IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [binary-code]

60 questions
6
votes
1 answer

Difference Between Binary Exploitation and Reverse Engineering?

I am a beginner in Reverse Engineering and am trying to improve my skill by participating in any CTF's I can and solving CrackMe's. I am trying to find out why Binary Exploitation and Reverse Engineering are always separated as two different…
bi0s.kidd0
  • 203
  • 2
  • 7
6
votes
2 answers

How to Check Compilation Options For SO File - Android Application VA

During the security assessment of Android applications, I have encountered multiple instances where .so (Shared Objects) files are present in lib directory. What can be possible security test cases for the same. I have one test case, i.e. Insecure…
Shiv Sahni
  • 921
  • 8
  • 16
4
votes
1 answer

auditing open source compiler binaries for trojans

It is a well known vulnerability that a properly altered compiler binary can transfer itself to new binaries of the compiler, and still be entirely absent from the source code. But how real is this possibility? Has there been any attempt to audit…
lurscher
  • 1,200
  • 1
  • 10
  • 14
4
votes
1 answer

Unidirectional Data Transmission to a Smartphone

Unidirectional Data Transmission to a Smartphone I'm going to use an old Android phone to store sensitive data (e.g., Bitcoin wallet private key), with no SIM card and WiFi and Bluetooth turned off. I could disable wireless connections physically if…
anton_
  • 41
  • 3
3
votes
2 answers

How does binary code execution vulnerability work on a modern OS?

In a modern OS I think that: the .text section where binary assembled CPU instructions are stored cannot be modified the .data/.bss section is marked as no-execute so that the information there will only be treated as data, will never be executed…
emberfang
  • 199
  • 8
3
votes
1 answer

Running a brief asm script inline for dynamic analysis

Is there any good reason not to run a brief unknown (30 line) assembly script inline in a usermode c program for dynamic analysis directly on my laptop? There's only one system call to time, and at this point I can tell that it's a function that…
comp.sci.intern
  • 33
  • 3
3
votes
2 answers

Are .NET project GUID's visible when compiling?

I know if a person has a GUID from a machine that person can figure out if other guid belongs to that machine. In a .NET project (csproj and the visual studions solution file) GUIDs are generated. If i were to compile this project would the GUIDs be…
user5575
2
votes
1 answer

Use of openssl could be a weak point in an Android App?

I'm reviewing an Android app (consists of Java and C source). There are complicated obfuscation steps in the build process (for content protection). But it uses statically linked openssl library for AES encryption/decryption. I'm not a binary…
9dan
  • 133
  • 4
2
votes
1 answer

Supplying a password to PBKDF2 in raw binary vs. base64?

Background: I'm working with Node's crypto library. I'm using PBKDF2 to convert a variable-length binary "passphrase" into constant-length keys for an AES cipher later on. The underlying source of this passphrase data, for reasons out of my control,…
smitelli
  • 2,035
  • 3
  • 15
  • 19
2
votes
1 answer

How to run client's code on server securely

I'm working on a project basically a web application. It accepts code (java, c, c++) from client, compile and execute on server and return the results back to client. As I'm going to execute code on server there are many security and stability…
VishalDevgire
  • 123
  • 1
  • 4
2
votes
1 answer

Does recompiling a binary from source code make it more secure/obscure?

Using standard hardening options like PIC, Stack Protection ... does a mere recompilation make a program more secure against attacks? You have the source code of a program, compile it two times with the same options. One of the binaries you give…
plsrespond
  • 21
  • 2
2
votes
0 answers

Can binary firmware packages be executed on the system?

Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default. From my limited understanding of their functionality, a binary firmware package, or "blob", is loaded onto the respective…
Prototype700
  • 263
  • 2
  • 7
2
votes
0 answers

Binary exploitation

I am trying to upsolve a challenge from a CTF I played but I just can't get it right. I think you have to somehow manage to use buffer overflow, but I can't see what I'm doing wrong since this works in gdb, I think it is because ASLR is enabled for…
C. Cristi
  • 121
  • 2
2
votes
0 answers

How to see the filesystem of a camera firmware?

I watched https://www.youtube.com/watch?v=B8DjTcANBx0 and in this video he downloads several camera firmwares and analyzes their files. As far as I know, the firmwares are binary files that you can see with hex editors. But how to I see the files in…
Guerlando OCs
  • 405
  • 4
  • 14
2
votes
1 answer

Give only execute permissions to a Linux binary (prevent inspection)?

I'm writing an assignment for a security course, and I'm trying to create an executable which students can interact with (ie, execute), but not inspect. In particular what I'd like is for them to be able to execute the binary but not be able to…
joshlf
  • 123
  • 5
1
2
3 4