing wrong since this works ...
- 121
1
vote
0
answers
169
views
How to verify a binary correctly even if my github account is hacked by someone
I have a binary file and saved it on github release page. https://github.com/zono/bolt8/releases
To allow users to verify it, I saved sha256sum and signature(.asc).
However I have a concern that if ...
- 185
-1
votes
3
answers
1k
views
7
votes
2
answers
919
views
Bash function manipulation explained
I was recently reading through a write up on a capture the flag Linux VulnHub machine. For privilege escalation, the author references 'bash function manipulation'. A Google search turns up very ...
- 465
3
votes
1
answer
232
views
Running a brief asm script inline for dynamic analysis
Is there any good reason not to run a brief unknown (30 line) assembly script inline in a usermode c program for dynamic analysis directly on my laptop?
There's only one system call to time, and at ...
2
votes
0
answers
197
views
How to see the filesystem of a camera firmware?
I watched https://www.youtube.com/watch?v=B8DjTcANBx0 and in this video he downloads several camera firmwares and analyzes their files. As far as I know, the firmwares are binary files that you can ...
- 317
0
votes
1
answer
223
views
SAT (Satisfiability) it is security risk?
If researcher found satisfiability in any software, this is a threat to security? If answer - "Yes", how can attacker to use SAT?
- 113
1
vote
1
answer
184
views
Is there any way to estimate the safety of arbitrary binaries, which are usually released with unofficial patches?
Frequent scenario:
An old game is released on GOG / Steam.
It proves to be incompatible with new Windows systems. (Crashes, game breaking bugs, fps of 0.5 and the likes)
An unofficial patch is ...
- 6,851
1
vote
2
answers
2k
views
How to make a well-known malicious programs undetectable by anti-virus solutions? [closed]
I want to make well-known malicious programs, like Mimikatz and Incognito, undetectable by anti-virus solutions.
I have already tried various approaches myself, like packing the binary with UPX or ...
- 1,317
1
vote
1
answer
762
views
ROP Attack :Force the program to manipulate an instruction as a gadget
I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack.
To gather the available gadgets I use ...
- 83
1
vote
1
answer
668
views
Binary Exploitation - How to set GID of a SUID binary using shellcode?
I have a binary that is SUID which I can currently use a buffer overflow exploit to obtain an elevated EUID shell.
However I haven't worked much with changing IDs through shellcode, and the file I ...
- 13
6
votes
2
answers
2k
views
How to Check Compilation Options For SO File - Android Application VA
During the security assessment of Android applications, I have encountered multiple instances where .so (Shared Objects) files are present in lib directory.
What can be possible security test cases ...
- 985
4
votes
1
answer
226
views
Unidirectional Data Transmission to a Smartphone
Unidirectional Data Transmission to a Smartphone
I'm going to use an old Android phone to store sensitive data (e.g., Bitcoin wallet private key), with no SIM card and WiFi and Bluetooth turned off. ...
- 41
1
vote
0
answers
105
views
Malicious Actor with Physical Access to Encrypted Machine [duplicate]
Some background: My org is potentially involved in a legal dispute with a securities brokerage in a under-developed country with mediocre rule of law. The broker also is responsible for co-locating a ...
- 151
-1
votes
1
answer
309
views
What tools exist to crack, disable, and undo the effects of a malicious Linux binary? [closed]
I'm a network Penetration Tester and I'm trying to learn how to crack binaries. As an exercise, I've spent two days trying to crack a Linux binary that was supposedly designed to be cracked. ...
- 32
0
votes
0
answers
433
views
Does `npm install` retrieve binaries or sources?
I am starting to use npm install a lot for development, but I fear about its security consequences. Does npm install retrieve binaries or sources?
If it's binaries, it's already a deal breaker for ...
- 161
1
vote
2
answers
228
views
Is there any ability to determine the exploit used by compiled binary?
I have a binary file which uses some exploit(i guess, it was generated with metasploit), but I can`t determine the exact exploit it uses.
The disassembly listing of it contains a plenty of "mov" ...
- 154
-2
votes
1
answer
517
views
How to determine the number of bytes from a string with mix of "\x" and normal characters? [closed]
I was looking at this exercise and it was mentioned that the string \x1AL\xD23k\xCA\x1D\xD7 consists of 8 bytes. However, I fail to see how there are 8 bytes in the string. Shouldn't there be 7 bytes ...
- 439
15
votes
1
answer
5k
views
What does the NSA's Recently Leaked "The Equation Group" Files do?
First Hand Details
TEG (The Equation Group) is NSA's team of hackers who'd write code to exploit systems worldwide. Some of the private files were recently dropped by a group called Shadow Brokers and ...
- 1,600
1
vote
0
answers
302
views
Buffer overflow Rooting vs SU via recovery?
After researching on rooting processes low level details and techniques i found that it happens mostly through Buffer overflow to gain root access via running payload ( binaries ) at return call ...
- 11
1
vote
1
answer
16k
views
Decrypting binary code from a base64 string [duplicate]
So, this online discussion function use decoded account names in every post, along with that they call "logging data", an example of this can be:
Loggin data: 10878
Encoded account info: ...
- 111
2
votes
1
answer
700
views
Give only execute permissions to a Linux binary (prevent inspection)?
I'm writing an assignment for a security course, and I'm trying to create an executable which students can interact with (ie, execute), but not inspect. In particular what I'd like is for them to be ...
- 123
11
votes
4
answers
7k
views
What's more secure? Hard coding credentials or storing them in a database? [duplicate]
I wonder which of these things is more secure.
Imagine hard coded credentials, similar to this:
if user.Equals("registereduser") && (password.Equals(encryptedpassword))
{
Give access to ...
- 119
0
votes
1
answer
571
views
How is a process forced to execute binary code?
I want to understand how a vulnerable internet facing process on some computer is exploited to run arbitrary binary code.
I understand how buffer overflows could be used to overwrite the return ...
- 199
8
votes
4
answers
4k
views
Static code review approach
My questions is related with static code analysis approach used by Veracode vs Fortify/AppScan.
Veracode – Finds security flaws in application binaries and bytecode without requiring source
Fortify/...
3
votes
2
answers
1k
views
How does binary code execution vulnerability work on a modern OS?
In a modern OS I think that:
the .text section where binary assembled CPU instructions are stored cannot be modified
the .data/.bss section is marked as no-execute so that the information there will ...
- 199
6
votes
1
answer
8k
views
Difference Between Binary Exploitation and Reverse Engineering?
I am a beginner in Reverse Engineering and am trying to improve my skill by participating in any CTF's I can and solving CrackMe's. I am trying to find out why Binary Exploitation and Reverse ...
- 203
2
votes
1
answer
523
views
Use of openssl could be a weak point in an Android App?
I'm reviewing an Android app (consists of Java and C source).
There are complicated obfuscation steps in the build process (for content protection).
But it uses statically linked openssl library ...
- 133
2
votes
1
answer
2k
views
Supplying a password to PBKDF2 in raw binary vs. base64?
Background: I'm working with Node's crypto library. I'm using PBKDF2 to convert a variable-length binary "passphrase" into constant-length keys for an AES cipher later on.
The underlying source of ...
- 2,115
19
votes
8
answers
2k
views
Trust Issues Relative to Open Source
Two separate discussions have very recently opened my eyes to an issue I had not considered – how to confirm the Open Source binary that one uses is based on the published source code.
Zooko Wilcox-O'...
- 3,447
4
votes
1
answer
381
views
auditing open source compiler binaries for trojans
It is a well known vulnerability that a properly altered compiler binary can transfer itself to new binaries of the compiler, and still be entirely absent from the source code.
But how real is this ...
- 1,250
22
votes
2
answers
6k
views
Is there a way to verify a binary against the sources?
It seems like there is no practical way to verify the full integrity path of precompiled and packaged software? I can check the downloaded package itself by hashes, but I have no verification if the ...
- 391
8
votes
5
answers
2k
views
Is it safer to compile open source code vs simply running the binary?
I understand that with OpenSource software, my milage may vary based on the trust of the author and the distribution platform they use (Codeplex, Git, or private server).
Oftentimes a FOSS website ...
- 51.2k
2
votes
1
answer
4k
views
How to run client's code on server securely
I'm working on a project basically a web application. It accepts code (java, c, c++) from client, compile and execute on server and return the results back to client.
As I'm going to execute code on ...
- 123