SlideShare a Scribd company logo

Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON 2011]

RootedCON
RootedCON
Technology
1 of 23
Download to read offline
radare2: from forensics to bindiffing nibble <nibble@develsec.org> (@nibble_ds) pancake <pancake@nopcode.org> (@trufae) @radareorg
Introduction radare was born as a forensics tool - 64 bit addressing - multiple searching methods (aes, bytes, binmask..) - flags (mark with name, offset and size) - local and remote io (rap:// w32:// dbg:// ..) New stuff: - filesystems and partitions - zoom mode (overview of file) - base64 encoding/decoding - magic templates - scripting in Vala (fast!)
Demo Opening a remote disk and search for a string $ sudo r2 -n rap://:9999 $ r2 -n rap://127.0.0.1:9999//dev/sda > / hello world f hit0_0 11 0xfad040 > ./ hello world > ? hit0_0 0xfad040 > x @ 0xfad040
Search methods Keyword: - regular expressions (/e) - text (string, wide string, utf8, ..) (/w) - hexpair buf + binary mask (/x) Patterns: - repeated sequences of bytes (/p) - expanded AES keys (/A) Analysis: - references to addresses (call, jmp, ..) (/a) - opcodes matching a given expreg (/c)
Signatures You can create and find hexpair-based templates. - automatic binary masks based on opcode args - useful for statically linked bins - find inlined or dupped symbols "z is for zignature" > zg ls > ls.zignaturez > . ls.zignaturez > .z/
Magic templates magic(4) is a common library in *NIX systems which uses a db to identify and parse data > pm data to create our own templates to parse memory data > !vim test.mgc > pm test.mgc $ ls file-*/magic/Magdir
Magic example This is a example of the file format. 0 long 0 This is a null reference 0 byte x one %d, >4 byte x two %d, >8 string FOO (type is foo) >8 string BAR (type is bar) >12 long&0xff >0x70 invalid type
Formatted memory There’s also a native formatted print command: > pf [format] [space separated field names] [0x04d80480]> pf dis next length string next: 0x4d80480: 0x4d80520 length: 0x4d80484: 12 string: 0x4d80488: "backandforth"
Scripting libr/include files are described in swig/vapi/*.vapi valaswig can translate those vapi files into working bindings for many scripting languages: - python, perl, ruby, lua, java, guile, go, and vala * Run from r2 prompt with the #! command * Run as a standalone program using the r2-swig
Scripting demo [0x8048404]> #!vala > print ("0x%08llxn", core.num.get ("entry0")); 0x080498d0 [0x8048404]> #!python > core.cmd0 ("pd") > core.cons.flush () 0x08049900 0 55 push ebp 0x08049901 4+ 89e5 mov ebp, esp 0x08049903 4 53 push ebx 0x08049904 8+ 83ec04 sub esp, 0x4
Filesystems Supports ext2, ntfs, vfat, reiserfs, ... based on BURG. $ r2 -nw diskimg.ext2 > m ext2 /mnt 0 > md /mnt foo > mg /mnt/foo Hello World > mo /mnt/foo offset = 0x37490 size = 12 > ps @ 0x37490:12 Hello World > w Diiee @ 0x37490 > ms # mountpoint shell
Partitions Based on GRUB code: - Supports msdos, gpt, bsd, apple, sun, and more $ r2 -n /dev/sda > mp msdos 0 0 83 0x087e00 0x0865f9a00 1 82 0x0865f9a00 0x08168d5c00 2 83 0x08168d5c00 0x081ebbc5600 3 83 0x081ebbc5600 0x081ffd62800
Bindiffing - What is bindiffing? - Why is this useful? - Patched bins - Analyze backdoored bins - Find new functions (maybe non-documented) - Locate different implementations between functions in similar bins
Plain text diffing vs Binary diffing - Text/Code is written in a natural way for humans - Can be splitted by lines - Doesn’t exist dependencies/references between one line and another - One "instruction" is always coded the same - There isn’t intrinsic data to extract for each line
Troubles - Discard useless data - Padding - Uninitialized data - Useless sections/segments - Tokenization - Several Options: Fcns, BBs, Opcodes, Bytes - Combination - Deltas - Presentation
Steps 1.- Code Analysis (Do you remember RAnal? ;) - Find functions and bb’s (recursively) - Extract data from opcodes 2.- Fingerprint BB’s 3.- Fingerprint Fcn’s based on BB’s 4.- Function matching by name (exports) 5.- Function matching based on fingerprints 6.- BB matching
Fingerprinting - Use of Binary masks - RAnal info - Graph based metrics
BB/Fcn Diffing Levenshtein distance relative to entity size Minimum number of edits needed to transform one string into the other Example: "rooted" vs "roted" -> d = 1 "rooted" vs "r-ooted" -> d = 1 "rooted" vs "r-oted" -> d = 1 "rooted" vs "rooted---" -> d = 3 "rooted" vs "-roo--ted" -> d = 3
Demos - Demo 1: Simple diff - Demo 2: Diff between similar apps - Demo 3: Backdoored bin
And... a little surprise
ragui: the ui It’s not yet ready for daily use.. - work in progress - based on GNOME technologies - runs on Windows/OSX/Linux/BSD without changes - show screenshots and demo
Questions?
radare2: from forensics to bindiffing nibble <nibble@develsec.org> (@nibble_ds) pancake <pancake@nopcode.org> (@trufae) @radareorg

Recommended

José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
 
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdfTECHNOLOGY CONTROL CO.
 
Perl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingPerl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingDanairat Thanabodithammachari
 
One Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationOne Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationQuinn Wilton
 
Perl Programming - 03 Programming File
Perl Programming - 03 Programming FilePerl Programming - 03 Programming File
Perl Programming - 03 Programming FileDanairat Thanabodithammachari
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 

Recommended

José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
 
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdfTECHNOLOGY CONTROL CO.
 
Perl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingPerl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingDanairat Thanabodithammachari
 
One Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationOne Shellcode to Rule Them All: Cross-Platform Exploitation
One Shellcode to Rule Them All: Cross-Platform ExploitationQuinn Wilton
 
Perl Programming - 03 Programming File
Perl Programming - 03 Programming FilePerl Programming - 03 Programming File
Perl Programming - 03 Programming FileDanairat Thanabodithammachari
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacksPositive Hack Days
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testersChristian Martorella
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Bishop Fox
 
Os Cook
Os CookOs Cook
Os Cookoscon2007
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen oneAlexandre Moneger
 
Эксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPЭксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPPositive Hack Days
 
Pycon Sec
Pycon SecPycon Sec
Pycon Secguesta762e4
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslogamiable_indian
 
Linux Shellcode disassembling
Linux Shellcode disassemblingLinux Shellcode disassembling
Linux Shellcode disassemblingHarsh Daftary
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using pythonPurna Chander K
 
Perl Programming - 01 Basic Perl
Perl Programming - 01 Basic PerlPerl Programming - 01 Basic Perl
Perl Programming - 01 Basic PerlDanairat Thanabodithammachari
 
Debugging linux
Debugging linuxDebugging linux
Debugging linuxAndrea Righi
 
Software to the slaughter
Software to the slaughterSoftware to the slaughter
Software to the slaughterQuinn Wilton
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditorsJose Manuel Ortega Candel
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W mattersAlexandre Moneger
 
Os Vanrossum
Os VanrossumOs Vanrossum
Os Vanrossumoscon2007
 
Binary art - Byte-ing the PE that fails you (extended offline version)
Binary art - Byte-ing the PE that fails you (extended offline version)Binary art - Byte-ing the PE that fails you (extended offline version)
Binary art - Byte-ing the PE that fails you (extended offline version)Ange Albertini
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]RootedCON
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 

More Related Content

What's hot

1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacksPositive Hack Days
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Bishop Fox
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen oneAlexandre Moneger
 
Эксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPЭксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPPositive Hack Days
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslogamiable_indian
 
Linux Shellcode disassembling
Linux Shellcode disassemblingLinux Shellcode disassembling
Linux Shellcode disassemblingHarsh Daftary
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using pythonPurna Chander K
 
Software to the slaughter
Software to the slaughterSoftware to the slaughter
Software to the slaughterQuinn Wilton
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W mattersAlexandre Moneger
 
Os Vanrossum
Os VanrossumOs Vanrossum
Os Vanrossumoscon2007
 
Binary art - Byte-ing the PE that fails you (extended offline version)
Binary art - Byte-ing the PE that fails you (extended offline version)Binary art - Byte-ing the PE that fails you (extended offline version)
Binary art - Byte-ing the PE that fails you (extended offline version)Ange Albertini
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 

What's hot (20)

1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testers
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation)
 
Os Cook
Os CookOs Cook
Os Cook
 
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one
 
Эксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAPЭксплуатируем неэксплуатируемые уязвимости SAP
Эксплуатируем неэксплуатируемые уязвимости SAP
 
Pycon Sec
Pycon SecPycon Sec
Pycon Sec
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslog
 
Linux Shellcode disassembling
Linux Shellcode disassemblingLinux Shellcode disassembling
Linux Shellcode disassembling
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using python
 
Perl Programming - 01 Basic Perl
Perl Programming - 01 Basic PerlPerl Programming - 01 Basic Perl
Perl Programming - 01 Basic Perl
 
Debugging linux
Debugging linuxDebugging linux
Debugging linux
 
Software to the slaughter
Software to the slaughterSoftware to the slaughter
Software to the slaughter
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
 
Os Vanrossum
Os VanrossumOs Vanrossum
Os Vanrossum
 
Binary art - Byte-ing the PE that fails you (extended offline version)
Binary art - Byte-ing the PE that fails you (extended offline version)Binary art - Byte-ing the PE that fails you (extended offline version)
Binary art - Byte-ing the PE that fails you (extended offline version)
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
 

Similar to Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON 2011]

Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]RootedCON
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)JiandSon
 
Python mongo db-training-europython-2011
Python mongo db-training-europython-2011Python mongo db-training-europython-2011
Python mongo db-training-europython-2011Andreas Jung
 
Deep learning - the conf br 2018
Deep learning - the conf br 2018Deep learning - the conf br 2018
Deep learning - the conf br 2018Fabio Janiszevski
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...DefconRussia
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource KernelsSilvio Cesare
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Vincent Batts
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentMohammed Farrag
 
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
Apache Spark Workshop, Apr. 2016, Euangelos LinardosApache Spark Workshop, Apr. 2016, Euangelos Linardos
Apache Spark Workshop, Apr. 2016, Euangelos LinardosEuangelos Linardos
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephAnthony Jose
 
[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory AnalysisMoabi.com
 
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Hajime Tazaki
 
Docker 활용법: dumpdocker
Docker 활용법: dumpdockerDocker 활용법: dumpdocker
Docker 활용법: dumpdockerJaehwa Park
 

Similar to Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON 2011] (20)

Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
Debug generic process
Debug generic processDebug generic process
Debug generic process
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
 
Basics of C
Basics of CBasics of C
Basics of C
 
Python mongo db-training-europython-2011
Python mongo db-training-europython-2011Python mongo db-training-europython-2011
Python mongo db-training-europython-2011
 
Deep learning - the conf br 2018
Deep learning - the conf br 2018Deep learning - the conf br 2018
Deep learning - the conf br 2018
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
 
New features in Ruby 2.5
New features in Ruby 2.5New features in Ruby 2.5
New features in Ruby 2.5
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports Development
 
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
Apache Spark Workshop, Apr. 2016, Euangelos LinardosApache Spark Workshop, Apr. 2016, Euangelos Linardos
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto Joseph
 
[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis
 
Programar para GPUs
Programar para GPUsProgramar para GPUs
Programar para GPUs
 
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01
 
Docker 활용법: dumpdocker
Docker 활용법: dumpdockerDocker 활용법: dumpdocker
Docker 활용법: dumpdocker
 

More from RootedCON

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...RootedCON
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRootedCON
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_RootedCON
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...RootedCON
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...RootedCON
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRootedCON
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...RootedCON
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRootedCON
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...RootedCON
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRootedCON
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...RootedCON
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRootedCON
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRootedCON
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRootedCON
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...RootedCON
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...RootedCON
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRootedCON
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRootedCON
 

More from RootedCON (20)

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON 2011]

  • 1. radare2: from forensics to bindiffing nibble <nibble@develsec.org> (@nibble_ds) pancake <pancake@nopcode.org> (@trufae) @radareorg
  • 2. Introduction radare was born as a forensics tool - 64 bit addressing - multiple searching methods (aes, bytes, binmask..) - flags (mark with name, offset and size) - local and remote io (rap:// w32:// dbg:// ..) New stuff: - filesystems and partitions - zoom mode (overview of file) - base64 encoding/decoding - magic templates - scripting in Vala (fast!)
  • 3. Demo Opening a remote disk and search for a string $ sudo r2 -n rap://:9999 $ r2 -n rap://127.0.0.1:9999//dev/sda > / hello world f hit0_0 11 0xfad040 > ./ hello world > ? hit0_0 0xfad040 > x @ 0xfad040
  • 4. Search methods Keyword: - regular expressions (/e) - text (string, wide string, utf8, ..) (/w) - hexpair buf + binary mask (/x) Patterns: - repeated sequences of bytes (/p) - expanded AES keys (/A) Analysis: - references to addresses (call, jmp, ..) (/a) - opcodes matching a given expreg (/c)
  • 5. Signatures You can create and find hexpair-based templates. - automatic binary masks based on opcode args - useful for statically linked bins - find inlined or dupped symbols "z is for zignature" > zg ls > ls.zignaturez > . ls.zignaturez > .z/
  • 6. Magic templates magic(4) is a common library in *NIX systems which uses a db to identify and parse data > pm data to create our own templates to parse memory data > !vim test.mgc > pm test.mgc $ ls file-*/magic/Magdir
  • 7. Magic example This is a example of the file format. 0 long 0 This is a null reference 0 byte x one %d, >4 byte x two %d, >8 string FOO (type is foo) >8 string BAR (type is bar) >12 long&0xff >0x70 invalid type
  • 8. Formatted memory There’s also a native formatted print command: > pf [format] [space separated field names] [0x04d80480]> pf dis next length string next: 0x4d80480: 0x4d80520 length: 0x4d80484: 12 string: 0x4d80488: "backandforth"
  • 9. Scripting libr/include files are described in swig/vapi/*.vapi valaswig can translate those vapi files into working bindings for many scripting languages: - python, perl, ruby, lua, java, guile, go, and vala * Run from r2 prompt with the #! command * Run as a standalone program using the r2-swig
  • 10. Scripting demo [0x8048404]> #!vala > print ("0x%08llxn", core.num.get ("entry0")); 0x080498d0 [0x8048404]> #!python > core.cmd0 ("pd") > core.cons.flush () 0x08049900 0 55 push ebp 0x08049901 4+ 89e5 mov ebp, esp 0x08049903 4 53 push ebx 0x08049904 8+ 83ec04 sub esp, 0x4
  • 11. Filesystems Supports ext2, ntfs, vfat, reiserfs, ... based on BURG. $ r2 -nw diskimg.ext2 > m ext2 /mnt 0 > md /mnt foo > mg /mnt/foo Hello World > mo /mnt/foo offset = 0x37490 size = 12 > ps @ 0x37490:12 Hello World > w Diiee @ 0x37490 > ms # mountpoint shell
  • 12. Partitions Based on GRUB code: - Supports msdos, gpt, bsd, apple, sun, and more $ r2 -n /dev/sda > mp msdos 0 0 83 0x087e00 0x0865f9a00 1 82 0x0865f9a00 0x08168d5c00 2 83 0x08168d5c00 0x081ebbc5600 3 83 0x081ebbc5600 0x081ffd62800
  • 13. Bindiffing - What is bindiffing? - Why is this useful? - Patched bins - Analyze backdoored bins - Find new functions (maybe non-documented) - Locate different implementations between functions in similar bins
  • 14. Plain text diffing vs Binary diffing - Text/Code is written in a natural way for humans - Can be splitted by lines - Doesn’t exist dependencies/references between one line and another - One "instruction" is always coded the same - There isn’t intrinsic data to extract for each line
  • 15. Troubles - Discard useless data - Padding - Uninitialized data - Useless sections/segments - Tokenization - Several Options: Fcns, BBs, Opcodes, Bytes - Combination - Deltas - Presentation
  • 16. Steps 1.- Code Analysis (Do you remember RAnal? ;) - Find functions and bb’s (recursively) - Extract data from opcodes 2.- Fingerprint BB’s 3.- Fingerprint Fcn’s based on BB’s 4.- Function matching by name (exports) 5.- Function matching based on fingerprints 6.- BB matching
  • 17. Fingerprinting - Use of Binary masks - RAnal info - Graph based metrics
  • 18. BB/Fcn Diffing Levenshtein distance relative to entity size Minimum number of edits needed to transform one string into the other Example: "rooted" vs "roted" -> d = 1 "rooted" vs "r-ooted" -> d = 1 "rooted" vs "r-oted" -> d = 1 "rooted" vs "rooted---" -> d = 3 "rooted" vs "-roo--ted" -> d = 3
  • 19. Demos - Demo 1: Simple diff - Demo 2: Diff between similar apps - Demo 3: Backdoored bin
  • 20. And... a little surprise
  • 21. ragui: the ui It’s not yet ready for daily use.. - work in progress - based on GNOME technologies - runs on Windows/OSX/Linux/BSD without changes - show screenshots and demo
  • 23. radare2: from forensics to bindiffing nibble <nibble@develsec.org> (@nibble_ds) pancake <pancake@nopcode.org> (@trufae) @radareorg