“Programando técnicas de anti-reversing en Linux” – Libro gratuito

Programming Linux Anti-Reversing Techniques es un libro gratuito de Jacob Baines que muestra al lector cómo programar y analizar las técnicas más conocidas de anti-reversing en Linux. El libro muestra cómo un reverser analiza un binario con herramientas como IDA, Radare2, GDB, readelf y más. El código es presentado al lector listo para que pueda compilarlo y analizarlo por sí mismo.

Descargalo desde aquí.

Tabla de contenidos

Preface
Why Read This Book?
        Topics Not Covered
        Prerequisites
        Code and Command Output
    Chapter 1: Introductions
Introducing “Trouble”
        Using CMake
        The Code
        Compiling
        Executing
        Accessing the Shell
    Chapter 2: Compiler Options
-g
Recovering the Bind Shell Password with Hexdump
            Recovering the Bind Shell Password with GDB
            The Debugging Information in IDA
            Removing the Debugging Information
            Case Study: XOR DDOS
-s
SYMTAB vs. DYNSYM
Finding the Bind Shell Password Using .symtab
Case Study: The FILE Symbol
Examing Trouble After -s
-fvisibility
Looking at FUNC symbols
            Hiding FUNC symbols
        -O
   Corrected Block Tiny Encryption Algorithm (XXTEA)
            -Os
            -O3
            -funroll-loops
-static
Resolving Functions at Runtime
            ltrace
            LD_PRELOAD
            Using musl
    Chapter 3: File Format Hacks
The Strip Utility
        Removing the Section Headers Table
        Little Endian or Big Endian?
        The Sections Are a Lie
            Flipping the Executable Bit
            Lying with .init
            Hiding the Entry Point
        Mixing the Symbols
    Chapter 4: Fighting Off String Analysis
Code Reorganization
        Stack Strings
        XOR Stack String
        Function Encryption
            Computing the Function’s Size Using a Linker Script
            Decryption Logic
            Encryption Logic
        Creating a Cryptor
            Implementing the Cryptor
            Analyzing the Cryptor
  Chapter 5: Obstructing Code Flow Analysis
Indirect Function Calls
        Signals
        Early Return
        Jump Over an Invalid Byte
        Jump! Jump!
        Always Follow the Conditional
        Overlapping Instructions
Chapter 6: Evading the Debugger
Trace Me
        Trapping the Debugger
        Becoming Attached
        madvise
        prctl
        Detection Before main()
        Computing Function Checksums
Conclusion: All That We Fall For
    Notes

Fuente: HackPlayers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s