Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 12:13:39 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1565490357&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Flinux%2Freverse-engineering%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1565490357.1338207219.1338207219.1338207219.1%3B%2B__utmz%3D32867617.1338207219.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/50495/Linux_Memory_Tools-0.2.tar.gz http://packetstormsecurity.org/files/50495/Linux_Memory_Tools-0.2.tar.gz http://packetstormsecurity.org/files/50495/Linux_Memory_Tools-0.2.tar.gz.html Tue, 03 Oct 2006 22:36:59 GMT Linux Memory tools are a set of Linux tools (Python, C and ASM) which aim is to facilitate exploit development. These tools can be used to dump process memory, search for patterns and quickly find OPCODEs location addresses (instructions and mnemonics are functional but still in development). OPCODE search is possible on an instant memory snapshot or using a file dump. These tools are been quickly coded and should be considered as helpful scripts. Return addresses or shellcode locations can be found instantly. http://packetstormsecurity.org/files/48559/PaiMei-1.0-REV88.zip http://packetstormsecurity.org/files/48559/PaiMei-1.0-REV88.zip http://packetstormsecurity.org/files/48559/PaiMei-1.0-REV88.zip.html Wed, 26 Jul 2006 07:44:58 GMT PaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more. http://packetstormsecurity.org/files/43519/disit01A.zip http://packetstormsecurity.org/files/43519/disit01A.zip http://packetstormsecurity.org/files/43519/disit01A.zip.html Thu, 02 Feb 2006 11:04:07 GMT Disit is a new open source disassembler engine. http://packetstormsecurity.org/files/34249/elf-0.5.4p1.tar.gz http://packetstormsecurity.org/files/34249/elf-0.5.4p1.tar.gz http://packetstormsecurity.org/files/34249/elf-0.5.4p1.tar.gz.html Thu, 09 Sep 2004 05:26:18 GMT elf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more. http://packetstormsecurity.org/files/33125/reverse_backdoored_binaries.txt http://packetstormsecurity.org/files/33125/reverse_backdoored_binaries.txt http://packetstormsecurity.org/files/33125/reverse_backdoored_binaries.txt.html Mon, 19 Apr 2004 13:49:00 GMT Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux. http://packetstormsecurity.org/files/32340/rec16lx.zip http://packetstormsecurity.org/files/32340/rec16lx.zip http://packetstormsecurity.org/files/32340/rec16lx.zip.html Sun, 14 Dec 2003 22:46:32 GMT REC is a portable reverse engineering decompiler which reads an executable file and attempts to produce a C-like representation of the code and data used to build it. It can decompile 386, 68k, PowerPC, and MIPS R3000 programs and recognizes the following file formats: ELF (System V Rel. 4, e.g. Linux, Solaris, etc.), COFF (System V Rel. 3.x, e.g. SCO), PE (Win32 .EXE and .DLL for Microsoft Windows 95 and NT), AOUT (BSD derivatives, e.g. SunOS 4.x), Playstation PS-X (MIPS target only), and raw binary data (via .cmd files). http://packetstormsecurity.org/files/32236/valgrind-2.0.0.tar.bz2 http://packetstormsecurity.org/files/32236/valgrind-2.0.0.tar.bz2 http://packetstormsecurity.org/files/32236/valgrind-2.0.0.tar.bz2.html Fri, 21 Nov 2003 19:04:02 GMT Valgrind is a GPL'd tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. You can use it to debug most dynamically linked ELF x86 executable, without modification, recompilation, or anything. If you want, Valgrind can start GDB and attach it to your program at the point(s) where errors are detected, so that you can poke around and figure out what was going on at the time. http://packetstormsecurity.org/files/31797/procshow-1.0.tar.gz http://packetstormsecurity.org/files/31797/procshow-1.0.tar.gz http://packetstormsecurity.org/files/31797/procshow-1.0.tar.gz.html Thu, 09 Oct 2003 06:01:49 GMT Procshow is a tool to analyze live processes. It shows ELF information as objdump, nm, readelf, etc but using a file in a runtime state. It helps an end user learn about a process, detect anomalies, backdoors, and holds various other uses. http://packetstormsecurity.org/files/31625/elfsh-0.51b3-portable.tgz http://packetstormsecurity.org/files/31625/elfsh-0.51b3-portable.tgz http://packetstormsecurity.org/files/31625/elfsh-0.51b3-portable.tgz.html Sat, 13 Sep 2003 06:32:48 GMT Elf Shell v0.51b3-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable. http://packetstormsecurity.org/files/30941/anti-ptrace.txt http://packetstormsecurity.org/files/30941/anti-ptrace.txt http://packetstormsecurity.org/files/30941/anti-ptrace.txt.html Wed, 16 Apr 2003 06:24:37 GMT Linux LKM that disables ptrace abilities in the 2.4.x kernels. http://packetstormsecurity.org/files/30711/oOps.c http://packetstormsecurity.org/files/30711/oOps.c http://packetstormsecurity.org/files/30711/oOps.c.html Sun, 05 Jan 2003 15:49:56 GMT oOps.c grabs hardcoded strings from binary files. Shows rootkit passwords and other information that is encoded character at a time to avoid binary examination like the strings command. Tested on Linux. http://packetstormsecurity.org/files/30612/LDasm-0.04.53.tar.gz http://packetstormsecurity.org/files/30612/LDasm-0.04.53.tar.gz http://packetstormsecurity.org/files/30612/LDasm-0.04.53.tar.gz.html Wed, 18 Dec 2002 21:58:03 GMT LDasm (Linux Disassembler) is a Perl/Tk-based GUI for objdump/binutils that tries to imitate the look and feel of W32Dasm. It searches for cross-references (e.g. strings), converts the code from GAS to a MASM-like style, and much more. http://packetstormsecurity.org/files/29986/anti-anti-dbg.c http://packetstormsecurity.org/files/29986/anti-anti-dbg.c http://packetstormsecurity.org/files/29986/anti-anti-dbg.c.html Sat, 02 Nov 2002 21:50:00 GMT anti-anti-debug is a Linux kernel module that is used to stop the technique currently implemented into closed source Linux binaries that disallow or restrict debugging and tracing with tools like gdb and strace. http://packetstormsecurity.org/files/26344/elfsh-0.43b-portable.tgz http://packetstormsecurity.org/files/26344/elfsh-0.43b-portable.tgz http://packetstormsecurity.org/files/26344/elfsh-0.43b-portable.tgz.html Sat, 06 Jul 2002 08:00:45 GMT Elf Shell v0.43b-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable. Sample output here. http://packetstormsecurity.org/files/26334/examiner-0.4.tar.gz http://packetstormsecurity.org/files/26334/examiner-0.4.tar.gz http://packetstormsecurity.org/files/26334/examiner-0.4.tar.gz.html Thu, 04 Jul 2002 08:24:30 GMT The Examiner is a tool to analyze foreign binary executables. The goal of is to be able to get output similar to strace without executing the binary in question. Uses the objdump command to disassemble and comment binaries. This tool was designed for forensic purposes but could be used for basic reverse-engineering goals as well. http://packetstormsecurity.org/files/25525/bastard-0.14.tgz http://packetstormsecurity.org/files/25525/bastard-0.14.tgz http://packetstormsecurity.org/files/25525/bastard-0.14.tgz.html Sun, 09 Dec 2001 04:23:07 GMT A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects. http://packetstormsecurity.org/files/25259/bastard_src-0.10.tgz http://packetstormsecurity.org/files/25259/bastard_src-0.10.tgz http://packetstormsecurity.org/files/25259/bastard_src-0.10.tgz.html Mon, 03 Sep 2001 21:12:14 GMT A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects. http://packetstormsecurity.org/files/24644/bastard-0.08.tgz http://packetstormsecurity.org/files/24644/bastard-0.08.tgz http://packetstormsecurity.org/files/24644/bastard-0.08.tgz.html Sun, 15 Apr 2001 18:53:26 GMT A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects. http://packetstormsecurity.org/files/24122/hypersrc-3.0.3.tar.gz http://packetstormsecurity.org/files/24122/hypersrc-3.0.3.tar.gz http://packetstormsecurity.org/files/24122/hypersrc-3.0.3.tar.gz.html Thu, 25 Jan 2001 07:56:14 GMT hypersrc is a GUI program for browsing source code, which uses GTK+. It provides a list widget containing sorted source code tags. A programmer can click a tag to hyperlink to a particular tagged line in a source code file. Screenshot here. http://packetstormsecurity.org/files/23992/hypersrc-2.1.6.tar.gz http://packetstormsecurity.org/files/23992/hypersrc-2.1.6.tar.gz http://packetstormsecurity.org/files/23992/hypersrc-2.1.6.tar.gz.html Wed, 03 Jan 2001 22:27:11 GMT hypersrc is a GUI program for browsing source code, which uses GTK+. It provides a list widget containing sorted source code tags. A programmer can click a tag to hyperlink to a particular tagged line in a source code file. Screenshot here. http://packetstormsecurity.org/files/23702/gvd-1.0.1-linux.gz http://packetstormsecurity.org/files/23702/gvd-1.0.1-linux.gz http://packetstormsecurity.org/files/23702/gvd-1.0.1-linux.gz.html Sat, 02 Dec 2000 20:47:55 GMT GVD is a general purpose graphical debugger frontend. It features advanced data display and visualization capabilities, and allows the debugging of multi-process/multi-threaded applications in the same debugging session. GVD works with native and cross-debuggers and can handle several languages in the same debugging session and the same application. C and Ada are supported. GVD can run on a host different from the machine where the debugger is running and provides friendly support for cross-debuggers (VxWorks, Lynx, etc.). For instance, you can use Linux or Windows to debug an application running on a Power PC board with a debugger running on a Sun workstation. http://packetstormsecurity.org/files/23557/sdebug.tgz http://packetstormsecurity.org/files/23557/sdebug.tgz http://packetstormsecurity.org/files/23557/sdebug.tgz.html Fri, 10 Nov 2000 21:35:51 GMT Segment debugger is an ELF binary segment scanner with a console ncurses interface. its currently in alpha stages and features only stack phrase, and double word searching. http://packetstormsecurity.org/files/23451/biew-520.tar.bz2 http://packetstormsecurity.org/files/23451/biew-520.tar.bz2 http://packetstormsecurity.org/files/23451/biew-520.tar.bz2.html Mon, 30 Oct 2000 23:38:49 GMT Biew is Binary vIEWer with built-in editor for binary, hexadecimal and disassembler modes. It contains a PentiumIII/K7Athlon/Cyrix-M2 disassembler, full preview of MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff executable formats, a code guider, a text viewer with russian codepages support, and many other features. http://packetstormsecurity.org/files/22763/repeat.tar.gz http://packetstormsecurity.org/files/22763/repeat.tar.gz http://packetstormsecurity.org/files/22763/repeat.tar.gz.html Wed, 09 Aug 2000 08:34:00 GMT The Reverse Engineer's Patcher is the first byte patcher for UNIX systems. It will compare two binaries and produce a patch in C. http://packetstormsecurity.org/files/22604/SN451.tar.gz http://packetstormsecurity.org/files/22604/SN451.tar.gz http://packetstormsecurity.org/files/22604/SN451.tar.gz.html Sun, 23 Jul 2000 03:22:19 GMT Source-Navigator is a source code analysis tool. With it, you can edit source code, display relationships between classes and functions and members, display call trees, and build projects.