Questions tagged [binary-code]
60 questions
6
votes
1 answer
Difference Between Binary Exploitation and Reverse Engineering?
I am a beginner in Reverse Engineering and am trying to improve my skill by participating in any CTF's I can and solving CrackMe's. I am trying to find out why Binary Exploitation and Reverse Engineering are always separated as two different…
![](../../users/profiles/37911.webp)
bi0s.kidd0
- 203
- 2
- 7
6
votes
2 answers
How to Check Compilation Options For SO File - Android Application VA
During the security assessment of Android applications, I have encountered multiple instances where .so (Shared Objects) files are present in lib directory.
What can be possible security test cases for the same.
I have one test case, i.e. Insecure…
![](../../users/profiles/159736.webp)
Shiv Sahni
- 921
- 8
- 16
4
votes
1 answer
auditing open source compiler binaries for trojans
It is a well known vulnerability that a properly altered compiler binary can transfer itself to new binaries of the compiler, and still be entirely absent from the source code.
But how real is this possibility? Has there been any attempt to audit…
![](../../users/profiles/2049.webp)
lurscher
- 1,200
- 1
- 10
- 14
4
votes
1 answer
Unidirectional Data Transmission to a Smartphone
Unidirectional Data Transmission to a Smartphone
I'm going to use an old Android phone to store sensitive data (e.g., Bitcoin wallet private key), with no SIM card and WiFi and Bluetooth turned off. I could disable wireless connections physically if…
![](../../users/profiles/151337.webp)
anton_
- 41
- 3
3
votes
2 answers
How does binary code execution vulnerability work on a modern OS?
In a modern OS I think that:
the .text section where binary assembled CPU instructions are stored cannot be modified
the .data/.bss section is marked as no-execute so that the information there will only be treated as data, will never be executed…
![](../../users/profiles/45116.webp)
emberfang
- 199
- 8
3
votes
1 answer
Running a brief asm script inline for dynamic analysis
Is there any good reason not to run a brief unknown (30 line) assembly script inline in a usermode c program for dynamic analysis directly on my laptop?
There's only one system call to time, and at this point I can tell that it's a function that…
![](../../users/profiles/190378.webp)
comp.sci.intern
- 33
- 3
3
votes
2 answers
Are .NET project GUID's visible when compiling?
I know if a person has a GUID from a machine that person can figure out if other guid belongs to that machine.
In a .NET project (csproj and the visual studions solution file) GUIDs are generated. If i were to compile this project would the GUIDs be…
user5575
2
votes
1 answer
Use of openssl could be a weak point in an Android App?
I'm reviewing an Android app (consists of Java and C source).
There are complicated obfuscation steps in the build process (for content protection).
But it uses statically linked openssl library for AES encryption/decryption.
I'm not a binary…
![](../../users/profiles/35324.webp)
9dan
- 133
- 4
2
votes
1 answer
Supplying a password to PBKDF2 in raw binary vs. base64?
Background: I'm working with Node's crypto library. I'm using PBKDF2 to convert a variable-length binary "passphrase" into constant-length keys for an AES cipher later on.
The underlying source of this passphrase data, for reasons out of my control,…
![](../../users/profiles/36812.webp)
smitelli
- 2,035
- 3
- 15
- 19
2
votes
1 answer
How to run client's code on server securely
I'm working on a project basically a web application. It accepts code (java, c, c++) from client, compile and execute on server and return the results back to client.
As I'm going to execute code on server there are many security and stability…
![](../../users/profiles/21820.webp)
VishalDevgire
- 123
- 1
- 4
2
votes
1 answer
Does recompiling a binary from source code make it more secure/obscure?
Using standard hardening options like PIC, Stack Protection ...
does a mere recompilation make a program more secure against attacks?
You have the source code of a program, compile it two times with the same options. One of the binaries you give…
![](../../users/profiles/252241.webp)
plsrespond
- 21
- 2
2
votes
0 answers
Can binary firmware packages be executed on the system?
Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default.
From my limited understanding of their functionality, a binary firmware package, or "blob", is loaded onto the respective…
![](../../users/profiles/161844.webp)
Prototype700
- 263
- 2
- 7
2
votes
0 answers
Binary exploitation
I am trying to upsolve a challenge from a CTF I played but I just can't get it right. I think you have to somehow manage to use buffer overflow, but I can't see what I'm doing wrong since this works in gdb, I think it is because ASLR is enabled for…
![](../../users/profiles/195629.webp)
C. Cristi
- 121
- 2
2
votes
0 answers
How to see the filesystem of a camera firmware?
I watched https://www.youtube.com/watch?v=B8DjTcANBx0 and in this video he downloads several camera firmwares and analyzes their files. As far as I know, the firmwares are binary files that you can see with hex editors. But how to I see the files in…
![](../../users/profiles/158391.webp)
Guerlando OCs
- 405
- 4
- 14
2
votes
1 answer
Give only execute permissions to a Linux binary (prevent inspection)?
I'm writing an assignment for a security course, and I'm trying to create an executable which students can interact with (ie, execute), but not inspect. In particular what I'd like is for them to be able to execute the binary but not be able to…
![](../../users/profiles/42185.webp)
joshlf
- 123
- 5