|
@Jacob_Pimental | |||||
|
New article on #reverseengineering #linux #malware using #radare2
Let me know what you guys think!
medium.com/@201322c78cfc/…
|
||||||
|
||||||
|
MrAdminus
@MrAdminus
|
2. velj 2018. |
|
Ok that's way over my knowledge, have no clue..
|
||
|
||
|
|
Jacob Pimental
@Jacob_Pimental
|
2. velj 2018. |
|
What are you confused about? Maybe I can help
|
||
|
|
||
|
|
Jacob Pimental
@Jacob_Pimental
|
2. velj 2018. |
|
Awesome! Glad you liked it and that it was easy enough to understand for people new in the field!
|
||
|
|
||
|
Maxime Morin
@Maijin212
|
2. velj 2018. |
|
I would use e scr.utf8=true also normally if you enable comments you would see the ASCII directly in the disassembly. You can also use ahi s @ the offset of the cmp. For the base 2 calculation you could use ? or rax2. And r2pipe with cmdj("aoj") for the script ;)
|
||
|
|
||
|
|
Jacob Pimental
@Jacob_Pimental
|
2. velj 2018. |
|
Yeah,I had some of the comments disabled for the sake of getting the pictures for the article. I did use rax2 for a lot of things too, but didn't mention it as I went over it in other articles. Thanks for the tips though, will keep them in mind for next analysis!
|
||
|
|
||
|
🐲 Turtle Girl 🐉
@7ur7l3_61rl
|
2. velj 2018. |
|
Very cool 😎
|
||
|
|
||
|
|
Jacob Pimental
@Jacob_Pimental
|
2. velj 2018. |
|
Thank you!
|
||
|
|
||
|
|
Maxime Morin
@Maijin212
|
2. velj 2018. |
|
Use @radareorg instead of #radare2 to tag article ;)
|
||
|
|
||
|
|
Jacob Pimental
@Jacob_Pimental
|
2. velj 2018. |
|
Ah, ok. Will do next time!
|
||
|
|
||
|
Jonathan Lassoff
@jof
|
3. velj 2018. |
|
This was fun to see into. I love just about everything that uses radare2. However I don't think this shows why homebrew encryption is a bad idea. If this had a more well-known block cipher with a baked-in key, it would be just as reversible.
|
||
|
|
||
|
|
Jonathan Lassoff
@jof
|
3. velj 2018. |
|
If anything, I would call what this is doing "obfuscation".
|
||
|
|
||