radare2 workshop
play

radare2 workshop Freshly graduated I dont know Windows 1 whoami - PowerPoint PPT Presentation

Jun 09, 2023 •257 likes •572 views

October 22, 2015 Writing a crack for hack.lu 2015 radare2 workshop Freshly graduated I dont know Windows 1 whoami Julien (jvoisin) Voisin French 2 Piracy is bad, mkay. disclaimer 3 what is this? 4 and what is this?

  1. October 22, 2015 Writing a crack for hack.lu 2015 radare2 workshop

  2. ∙ Freshly graduated ∙ I don’t know Windows 1 whoami Julien (jvoisin) Voisin ∙ French

  3. 2 Piracy is bad, m’kay. disclaimer

  4. 3 what is this?

  5. 4 and what is this?

  6. While knowing close to nothing about the Windows world. Time to write a compatibility enhancement hotfix! 5 but i still want to play!

  7. While knowing close to nothing about the Windows world. Time to write a compatibility enhancement hotfix! 5 but i still want to play!

  8. 6 In your virtual machine, in the nocd folder. where to look

  9. 7 finding the right function

  10. 8 You’ve got this one in your .radare2rc in the VM lets script some documentation fetcher for r2

  11. 8 You’ve got this one in your .radare2rc in the VM lets script some documentation fetcher for r2

  12. ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called

  13. ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called

  14. ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called

  15. ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6

  16. ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee

  17. ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee

  18. ∙ afi 0x4d65f6 ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee

  19. ∙ afi 0x5352ee ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6

  20. ∙ It’s likely an analysis command, about xref to something ∙ There are two locations: ∙ In what function do they belong? ∙ Still in analysis, function related, about information 9 find where it’s called Your turn! ∙ Find where GetDriveTypeA is called ∙ 0x4d65f6 ∙ 0x5352ee ∙ afi 0x4d65f6 ∙ afi 0x5352ee

  21. ∙ 0x004d6550 ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV ) ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations:

  22. ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV ) ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550

  23. ∙ Which one is the relevant one? (check with VV ) ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550 ∙ 0x004ab1aa

  24. ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550 ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV )

  25. ∙ 0x004d6550 is the cd-check routine! 10 find where it’s called (cont.) Your turn! ∙ 0x4d65f6 is called from two locations: ∙ 0x004d6550 ∙ 0x004ab1aa ∙ Which one is the relevant one? (check with VV )

  26. 2. Hardcode a return value for fcn.0x004d6550 3. Play the game without the CD! 11 patching time 1. Reopen the binary in write mode with oo+

  27. 12 my solution

  28. ∙ Age of Empire is cool, ∙ Having no CD reader sucks, ∙ So is radare2. 13 conclusion

  29. You should use it. Radare2 is nice. 13 conclusion

  30. ∙ Github repo ∙ Official website ∙ The r2 blog ∙ The r2 book ∙ Twitter 14 resources

Recommend

Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis Anton Kochkov

Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis Anton Kochkov

Application of radare2 illustrated by Shylock/Caphaw.D and Snakso.A analysis Anton Kochkov PHDays IV, May 21, 2014 Intro radare2 Please use radare2 from git Warnings There is a nasty bug in r2 for now, please bear with us This is a

606 views • 26 slides
radare2 Radare2 - a framework for reverse engineering Maxime Morin (@Maijin212), Julien Voisin,

radare2 Radare2 - a framework for reverse engineering Maxime Morin (@Maijin212), Julien Voisin,

radare2 Radare2 - a framework for reverse engineering Maxime Morin (@Maijin212), Julien Voisin, Jeffrey Crowell (@jeffreycrow- ell), Anton Kochkov (@akochkov) October 22, 2015 Hack.lu 10-2015 maxime morin 22 y/o french expat @ Luxembourg

1.99k views • 84 slides
Radare2 - The Dwarf Fortress of reversing Who needs a GUI anyway? Florent (Skia) Jacquet Julien

Radare2 - The Dwarf Fortress of reversing Who needs a GUI anyway? Florent (Skia) Jacquet Julien

Radare2 - The Dwarf Fortress of reversing Who needs a GUI anyway? Florent (Skia) Jacquet Julien (jvoisin) Voisin November 18, 2016 GreHack 2016 pf.skia 1 Who needs the source code anyway? Playground 2 How to radare2? Installing

897 views • 71 slides
radare2 22 y/o french expat @ Luxembourg Food, Travel and Languages <3 I hate

radare2 22 y/o french expat @ Luxembourg Food, Travel and Languages <3 I hate

Maxime Morin (@Maijin212), Anton Kochkov (@akochkov) First r2babies steps - Long Version August 13, 2015 ISSA South Africa radare2 22 y/o french expat @ Luxembourg Food, Travel and Languages <3 I hate Bullshit Malware.lu

1.4k views • 68 slides
R2M2 RADARE2 + MIASM2 = @guedou - 09/09/2016 1 @GUEDOU? French hobbyist reverser network

R2M2 RADARE2 + MIASM2 = @guedou - 09/09/2016 1 @GUEDOU? French hobbyist reverser network

R2M2 RADARE2 + MIASM2 = @guedou - 09/09/2016 1 @GUEDOU? French hobbyist reverser network security researcher IPv6, DNS, TLS, BGP, DDoS mitigation, ... Scapy co-maintainer Python-based packet manipulation program & library neither

1.1k views • 61 slides
R2M2 RADARE2 + MIASM2 = https://github.com/guedou/r2m2 @guedou - 28/01/2017 - REcon BRX

R2M2 RADARE2 + MIASM2 = https://github.com/guedou/r2m2 @guedou - 28/01/2017 - REcon BRX

R2M2 RADARE2 + MIASM2 = https://github.com/guedou/r2m2 @guedou - 28/01/2017 - REcon BRX 1 @GUEDOU? French hobbyist reverser network security researcher IPv6, DNS, TLS, BGP, DDoS mitigation, ... Scapy co-maintainer Python-based

1.48k views • 73 slides
shikata ga nai Jaime (@NighetMan) Pealba. This workshop is based on ideas and scripts from 2

shikata ga nai Jaime (@NighetMan) Pealba. This workshop is based on ideas and scripts from 2

October 22, 2015 Radare2 workshop hack.lu 2015 shikata ga nai Jaime (@NighetMan) Pealba. This workshop is based on ideas and scripts from 2 disclaimer 3 Please look at the shikata_ga_nai folder in the virtual machine where to find the

539 views • 39 slides
Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS

Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS

Reversing firmware using radare2 [H2HC] A. Kochkov October, 2014 Motives Implement FOSS alternative (coreboot, OpenEC) Figure out possible attack vectors via firmware trojans We will take only case of modern PC/Laptop/Server firmware(s).

747 views • 46 slides
BUBBLE STR UBBLE STRUGGLE UGGLE Call Graph Visualization with Radare2 Marion Marschalek

BUBBLE STR UBBLE STRUGGLE UGGLE Call Graph Visualization with Radare2 Marion Marschalek

BUBBLE STR UBBLE STRUGGLE UGGLE Call Graph Visualization with Radare2 Marion Marschalek marion@0x1338.at @pinkflawd Static Analysis is King What my my sa sandbox th thought What my my cu customer th thought the malw th alware do

886 views • 50 slides
building a concrete alternative to ida 1 were sorry raxcity.com Shellphish

building a concrete alternative to ida 1 were sorry raxcity.com Shellphish

Jeffrey (crowell) Crowell Julien (jvoisin) Voisin Radare2 to the rescue! June 20, 2015 REcon 2015 Montreal building a concrete alternative to ida 1 were sorry raxcity.com Shellphish Boston Key Party

1.04k views • 64 slides
GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci

GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci

GIT WORKSHOP GIT WORKSHOP 1 . 1 GIT WORKSHOP GIT WORKSHOP Manuela Salvucci manuelasalvucci@rcsi.ie 2019-11-06 1 . 2 OUTLINE OUTLINE What is version control? Why bother with formal version control? How to install and get started

1.7k views • 136 slides
23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop place 1. workshop major targets 2. schedule, lunch boxes, banquet 3. your badge 4. weather forecast 5. workshop photo 6. scenery after workshop

256 views • 11 slides
x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip

x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip

x64 Workshop Didier Stevens Go to http://workshop-x64.DidierStevens.com Unzip x64-workshop.zip to c:\workshop Install: 010EditorWin32Installer402.exe nasm-2.10.05-installer.exe SysinternalsSuite.zip tdm64-gcc-4.7.1-2.exe

724 views • 40 slides
Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier July 4, 2016 Nuit du Hack Who are we ? Who are we ? Julien Voisin Radare2 NBS-System dustri.org Jrme Boursier AdwCleaner

1.53k views • 94 slides
Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop

White Hat Shellcode Workshop Didier Stevens Go to http://workshop.DidierStevens.com Unzip shellcode-workshop.zip to C:\ Password is workshop . First example: loading/unloading a DLL Start calc.exe Start procexp.exe (Process Explorer) and

471 views • 23 slides
Strata forms workshop Landgate Workshop purpose This workshop has been developed for

Strata forms workshop Landgate Workshop purpose This workshop has been developed for

Strata forms workshop Landgate Workshop purpose This workshop has been developed for conveyancers and property lawyers who handle strata titles and want to build their confidence and understanding in form completion of the: Application

536 views • 21 slides
WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48 registered participants WDO WORKSHOP Opening remarks Reflections on ACERs First Monitoring Report and the Balancing Network Code Gas Department

1.51k views • 111 slides
WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48

WDO WORKSHOP ACER Workshop on Within Day Obligations TI TRE 15 May, 2017 In total 48 registered participants WDO WORKSHOP Opening remarks Reflections on ACERs First Monitoring Report and the Balancing Network Code Gas Department

1.43k views • 120 slides
Design Thinking Workshop Welcome to the workshop. Hand in your

Design Thinking Workshop Welcome to the workshop. Hand in your

Design Thinking Workshop Welcome to the workshop. Hand in your worksheets. Well come back in 5 minutes! Excited by the workshop? Stick around and help us test our ideas!

513 views • 34 slides
Biodiversity and Resilience of Agroecosystems Workshop March 7 &8, 2013 This workshop is

Biodiversity and Resilience of Agroecosystems Workshop March 7 &8, 2013 This workshop is

Biodiversity and Resilience of Agroecosystems Workshop March 7 &8, 2013 This workshop is the first of a workshop series in preparation for the 2014 Resilience Conference to be held in Montpellier, France 1 . The objective of the workshop

388 views • 3 slides
Treasurers Workshop Welcome to our Treasurers Workshop Housekeeping A little about me

Treasurers Workshop Welcome to our Treasurers Workshop Housekeeping A little about me

Treasurers Workshop Welcome to our Treasurers Workshop Housekeeping A little about me Introductions Overview of the Workshop & Participant Expectations - 15 minutes The Role of Treasurer, Must Do, Should Do, Could Do -

534 views • 36 slides
ESD Regional Workshop Year 2 Workshop 1 WSLA Year 2 u u Workshop 1 WSLA Curriculum

ESD Regional Workshop Year 2 Workshop 1 WSLA Year 2 u u Workshop 1 WSLA Curriculum

ESD Regional Workshop Year 2 Workshop 1 WSLA Year 2 u u Workshop 1 WSLA Curriculum Strands GOALS for the day: Refresh the leadership focus needed for the implementation of the Academy work in Year 2 Continue to examine the

307 views • 30 slides
RAs TLAFs Workshop RAs TLAFs Workshop Dundalk, 26 th July 2010 Objective of the Workshop

RAs TLAFs Workshop RAs TLAFs Workshop Dundalk, 26 th July 2010 Objective of the Workshop

RAs TLAFs Workshop RAs TLAFs Workshop Dundalk, 26 th July 2010 Objective of the Workshop Objective of the Workshop Proposed decision on TLAFs published on 18 th June; June; Workshop is an opportunity for industry to put forward their

197 views • 19 slides
Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to

Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to

The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011 Version 2.0 Final 3 Bro

620 views • 57 slides

More recommend