Email or username:

Password:

Forgot your password?
Top-level
Fritz Adalis

@arraybolt3 @eickmeyer @cdp1337 @vkc
Rather than just start disassembling, try to reproduce the blobs that are documented, then see what's different. Then start doing the same with the handful of ones without docs.

5 comments
Aaron Rainbolt

@FritzAdalis @eickmeyer @cdp1337 @vkc That's more or less what I had planned. Reverse engineering tools were what I hoped to use for investigating how things changed from the original source code, if they changed.

Codrus :archlinux: 🇺🇲

@arraybolt3 @FritzAdalis @eickmeyer @cdp1337 @vkc

Look for strings contained in the blob first—sometimes you can learn a lot that way.

⠠⠵ avuko

@arraybolt3 @FritzAdalis @eickmeyer @cdp1337 @vkc

I don't have time to do this myself, but I'd run all of the binary blobs I might want to compare through ssdeep. That way I would get a quick first feel for which are similar/alike, and which are different, and to what extend.

ssdeep-project.github.io/ssdee

Doing something like `vimdiff <(xxd binary1) <(xxd binary2) also helps me for quick checks.

cutter.re/ is a free gui for reversing.

coucouf ⏚

@arraybolt3 @FritzAdalis @eickmeyer @cdp1337 @vkc diffoscope is an excellent tool for analysing differences in binaries. It will dive down i into any format it knows (including ELF) to extract meaningful diffs.

diffoscope.org/

Go Up