Anybody know a linux reversing site?
i know hculinux.cjb.net. Are there other sites with tutorials on linux reversing?

thx very much

Hi,
There is UIC's site in italian, and a couple moore with a few tutorials.
I suggest that all of us intrested in learning to crack linux applications get together under the Mini Project Area here, then we can work together from scratch.
I do not have much experiance in the subject but want to learn (where is the best tool, how to set them up etc..), 1 software is all that I've been cracking so far (pretty easy).
There was another posting about where to find a good linux reversing site, I think we should "grab" that fella too!

meRlin

Hi meRlin,
thx for ur answer.
I have found 3 italian sites for linux reversing:
quequero.cjb.net
masparev.cjb.net
racl.oltrelinux.com
If u find other sites plz REPLY.

thx meRlin

bye

P.S. : thx for your tutorial

well cracking != reversing. and the easiest way to reverse most linux applications is with vim.

However, assuming that you somehow find a shareware application that you absolutely must have and can't shell out the cash for, you will want to crack it. Cracking on Linux is damn easy, you can control they entire environment of the application, the system calls can be trapped via LKMs, the library calls can be trapped via LD_PRELOAD, the binary can be examined in all the usuall ways (i.e hex editor == biew, disassembler == objdump (if its trivial, like most binaries are), IDA (if it hasn't been protected, like most binaries are), or the bastard (if it is a real protected binary and you are willing a developing tool))...

I would suggest that all you aspiring linux crackers take some time out from your busy lives and learn how to use linux first. Then you can tackle writing an LKM to expand ptrace() to actually be useful. For those of you that want to get a little glimpse of where Linux reversing could go, try your hand at some of the root kit binaries that get posted to incidents@securityfocus.com, those are enlightening as to the quality of skript kiddie code... Additionally, you might want to look at the tools we have archived at http://packetstorm.securify.com/linux/reverse-engineering/ I think they have an old version of the bastard as well as my tools (hehe, old!).

you should look into mb.hcunix.org, and www.hcunix.org, because "linux cracking" started (publicly, that is) with SiuL+Hacky's essays back in 96->97 (??)... there is a lot of groud to cover, and you have to learn unix first. If you only know how to get by on a shell account you will quickly find ourself outclassed by the targets you seek.

For lack of research, lack of historical perspective, and lack of respect for the coders that are trying to make Linux a viable commercial entity, I am forced to club to death 1800 baby seals for each of you.

Thanks to the kernel patch from the HCUnix team, I can automate this task...

-------------
# mknod /dev/seal b 666 0
# cat basher << __EOF__
#!/bin/ksh93

for ((i=0;$i<2;i=$(($i+1))))
do
for ((j=0;$j<1800;j=$(($j+1))))
do
/bin/club -d /dev/seal -c 1 -T "Thwack"
done
print "Slaughtered $j seals!"
done

__EOF__
# rm -rf /dev/seal
# /bin/clean_up_blood /bin/club


------------------

peace,

grugq.




for ((

Here are some *nix (especially Linux) reversing tips, for you! windose crackers outside.

0. Install and learn how to use a decent *nix system. See
http://www.hcunix.org/epic/FASQ.html

1. You do not have to crack anything because
a) already open-source
b) an open-source implementation is available
c) not worthy to crack.

2. The best *nix cracking tutorial is the kernel. Learn!! C, read the kernel source.

3. #include "grugq's post"

4. If you're going to crack VmWare, do not!!

5. Try bastard. http://bastard.sourceforge.net/ But it assumes that you know
some assembler already :=)

6. Yeah, the Italians are VERY GOOD *nix crackers!! Learn Italian.

7. Learn some asm. Visit Konstantin's and _m's asm sites. Read, understand and learn.

8. Do you aware of something called "thread"?

Lol.

Epic

ps: missed all good days.

Thx for your posts epic and gruq
Obey!

Learn LKM, thread and process is good?

thx very much

I have to agree for the most part with grugq's and epic's posts. Linux cracking is either really easy or really hard.

If it's really easy, it's because the native linux facilities for doing cracking are quite powerful -- grugq speaks the ways

If it's really hard, it's usually because
* you don't know how to use the tools
* you know nothing about the ELF format
* you know nothing about the C stdlib
* you know nothing about linux


The first step natch is to looking into your standard tools, a hex editor [biew, it is like hiew], a disassembler [ldasm will be familiar for newbies, it is like W32Dasm], and a debugger [ddd is good, as are the other gooey front ends to gdb like GVD and Insight and such. UPS is excellent, but you have to spend the time learning it, and it is really only useful for source-debugging]. If you have IDA 4.16, it runs under WINE. If you want softice, try PrivateIce, but it is tough to get working

Next, get the ELF file format from Intel or from the Teensy Linux Program site or from linux assembly.org. Write a good ELF header parser using #include <elf.h> until you are sure you know what everything in the program does.

Then, learn C. Pay attention to the weird things you can do with libraries Look at the linux assembly language sites to learn about the C calling convention and system calls; maybe write two or three asm programs. Once again, the whirlwind teensy guide is good.

Finally, learn the rest of linux. Read THC's hacking LKMs guide.

If you already know cracking [i.e., if you do more than just follow essays] then this should make linux cracking quite easy. Else, hit up the afore-posted sites and grab some essays.

_m

Yes!
You are all (almost) pointing to that cracking linux is not needed, what about learning linux this way have you thaugt about that?????
I would like to learn lin(un)ix and how it works, why should'nt I try to reverse it??
Yes maybe I want to reverse vmware and why not? maybe the hardest part with it is to get it up and running in a "slack" ditrubution!
I could try to reverse anything I want don't I?
As always this is all about learnig or?
To set up pIce (as _mammon said) is not an easy part, it involves maybe a pice of cake to you (compile the kernel so it would fit) but it is not for me as I'm new to these stuffs.
All I (we) need is a little help to get started with it.
I have read all tutorials that I found even the italian one with a bad transate from altavista.

meRlin

http://www.linuxdoc.org/
http://www.hcunix.org

:=)

[QUOTE]meRlin (05-02-2001 19:50):
Yes!
You are all (almost) pointing to that cracking linux is not needed, what about learning linux this way have you thaugt about that?????


no we haven't, because it is a stupid idea. If you want to learn Unix, which is something I would recommend, read books and play with a shell. Don't think that you can get very far by pouring over the asm dump of '/bin/ls'... "ooooh. It seems to test the return value of opendir() for '0'... hmm, another 2 days of study and I will know what that means!"


I would like to learn lin(un)ix and how it works, why should'nt I try to reverse it??

apples and oranges.

Learning by doing. Get a Unice, install it and read && play. That is learning. If you want to reverse, reverse; but don't think that one will lead to the other. Reversing is very time consuming and learning Unix takes a very long time as well, why combine then for an astronomical indenture to your computer? You would be much better off listening to _m and learning C backwards and forwards. Get a copy of the C puzzle book and Reverse those... try your hand at obfuscated code. Reading asm is damn easy compared to reading well obfuscated C...


Yes maybe I want to reverse vmware and why not?

because reversing it is a waste of time, there is a freeware version which will give you access to the algo's used. If you just want to crack vmware, then go for it. There are tutorials on the internet so you won't even have to strain your brain.

maybe the hardest part with it is to get it up and running in a "slack" ditrubution!

no. That is very easy, even an idiot can do it, you should have no trouble.

I could try to reverse anything I want don't I?

er... yes? Not sure what that sentence is trying to say asie from some angst filled teenage hormone ridden american bullshit of independence and prividge laden statement.

As always this is all about learnig or?

yes. Learning means reading books, not reading asm dumps. If you don't read the Intel manuals how can you expect to know what people are talking about when the discuss r/m bits on an opcode? By that same token, unless you read books on Unix how will you learn to understand what I ment by a cmp of the opendir retval to 0? You can't reverse if you don't know what you are looking at.

To set up pIce (as _mammon said) is not an easy part, it involves maybe a pice of cake to you (compile the kernel so it would fit) but it is not for me as I'm new to these stuffs.

So? Do you think that we sprang full formed from the brow of some god? Well, actually, I did, and _m might have... The point is, everyone has to learn sometime. I would suggest that you compile your kernel before messing with pIce. As an asside, an assembler level debugger is less useful on Unix than DOS. Unix is extremely portable, running on almost every platform that can boot. If you want to use Unix as an expert, learn C. C is the lingua franca of Unix, not ASM (as in the win32 world, ooo 2 platforms x86 *and* Alpha!)...

All I (we) need is a little help to get started with it.

You have it.

I have read all tutorials that I found even the italian one with a bad transate from altavista.

Well, that isn't a very good place to start. Try www.linuxdocs.com rather. Those italian tuts were mediocre, like so many others in the scene. Its depressing really, you think that someone would bother to write some decent documentation.


peace,

grugq.

Once again grugq speaks words of wild wisdom, a treacle of truth. We *did* spring full formed from the brows of the gods on high.

OK, so you don't want to 'crack software', you want to 'learn linux'. This means you do not have to reverse engineer it, since the kernel, the libraries, the filesystem, and every significant subsystem are well documented and available in source code form -- you might as well reverse engineer orange juice.

If you can't read the source and/or docs, then your chance of understanding what is going on by decompiling the binaries is nil -- no more, no less.

Read the TLC lkm guide. Hit the LDP sites and read tlk [the linux kernel] along with the Guides, and a few how-tos. Hit hcunix.org and read dose's stuff and redplait's stuff and my stuff [hint try www.hcunix.org/$HANDLE for better info than is on the main page].Hit Kenton Lee's site and learn how X works. Hit linux assembly dot org for the finer details.

...


Now for what I don't get: reverse engineering is the attempt to reproduce the engineering process [in the computing paradigm, this is 'source code'] based solely on the examination of the result of that process [a 'program'] ... meaning, in the sense of 'reverse engineering linux' in order 'to learn linux', that you are trying to recover the source code in order to learn how the OS works.

However, the source code is readily available -- reverse engineering open source software is like hacking the wheel to pieces and then re-inventing it with the splinters.

Now, if what you mean by 'reverse engineering' is 'cracking' --and, since you bring up vmware [what? no OSS? ], I suspect it is-- then you will ignore everything gruq and Epic and I have posted because you are NOT trying to learn linux, you are trying to learn how to crack linux programs *without knowing a thing about linux*.

Remember how the lamest, most pathetic crackers on windows were the ones who had no clue how windows worked? It's the same thing. Learn the damn OS.

_m

ROFL,

remember, grugq said that most linux applications
are cracked with vi alone. right?
That means, don't disassemble every exe
that comes your way, it *could* be a shell
script ;P

First, before you go into specific linux internals,
learn the api interface of unix in general. Get
rich stevens' "Advanced" and "Illustrated" and
code!
Most of the crackworthy applications are meant
to be portable, so they retain the same interface
with all systems. Except in very little places.

But be warned, if you are not a programmer,
you will have a tough time learning the guts
of the system. Everything is scriptable: from
the boot loader to the window manager.

My tip is, don't concentrate on cracking alone,
you will definetly have a good time there, just
sport a sense of curosity, and play.

Have fun