GDB + GEF cheatsheet for reversing binaries

November 5, 2018 ~ hucktech ~ Leave a comment

I wrote a(n incomplete/always-WIP) #cheatsheet for #reversing binaries with #gdb (@gnutools) and #GEF (@_hugsy_). #PDF and LaTeX sources available; suggestions and PRs are welcome: https://t.co/95nlgBurEO

— Giovanni Lagorio (@zxgio) November 4, 2018

https://github.com/zxgio/gdb_gef-cheatsheet

GEF 2018.10 released: GDB Enhanced Features for exploit devs & reversers

October 29, 2018 ~ hucktech ~ Leave a comment

Release of #GDB #GEF 2018.10: Silurian Seeker!

GEF got a new shiny skin, heaps of improvement, new commands, bugfix, speed gain thx to the contrib @wcbowling, @daniellimws , @yrp604, @Grazfather & way more that could fit in a tweet!https://t.co/H6co38kTwN #pwn #re #linux #ctf pic.twitter.com/3Oc3rVSNlx

— crazy rabbidz (@_hugsy_) October 29, 2018

New features:
Support for RISC-V architecture (@dlrobertson )
Brand new skin, designed by our own @Grazfather
New command print-format
New convenience variables / functions ($_pie , $_heap) by @wbowling
Better AARCH64 support
All command outputs are now buffered, so less IO, more perf
“Repeatable” commands are in
PyEnv support (@hazedic)
Ditched Travis-CI for Circle-CI
Glibc Tcache bins support
Colorized hexdump byte (pwntools-like)

Changelog:
Bugfix in x86 EFLAGS parsing
Better and more unit tests
More caching (on key functions, settings, etc.)
Fixed the doc
(ARM) Auto. adjust GEF mode from cspr flag
Bugfix in capstone integration
Fixed minor issues in format-string-helper
Fixed IDA integration, thx @cclauss
And more minor bugfixes, and speed improvement

https://github.com/hugsy/gef

gef-context

CheckPoint Research: Scout Debugger

August 13, 2018 ~ hucktech ~ Leave a comment

Thanks for attending our (@ynvb, @_CPResearch_ ) #defcon talk. Scout debugger is now publicly available in our GitHub account – https://t.co/Y1wJi6wpeN. #whatthefax #defcon26 #defcon2018

— Eyal Itkin (@EyalItkin) August 12, 2018

“Scout” is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios, such as:

Collecting information on the address space of the debuggee – recon phase and exploit development
Exploring functionality of the original executable by accessing and executing selected code snippets
Adding and testing new functionality using custom debugger instructions

We have successfully used “Scout” as a debugger in a Linux Kernel setup, and in an embedded firmware research, and so we believe that it’s extendable API could prove handy for other security researchers in their research projects.

https://github.com/CheckPointSW/Scout

Windbg updated

October 30, 2016 ~ hucktech ~ Leave a comment

Windbg, Microsoft’s Windows system debugger, has been released with new features, one of which is ability to write debugger scripts in JavaScript.

(WordPress renders the MSDN blog URL strangely, if you can’t click on that, click on the URL in Alex’s twtter.)

Been waiting for a while to announce this! For all those that have done training with me & hated WinDBG scripting: https://t.co/d08aHcIoL1

— Alex Ionescu (@aionescu) October 29, 2016

https://blogs.msdn.microsoft.com/windbg/2016/10/27/new-insider-sdk-and-javascript-extensibility/

Strongdb: GDB plugin for Android native debugging

July 1, 2016 ~ hucktech ~ Leave a comment

Strongdb is a new GDB plugin using ARM assembler of Keystone for #Android debugging!https://t.co/G8W6UUcETR pic.twitter.com/m6h4QUkoKj

— Keystone Engine (@keystone_engine) June 18, 2016

“Strongdb is a gdb plugin that is written in Python, to help with debugging Android Native program.The main code uses gdb Python API.”

https://github.com/cx9527/strongdb

tool: Edb

September 3, 2015 ~ hucktech ~ Leave a comment

Edb is a system debugger, written by Evan Teran (@eteran). It’s been around for a while, but recently updated to use the Capstone engine, where I noticed it:

w0w, another debugger ditched its disassembler in favor of Capstone engine: Edb!https://t.co/Y25BwxiXZu

— Capstone Engine (@capstone_engine) September 3, 2015

Edb is a cross platform x86/x86-64 debugger, inspired by OllyDbg, but aims to function on x86 and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality. It is written in C++ using Qt. It contains these plugins: Analyzer, Assembler, BinaryInfo, BinarySearcher, Bookmarks, BreakpointManager, CheckVersion, DebuggerCore, DumpState, FunctionFinder, HardwareBreakpoints, HeapAnalyzer, OpcodeSearcher, ProcessProperties, ROPTool,References, and SymbolViewer.

Some security researchers may not know of OllyDbg, but only of Immunity Debugger (ImmyDbg), which is a fork of the GPL OllyDBg (but Immunity doesn’t seem to provide source…). Edb is also GPL-licensed, but source is easily available, and with Capstone backing it, looks to be very interesting!

https://github.com/eteran/edb-debugger
https://github.com/eteran/edb-debugger/wiki