radare2 workshop
play

radare2 workshop Freshly graduated I dont know Windows 1 whoami - PowerPoint PPT Presentation

Jun 09, 2023 •257 likes •572 views

October 22, 2015 Writing a crack for hack.lu 2015 radare2 workshop Freshly graduated I dont know Windows 1 whoami Julien (jvoisin) Voisin French 2 Piracy is bad, mkay. disclaimer 3 what is this? 4 and what is this?

  1. October 22, 2015 Writing a crack for hack.lu 2015 radare2 workshop

  2. ∙ Freshly graduated ∙ I don’t know Windows 1 whoami Julien (jvoisin) Voisin ∙ French

  3. 2 Piracy is bad, m’kay. disclaimer

  4. 3 what is this?

  5. 4 and what is this?

  6. While knowing close to nothing about the Windows world. Time to write a compatibility enhancement hotfix! 5 but i still want to play!

  7. While knowing close to nothing about the Windows world. Time to write a compatibility enhancement hotfix! 5 but i still want to play!

  8. 6 In your virtual machine, in the nocd folder. where to look

  9. 7 finding the right function

  10. 8 You’ve got this one in your .radare2rc in the VM lets script some documentation fetcher for r2

  11. 8 You’ve got this one in your .radare2rc in the VM lets script some documentation fetcher for r2

  12. ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called

  13. ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called

  14. ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called

  15. ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6

  16. ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee

  17. ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee

  18. ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee

  19. ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6

  20. ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee

  21. ∙ 0x004d6550 ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV ) ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations:

  22. ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV ) ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550

  23. ∙ Which one is the relevant one? (check with VV ) ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550 ∙ 0x004ab1aa

  24. ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550 ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV )

  25. ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550 ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV )

  26. 2. Hardcode a return value for fcn.0x004d6550 3. Play the game without the CD! 11 patching time 1. Reopen the binary in write mode with oo+

  27. 12 my solution

  28. ∙ Age of Empire is cool, ∙ Having no CD reader sucks, ∙ So is radare2. 13 conclusion

  29. You should use it. Radare2 is nice. 13 conclusion

  30. ∙ Github repo ∙ Official website ∙ The r2 blog ∙ The r2 book ∙ Twitter 14 resources

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis Anton Kochkov

Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis Anton Kochkov

Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis Anton Kochkov PHDays IV, May 21, 2014 Intro radare2 Please use radare2 from git Warnings There is a nasty bug in r2 for now, please bear with us This is a

606 views • 26 slides
radare2 Radare2 - a framework for reverse engineering Maxime Morin (@Maijin212), Julien Voisin,

radare2 Radare2 - a framework for reverse engineering Maxime Morin (@Maijin212), Julien Voisin,

radare2 Radare2 - a framework for reverse engineering Maxime Morin (@Maijin212), Julien Voisin, Jeffrey Crowell (@jeffreycrow- ell), Anton Kochkov (@akochkov) October 22, 2015 Hack.lu 10-2015 maxime morin 22 y/o french expat @ Luxembourg

1.99k views • 84 slides
Radare2 - The Dwarf Fortress of reversing Who needs a GUI anyway? Florent (Skia) Jacquet Julien

Radare2 - The Dwarf Fortress of reversing Who needs a GUI anyway? Florent (Skia) Jacquet Julien

Radare2 - The Dwarf Fortress of reversing Who needs a GUI anyway? Florent (Skia) Jacquet Julien (jvoisin) Voisin November 18, 2016 GreHack 2016 pf.skia 1 Who needs the source code anyway? Playground 2 How to radare2? Installing

897 views • 71 slides
radare2 22 y/o french expat @ Luxembourg Food, Travel and Languages <3 I hate

radare2 22 y/o french expat @ Luxembourg Food, Travel and Languages <3 I hate

Maxime Morin (@Maijin212), Anton Kochkov (@akochkov) First r2babies steps - Long Version August 13, 2015 ISSA South Africa radare2 22 y/o french expat @ Luxembourg Food, Travel and Languages <3 I hate Bullshit Malware.lu

1.4k views • 68 slides
R2M2 RADARE2 + MIASM2 = @guedou - 09/09/2016 1 @GUEDOU? French hobbyist reverser network

R2M2 RADARE2 + MIASM2 = @guedou - 09/09/2016 1 @GUEDOU? French hobbyist reverser network

R2M2 RADARE2 + MIASM2 = @guedou - 09/09/2016 1 @GUEDOU? French hobbyist reverser network security researcher IPv6, DNS, TLS, BGP, DDoS mitigation, ... Scapy co-maintainer Python-based packet manipulation program & library neither

1.1k views • 61 slides
R2M2 RADARE2 + MIASM2 = https://github.com/guedou/r2m2 @guedou - 28/01/2017 - REcon BRX

R2M2 RADARE2 + MIASM2 = https://github.com/guedou/r2m2 @guedou - 28/01/2017 - REcon BRX

R2M2 RADARE2 + MIASM2 = https://github.com/guedou/r2m2 @guedou - 28/01/2017 - REcon BRX 1 @GUEDOU? French hobbyist reverser network security researcher IPv6, DNS, TLS, BGP, DDoS mitigation, ... Scapy co-maintainer Python-based

1.48k views • 73 slides
shikata ga nai Jaime (@NighetMan) Pealba. This workshop is based on ideas and scripts from 2

shikata ga nai Jaime (@NighetMan) Pealba. This workshop is based on ideas and scripts from 2

October 22, 2015 Radare2 workshop hack.lu 2015 shikata ga nai Jaime (@NighetMan) Pealba. This workshop is based on ideas and scripts from 2 disclaimer 3 Please look at the shikata_ga_nai folder in the virtual machine where to find the

539 views • 39 slides
Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS

Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS

Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS alternative (coreboot, OpenEC) Figure out possible attack vectors via firmware trojans We will take only case of modern PC/Laptop/Server firmware(s).

747 views • 46 slides
BUBBLE STR UBBLE STRUGGLE UGGLE Call Graph Visualization with Radare2 Marion Marschalek

BUBBLE STR UBBLE STRUGGLE UGGLE Call Graph Visualization with Radare2 Marion Marschalek

BUBBLE STR UBBLE STRUGGLE UGGLE Call Graph Visualization with Radare2 Marion Marschalek marion@0x1338.at @pinkflawd Static Analysis is King What my my sa sandbox th thought What my my cu customer th thought the malw th alware do

886 views • 50 slides
building a concrete alternative to ida 1 were sorry raxcity.com Shellphish

building a concrete alternative to ida 1 were sorry raxcity.com Shellphish

Jeffrey (crowell) Crowell Julien (jvoisin) Voisin Radare2 to the rescue! June 20, 2015 REcon 2015 Montreal building a concrete alternative to ida 1 were sorry raxcity.com Shellphish Boston Key Party

1.04k views • 64 slides
GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci

GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci

GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci manuelasalvucci@rcsi.ie 2019-11-06 1 . 2 OUTLINE OUTLINE What is version control? Why bother with formal version control? How to install and get started

1.7k views • 136 slides
23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop place 1. workshop major targets 2. schedule, lunch boxes, banquet 3. your badge 4. weather forecast 5. workshop photo 6. scenery after workshop

256 views • 11 slides
x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip

x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip

x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip to c:\workshop Install: 010EditorWin32Installer402.exe nasm-2.10.05-installer.exe SysinternalsSuite.zip tdm64-gcc-4.7.1-2.exe

724 views • 40 slides
Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier July 4, 2016 Nuit du Hack Who are we ? Who are we ? Julien Voisin Radare2 NBS-System dustri.org Jrme Boursier AdwCleaner

1.53k views • 94 slides
Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

White Hat Shellcode Workshop Didier Stevens Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop . First example: loading/unloading a DLL Start calc.exe Start procexp.exe (Process Explorer) and

471 views • 23 slides
Strata forms workshop Landgate Workshop purpose This workshop has been developed for

Strata forms workshop Landgate Workshop purpose This workshop has been developed for

Strata forms workshop Landgate Workshop purpose This workshop has been developed for conveyancers and property lawyers who handle strata titles and want to build their confidence and understanding in form completion of the: Application

536 views • 21 slides
The Somali Pirates Case Jesus Rios IBM T.J. Watson Research Centre, USA and David Rios Insua ,

The Somali Pirates Case Jesus Rios IBM T.J. Watson Research Centre, USA and David Rios Insua ,

2 nd Maritime Risk Symposium Adversarial Risk Analysis: The Somali Pirates Case Jesus Rios IBM T.J. Watson Research Centre, USA and David Rios Insua , Royal Academy of Sciences, Spain Juan Carlos Sevillano , Complutense University, Spain

458 views • 26 slides
The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue opportunities Synthesis, Verification & Test for Secure ICs Undesired exposure of proprietary technology Protecting Integrated Circuits Problem

94 views • 8 slides
FROM MODELS TO AI- FROM MODELS TO AI- ENABLED SYSTEMS ENABLED SYSTEMS Christian Kaestner

FROM MODELS TO AI- FROM MODELS TO AI- ENABLED SYSTEMS ENABLED SYSTEMS Christian Kaestner

FROM MODELS TO AI- FROM MODELS TO AI- ENABLED SYSTEMS ENABLED SYSTEMS Christian Kaestner Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning Engineering." (2018), Chapters 5 (Components of Intelligent

663 views • 54 slides
Department of Housing Stability C OUNCIL D ISTRICT 4 T OWN H ALL O CTOBER 14, 2020 "No one

Department of Housing Stability C OUNCIL D ISTRICT 4 T OWN H ALL O CTOBER 14, 2020 "No one

Department of Housing Stability C OUNCIL D ISTRICT 4 T OWN H ALL O CTOBER 14, 2020 "No one is meant to be on the street. No one." -Debra Dyson, a guest at the Coliseum this summer At the end of the day, what we are driving toward

255 views • 12 slides
It , -1,7 W - wa AIK - - - - - . = 0.75 . WITT = Est . LRTT ) . der ( RTT ) - Timeout

It , -1,7 W - wa AIK - - - - - . = 0.75 . WITT = Est . LRTT ) . der ( RTT ) - Timeout

TCP continued October 8 : Topics : Fast recovery finish up - state diagram Tcp - TCP Packets to Bytes : . - TCP timers ( single ) for -1/0 AIM 'D - Rough throughput - It , -1,7 W - wa AIK - - - - - . = 0.75 .

300 views • 5 slides
Optimal Predition Ma rk ets with Optimal Pla y ers Lea rn Optimally fo r Log Loss

Optimal Predition Ma rk ets with Optimal Pla y ers Lea rn Optimally fo r Log Loss

Optimal Predition Ma rk ets with Optimal Pla y ers Lea rn Optimally fo r Log Loss John Langfo rd With Alina Beygelzimer and David P enno k Predition Ma rk ets Lea rn Optimally John Langfo rd With Alina

196 views • 7 slides
Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles

Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles

Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles Virtualization Security Team 1 Preface This talk is x86 and KVM centric 2 Outline Background Current Hardening Split Irqchip, PIT Prototype Hardening

884 views • 41 slides
Complete Derandomization of Identity Testing of Read-Once Formulas Daniel Minahan Ilya Volkovich

Complete Derandomization of Identity Testing of Read-Once Formulas Daniel Minahan Ilya Volkovich

Introduction Previous Results Our Model Read-Once Polynomials Our Results Complete Derandomization of Identity Testing of Read-Once Formulas Daniel Minahan Ilya Volkovich University of Michigan Presented by: Ramprasad Saptharishi

1.1k views • 92 slides

More recommend