Hey, what’s up! I’m Keita. I work as a beginner C# programmer.
I am not involved in security at work, but I am learning.I often attend CTF because I am a regular student of security. However, it is not easy to solve the problems. Therefore, I will briefly summarize reverse engineering.
Reverse Engineering
Reverse engineering is the process of analyzing existing software or systems to understand their internal structure and operating principles.
Although it may be a different story when it comes to CTFs, reverse engineering is usually done in the following steps.
Target Selection
Select the software or system you wish to analyze. For example, a specific application or device firmware.
Information Gathering
Gather documentation and specifications for the software or system of interest. This includes official manuals and publicly available technical information.
Prepare Analysis Tools
Prepare tools to be used for reverse engineering. Typical tools include debuggers, disassemblers, and decompilers.
Analyze Code
Analyze the actual software code. Read the binary code and understand how the program works.
Documentation
Document the results of your analysis. This makes it easier to reuse later or share with others.
Available Commands
file Commands
The file command is used to determine the type of a given file. It analyzes the contents of the file and displays what format the file is in. For example, it can determine if a file is a text file, a binary file, or an image file.
example below
$ file exec_me
exec_me: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=663a3e0e5a079fddd0de92474688cd6812d3b550, not stripped
The output in the example indicates that the file is a 64-bit executable in ELF (Executable and Linkable Format) format and in LSB (Least Significant Byte) format.
Chmod Commands
The chmod command is used to change file and directory access permissions. Note that it is quite possible to get stuck in a situation where the file to be investigated simply does not have execution permissions, so be careful!
example below
$ chmod +x exec_me
The basic idea is to use rwx to manage read/write execution, and the example grants execution rights.
Strings Commands
The strings command is used to extract readable strings from binary and other non-text files. It is often used to verify textual information in binary files during reverse engineering.
example below
$ strings exec_me
/lib64/ld-linux-x86-64.so.2
libc.so.6
putchar
__libc_start_main
__gmon_start__
GLIBC_2.2.5
UH-@
UH-@
[]A\A]A^A_
・・・
summary
I summarized the above.
It is not possible to solve really basic and difficult problems with this, but it is possible to solve easy problems and to get hints, so we want to make sure to use it well.
remarks
The file used in the sample was answered by running it.