⚙ïļ Reverse Engineering

📚 Basics

During forensics investigation it’s sometimes needed to reverse engineer some suspicious piece of code. This section is a reverse engineering dive-in section.

⚙ïļ Exploits

This section is the collection of jailbreak exploits digested by me and described. There is a difference between the terms jailbreak and exploit.

ðŸĶ  Malware Analysis

🏧 Firmware

ðŸĐŧ Anatomy Of Executables

💕 RAM and CPU Love Story

🍎 iOS Applications RE

During forensic analysis it’s not too rare to run into some suspicious application. In this article I’m going to learn to reverse engineer iOS applications.

🎁 Packed Executables And Unpacking

There are several indicators that the executable is packed. Here they are (this list will be growing as I encounter new indicators):

⛏ Crackme Algorithm

Look at the strings fs strings and f in radare2 or rabin -zz Find xrefs for the strings of interest axt @ str.

📓 REFM

Rabin2 rabin2 -I [progname] # main info about the prog rabin2 -z [progname] # the strings from the binary's data section rabin2 -zz [progname] # all strings from the binary rabin2 -zqq [progname] # strings only without additional info rabin2 -x iGoat-Swift # thin the binary R2 Info il # libs in use ii # or iiq to see imports r2 [progname] # launch radare2 > s main # seak main function and go to it > aa # find all strings > v # psedu GUI mode (Hex editor) > VV # graph mode > afvn user_input input # rename local var and all the places it was referenced # rename function > s function_old_name > afn function_new_name > c # show cursor in visual mode > afvd # print all local variables > u # back?