Linux Reversing Tools
Index
Linux
Messageboard
Linux Reversing Essays
Linux Links
Miscellaneous
|
Here's a collection of programs useful for Linux reverse engineering. This list is certainly not
means exhaustive, but it should at least be a starting point. Please feel free to send me details of
any useful Linux reverse engineering tools you know of that aren't included here.
Check out Red Plait's assorted *nix tools at the bottom of the page!
reap (Reap Home Page, by the grugq)
This program (Reverse Engineer's Assembly Producer) by grugq incorporates SiuL+Hacky's dasm script and provides a Tk front end to it. Yea! You can also keep up with the latest version through freshmeat:
reap (entry at www.freshmeat.net)
Objdump III: Resurrection Another Linux RE tool heavily based on Dasm (below) and reap (above).
Linux Disassembler 2.0799 (aka "Dasm")
This fantastic piece of work is by SiuL+Hacky, it's a Perl script (and thus requires that
Perl is installed on your system) that works with the output of objdump to create a serviceable disassembled listing of a binary. The output is
in AT&T; format, rather than in the possibly more familiar Intel format, but nevertheless this
is a brilliant program. Many thanks to SiuL+Hacky for writing it and making it available!
Download the file and rename it as you desire ("dasm" would seem an obvious if
unimaginative choice). Put it somewhere in your path (e.g. /usr/bin, /usr/local/bin etc.) and
set the appropriate permissions, not forgetting to make it executable ("chmod +x dasm").
Make sure that the first line of the script does in fact point to
the location of your Perl executable, if it doesn't then edit the file accordingly. Make
sure that the file is in Unix text format (LF terminated) and not in DOS text format
(CR/LF terminated) as might be the case if you downloaded the file on a non-Linux/Unix
system.
LDasm
This is pretty interesting. A tool written in Perl/Tk that - you guessed it - parses output from objdump. However, this one has some *very* impressive features including a W32Dasm alike GUI and conversion from AT&T; to Intel syntax. Nice! Sadly I couldn't get it to work (yes, I have the required setup, just didn't work for me) but you'll almost certainly have better luck so give it a whirl.
DDD (The Data Display Debugger)
The Data Display Debugger is very nice Motif-based GUI debugger. It is very capable and
has a relatively attractive interface (well, I think so anyway). I've used this debugger
for debugging my own programs (e.g. with source code) and for reversing, and although I
haven't even begun to scratch the surface of all its features I feel it is a very useful tool. Definitely recommended.
ltrace
ltrace is an enhanced version of strace, which logs the system calls that are called from
a program. It's a great little tool and provides a wealth of detailed information about
the target program, much like Numega's SmartCheck does on the Windows platform (albeit
without a GUI).
reqt
Another tool from the grugq, here is the Freshmeat entry:
The Reverse Engineer's Query Tool (reqt) is a script that will attempt to extract as
much information from a binary as possible--strings, symbols, hex dump,
disassembly, etc. All tools not expected to already be installed are included (dasm
and oob, both Linux disassemblers). reqt is intended for System Administrators who
need to find out what a suspect binary might do, but who aren't sure what tools to use.
hexedit
Looking for a Linux hex editor? Here's one, it's a console-mode application and uses the
ncurses library, if I remember correctly. It's of course not the only hex editor out there for Linux, search Freshmeat for others.
BIEW
Don't forget BIEW, a multiplatform hex editor, incorporating a opcode decoder. Truly excellent.
IDA Pro
OK, so it's not a Linux program, but it can disassemble ELF files (I believe it can also
handle a.out files, but to what extent I don't know) and it can be run under
DosEMU (older versions only it would seem - but of course there is always VMWare), so you don't even have to reboot. Oh yes, it also produces its output in the Intel format, which some might find
easier to read. The downside is that it is comparatively slow and isn't free...you can get a demo from the IDA homepage or uh, look around ;-)
Red Plait's tools
This is a collection of various *nix tools by Red Plait. Some are IDA Pro plugins, some are for FreeBSD. All sorts of interesting things, do try them:
RPSpy for FreeBSD 0.1 - Boundschecker for FreeBSD.
RPat - UNIX libraries' preprocessor for IDA Pro. See the associated essay (in English!) on the essays page.
crack.me - Packed crack.me for Linux. Get yourself into cracking shape.
If you speak Russian and want to look at more of Red Plait's essays and tools check out this site.
|