Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 How to disassemble an executable?

views
     
FlierMate
post Jul 8 2021, 12:21 PM

On my way
****
Validating
543 posts

Joined: Nov 2020
QUOTE(junyian @ Jul 8 2021, 12:15 PM)
Interesting! I barely have time to do challenges, but I don't mind trying it offline if time permits. Do you happen to have the binaries for the 2020 challenge? The link is dead.
*
They do not allow direct linking to the binaries of the problem set, I think.

You can visit https://flare-on.com/, and click "Check out the binaries....". (https://flare-on.com/files/Flare-On7_Challenges.zip)

user posted image

Too large to be attached here.

This post has been edited by FlierMate: Jul 8 2021, 12:22 PM
junyian
post Jul 8 2021, 12:51 PM

Casual
***
Junior Member
401 posts

Joined: Jan 2003


QUOTE(FlierMate @ Jul 8 2021, 12:21 PM)
They do not allow direct linking to the binaries of the problem set, I think.

You can visit https://flare-on.com/, and click "Check out the binaries....". (https://flare-on.com/files/Flare-On7_Challenges.zip)

user posted image

Too large to be attached here.
*
I did visit the site earlier and tried to download, and was still getting an error. But now it's working. smile.gif Thanks!


junyian
post Jul 17 2021, 02:09 PM

Casual
***
Junior Member
401 posts

Joined: Jan 2003


QUOTE(junyian @ Jul 8 2021, 12:51 PM)
I did visit the site earlier and tried to download, and was still getting an error. But now it's working. smile.gif Thanks!
*
The challenges are… quite challenging. There’s a lot more than just reversing exe/dll files. I’m quite new to non-exe type of malware analysis so I needed a lot of Googling to figure out and compare my findings to the solutions to understand where my gaps are if I’m stuck. At least I’m glad I’m still able to solve some of it without looking at the solutions. biggrin.gif

But anyway, Ghidra is a pretty good disassembler, and totally free! Quite similar to IDA. And it even comes with a decompiler. The hex-rays decompiler that comes with IDA is not free.
FlierMate
post Jul 27 2021, 06:47 PM

On my way
****
Validating
543 posts

Joined: Nov 2020
QUOTE(junyian @ Jul 17 2021, 02:09 PM)
The challenges are… quite challenging. There’s a lot more than just reversing exe/dll files. I’m quite new to non-exe type of malware analysis so I needed a lot of Googling to figure out and compare my findings to the solutions to understand where my gaps are if I’m stuck. At least I’m glad I’m still able to solve some of it without looking at the solutions. biggrin.gif

But anyway, Ghidra is a pretty good disassembler, and totally free! Quite similar to IDA. And it even comes with a decompiler. The hex-rays decompiler that comes with IDA is not free.
*
I see you are well-versed in EXE and DLL. Will you be interested to learn ELF32/64 object file format?

I am planning to create another simple back-end compiler for Linux x64 supporting two commands "Console.WriteLine" and "Console.ReadLine", are you interested to join? tongue.gif


junyian
post Jul 28 2021, 12:50 AM

Casual
***
Junior Member
401 posts

Joined: Jan 2003


QUOTE(FlierMate @ Jul 27 2021, 06:47 PM)
I see you are well-versed in EXE and DLL.  Will you be interested to learn ELF32/64 object file format?

I am planning to create another simple back-end compiler for Linux x64 supporting two commands "Console.WriteLine" and "Console.ReadLine", are you interested to join?  tongue.gif
*
I am interested, but not right now sad.gif Something new at work just came up and I suspect this will take up most of my time for the next few months. I rarely use Linux so it's going to be rather steep learning curve for me. Have fun exploring the syscalls though biggrin.gif I only learned about it while going through the 2014 Flare-on Challenge 6 about 1+ week ago.
FlierMate
post Jul 28 2021, 01:17 AM

On my way
****
Validating
543 posts

Joined: Nov 2020
QUOTE(junyian @ Jul 28 2021, 12:50 AM)
I am interested, but not right now  sad.gif Something new at work just came up and I suspect this will take up most of my time for the next few months. I rarely use Linux so it's going to be rather steep learning curve for me. Have fun exploring the syscalls though  biggrin.gif I only learned about it while going through the 2014 Flare-on Challenge 6 about 1+ week ago.
*
Awww..... I am happy you are still interested. smile.gif The deadline for myself is by the end of this year, so maybe you can chime in before that? I'll be glad.

Looks like you are exploring inaugural challenge of Flare-On (2014 = 1st year). Good going, man!

Hope you give your best at work to solve the issue, and join me when you're free! Thanks for your well wishes.

This post has been edited by FlierMate: Jul 28 2021, 03:07 AM
junyian
post Jul 28 2021, 11:13 AM

Casual
***
Junior Member
401 posts

Joined: Jan 2003


QUOTE(FlierMate @ Jul 28 2021, 01:17 AM)
Awww..... I am happy you are still interested. smile.gif  The deadline for myself is by the end of this year, so maybe you can chime in before that? I'll be glad.
Hope you give your best at work to solve the issue, and join me when you're free!  Thanks for your well wishes.
*
The deadline for this work task is mid-November, *IF* there are no further delays. So yes, fingers crossed I'd be able to try smile.gif You have a Github available for the project?

QUOTE(FlierMate @ Jul 28 2021, 01:17 AM)
Looks like you are exploring inaugural challenge of Flare-On (2014 = 1st year). Good going, man!
*
Yes I am! Still working on Challenge #7 though. biggrin.gif But taking a break to sort out stuff at work.

FlierMate
post Jul 28 2021, 01:08 PM

On my way
****
Validating
543 posts

Joined: Nov 2020
QUOTE(junyian @ Jul 28 2021, 11:13 AM)
The deadline for this work task is mid-November, *IF* there are no further delays. So yes, fingers crossed I'd be able to try smile.gif You have a Github available for the project?
*
Yes, actually I have finished the preliminary draft, and it has not been tested thoroughly.

https://github.com/khanming/Pipit

You may want to improve it, and create a new one. I chose Pascal language for this project because it is cross-platform, and its Linux binary is standalone.
junyian
post Jul 30 2021, 09:44 PM

Casual
***
Junior Member
401 posts

Joined: Jan 2003


QUOTE(FlierMate @ Jul 28 2021, 01:08 PM)
Yes, actually I have finished the preliminary draft, and it has not been tested thoroughly.

https://github.com/khanming/Pipit

You may want to improve it, and create a new one. I chose Pascal language for this project because it is cross-platform, and its Linux binary is standalone.
*
Wah, Pascal. Never used it before. biggrin.gif I had a brief look. The parsing of the syntax is quite primitive. I'm no expert with compilers but I remember stuff like tokenization of the syntax and lexicon (I think) parsers. With that said, you could explore using regex to parse the syntax?

Anyway, should we have a new thread to discuss this? We already hijack this kau kau already tongue.gif

 

Change to:
| Lo-Fi Version
0.0150sec    0.18    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 09:32 AM