Tools

Ghidra

Setup & Installation (Linux)

Download here and unzip the files. Make sure to install this

sudo apt install default-jdk

Once done you can put it in here (Easily to access anywhere)

ln -s path/Ghidra/ghidra_<VERSION>_PUBLIC/ghidraRun /usr/local/bin/ghidra

To run just do the command

ghidra

Ghidra Cheatsheet

References

Ghidra Cheat Sheet

GDB-Gef

Setup & Installation

This one is a must

sudo apt install gdb

You can get this one here

GEF (pronounced ʤɛf - "Jeff") is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. Application developers will also benefit from it, as GEF lifts a great part of regular GDB obscurity, avoiding repeating traditional commands, or bringing out the relevant information from the debugging runtime.

Run this commands

#Step (1)
sudo wget -O ~/.gdbinit-gef.py -q https://raw.githubusercontent.com/hugsy/gef/dev/gef.py

#Step (2)
sudo echo source ~/.gdbinit-gef.py >> ~/.gdbinit

#Step (3)
# Add this inside ~/.gdbinit
define init-gef
source /root/.gdbinit-gef.py
end
document init-gef
Initializes GEF (GDB Enhanced Features)
end

#Step (4)
# Create this in /usr/local/bin/gdb-gef

#!/bin/sh
exec gdb -q -ex init-gef "$@"

#Step (5)
chmod +x /usr/local/bin/gdb-gef

To run just use this command

gdb-gef

Commands

References

Pwndbg + GEF + Peda — One for all, and all for oneMedium

IDA

Setup & Installation (Linux)

You can download it in here

Choose and download for Linux version

Then just run the program

./idafree70_linux.run

Once finish it will create one directory do the commands like below (optional)

ln -s path/idafree-7.0/ida64 /usr/local/bin/ida

So now you can run it by using`

ida

Rizin

You can get it on their Github Repo

GitHub - rizinorg/rizin: UNIX-like reverse engineering framework and command-line toolset.GitHub

Setup & Installation

First we need to have meson which you can see it in here and others

sudo python3 -m pip install meson
sudo python3 -m pip install ninja
sudo apt -y install cmake

Now we should follow the step that they provided

#Step To install
1. git clone --recurse-submodules https://github.com/rizinorg/rizin
2. cd rizin
3. sudo meson build
4. sudo meson compile -C build
5. sudo meson install -C build

#Incase if you want to uninstall (make sure inside rizin directory)
sudo ninja -C build uninstall

Once done compile you should see something like this

Now we can use it!

rizin

#To attach the binary
rizin ./challenge_elf

#To analyze the binary
aa

#To print, dissamble and see the function
pdf @main
pdf @main | grep cmp

#To dispaly to numeric base
? 0x149a

display Numeric Base

pdf @main with grep

rz-bin

Rz-bin is a powerful tool to handle binaries, to get information on imports, sections, headers and other data. It can present this information in several formats accepted by other tools, including rizin itself. rz-bin understands many file formats: Java CLASS, ELF, PE, Mach-O or any format supported by plugins, and it is able to obtain symbol import/exports, library dependencies, strings of data sections, xrefs, entrypoint address, sections, architecture type.

#To search for strings
rz-bin -z ./challenge_elf

#To search for strings and this information is represented as a 
#rizin commands list
rz-bin -zr ./challenge_elf

#To get Binary Information
rz-bin -I ./challenge_elf

#To get Binary Entrypoints
rz-bin -e ./challenge_elf

#To get list of imports on the binary
rz-bin -i ./challenge_elf

# To get a list of exports
rz-bin -E /usr/lib/libettercap.so | head

# To get a list of symbols almost the same like imports
rz-bin -s ./challenge_elf

# To get a list of symbols and produces a rizin script instead
rz-bin -sr ./challenge_elf | head

# To get list of library
rz-bin -l ./challenge_elf

# To get list of program sections
rz-bin -S ./challenge_elf

# To get list of program sections and produces a rizin script instead
rz-bin -Sr ./challenge_elf

#Here is simple script to use everything easily (I name it ezrizin)
# How to use?
# ezrizin challenge_elf

#!/bin/bash

echo -e "\e[92m[Get Entrypoints]\e[39m"
rz-bin -e $1

echo -e "\n\e[92m[Get Strings Information]\e[39m"
rz-bin -z $1

echo -e "\n\e[92m[Get Binary Information]\e[39m"
rz-bin -I $1

echo -e "\n\e[92m[Get List of Import]\e[39m"
rz-bin -i $1

echo -e "\n\e[92m[Get List of Library]\e[39m"
rz-bin -l $1

echo -e "\n\e[92m[Get List of Program Sections]\e[39m"
rz-bin -S $1

Uncompyle6

Link to download https://pypi.org/project/uncompyle6/

#Install
pip install uncompyle6

#To use
uncompyle6 -o . file.pyc

Usually you will find something looks like this

Marshal

code = marshal.loads(src)
print('\targcount: %s' % code.co_argcount)
print('\tconsts count: %d' % len(code.co_consts))
for item in code.co_consts:
    print('\t\t%s: %r' % (type(item), item))
print('\tfilename: %s' % code.co_filename)
print('\tfirstlineno: %s' % code.co_firstlineno)
print('\tflags: %s' % code.co_flags)
print('\tname: %s' % code.co_name)
print('\tnlocals: %s' % code.co_nlocals)
print('\tstacksize: %s' % code.co_stacksize)
print('\tvarnames count: %d' % len(code.co_varnames))
for item in code.co_varnames:
    print('\t\t%r' % item)

Radare2

Commands

#Start 
r2 ./file.out

#Show Information
iI

#Show MainAddress
ie
iM

#Show Symbols
is

#Show Strings
iz
izz

#Find references
axt 0x00000000

#List all functions
afl

#Dissamle
pdf @main
pdf @entry0

#Change Function Name
afn function_baru

#Change Variable Name
afvn local_18h password

#Enter Visual Mode
vv

#Commenting
CC yes here "please"

#Read write persmission
oo+

##Read only permission
oo

#Seek to address
s 0x0000000

#Writepatch
wx 9090 => nopnop

#Set Breakpoints
db main
db 0x0000000

#Run program
ood "CTFlearn{}" #> Pass arguments
dc #> Continue

#Print Function
pf S @ rbp-8