Thursday, April 9, 2015

tcpdump

https://danielmiessler.com/study/tcpdump/
Posted by at No comments:

Saturday, March 28, 2015

mips assembly


Instructions
all instruction are 32 bit long
instruction fall into three categories:
R-type: register type instructions
I-type: immediate 
J-type: jump instructions

jump

There are the list of instructions we'll look at.
  • beq Branches if the quantities of two registers are equal.
  • bne Branches if the quantities of two registers are NOT equal.
  • bgtz Branches if a quantity in a register is greater than zero (quantity is 32 bit, 2C).
  • bgez Branches if a quantity in a register is greater than or equal to zero (quantity is 32 bit, 2C).
  • bltz Branches if a quantity in a register is less than zero (quantity is 32 bit, 2C).
  • blez Branches if a quantity in a register is less than or equal to zero (quantity is 32 bit, 2C).
  • j Jump to an address
  • jr Jump to an address stored in a register
  • jal Jump to an address, and store the return address in a register.
  • jalr Jump to an address stored in a register, and store the return address in another register.




http://www.cs.umd.edu/class/sum2003/cmsc311/Notes/
Posted by at No comments:

Friday, March 27, 2015

IDA Python




debug


pycharm pro
  • copy pycharm-debug.egg from /path/to/pycharm/debug-eggs to remote computer if nessery
  • add code to IDA python script

import sys
import os
current_path = os.path.dirname(__file__)
egg_loc = os.path.join(current_path, "pycharm-debug.egg")
sys.path.append(egg_loc)
print egg_loc
import pydevd
pydevd.settrace("host ip/name", port=12345, stdoutToServer=True, stderrToServer=True)


  • config pycharm (Run/Debug Configuration)

add Python Remote Debug



  • Run Debug server




References

https://www.hex-rays.com/products/ida/support/idapython_docs/
http://www.slideshare.net/geeksec80/introduction-to-ida-python
http://reverseengineering.stackexchange.com/questions/2190/how-to-debug-an-idapython-script-from-within-ida/2885#2885
http://www.offensivecomputing.net/papers/IDAPythonIntro.pdf

http://www.slideshare.net/geeksec80/python-arsenal-for-re-1?related=1
Posted by at No comments:

PyCharm remote debug

PyCharm Professional only (community with remote server)


1)
Run/Debug Configuration

config server address and port listen

2)
copy debug-eggs to remote computer
locate /path/to/pycharm/debug-eggs

3)
add attach code to code under debug

4)run server


Posted by at No comments:
Labels: , ,

Monday, March 16, 2015

Buildroot "output" directory for multiple targets 


 mkdir device



cd device



  make -C "/path/to/buildroot" O="`pwd`" menuconfig



  make
Posted by at No comments:
Labels:

Friday, January 9, 2015

qemu compile


ubuntu 14.04

apt-get install libglib2.0-dev zlib1g-dev

./configure --disable-kvm 
--target-list="mips-linux-user"
make
make install


run qemu

from squash root folder

qemu-mips -L . -strace path/to/app
qemu-mips -L . -strace usr/sbin/miniupnpd

Posted by at No comments:

Wednesday, December 10, 2014

dump

reference

export ARCH=arm-linux (arm-cortexa5-linux-uclibcgnueabihf   ct-ng)
export CROSS_COMPILE=arm-linux-gnueabi-

Linux kernel (3.15)
make clean
make mrproper
make vexpress_defconfig
make menuconfig

General setup --->
[ X ] Embedded system
Configure standard kernel feature(expert users) --->
[ * ] Enable ELF core dump (new)

Enable debug mode in uClibc

download: (0.9.28 trendnet lib for 312 model) http://www.uclibc.org/downloads/old-releases/
make CROSS=arm-linux- menuconfig

General Library Settings  --->
Build pthreads debugging support

this option not found in 0.9.28 version
uClibc development/debugging options  --->
  Strip libraries and executables


Enable Core Dump support in Busybox


  1. Init Utilities  --->
    Support dumping core for child processes (debugging only)
  2. Second, create an empty file in the target’s filesystem’s root directory, called “.init_enable_core“.


build ramfs

_install$ arm-linux-ldd --root bin bin/busybox
       libm.so.0 => /lib/libm.so.0 (0x8badf00d)
       libc.so.0 => /lib/libc.so.0 (0x8badf00d)
       ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x8badf00d)

mkdir lib
copy busybox depend files to lib folder
find depends file in cross compiler folder
~/x-tools/arm-cortexa5-linux-uclibcgnueabihf$ find . -name libm.so.0
./arm-cortexa5-linux-uclibcgnueabihf/sysroot/lib/libm.so.0

cp -v <cross_compiler_lib>/libm.so.0 _install/lib
cp -v <cross_compiler_lib>/libc.so.0  _install/lib
cp -v <cross_compiler_lib>/ld-uClibc.so.0 _install/lib

first check
_install$ find . | cpio -o --format=newc > ../../rootfs.img

note
qemu-system-arm -machine help

qemu-system-arm -M vexpress-a9 -m 128M -kernel zImage -initrd rootfs.img -append "root=/dev/ram rdinit=/bin/sh"

_install$mkdir proc sys dev etc etc/init.d
_install$ vim etc/init.d/rcS
#!/bin/sh
mount -t proc none /proc
mount -t sysfs none /sys
/sbin/mdev -s

_install$ chmod +x etc/init.d/rcS

_install$ find . | cpio -o --format=newc > ../../rootfs.img

qemu-system-arm -M vexpress-a9 -m 128M -kernel zImage -initrd rootfs.img -append "root=/dev/ram rdinit=/sbin/init"
-redir tcp:8888::80

check
#include <stdlib.h> // C
//#include <cstdlib> // C++
void main(void)
{
abort();
}

arm-linux-gcc -o cdump cdump.c -static
Posted by at 1 comment:
Subscribe to: Comments (Atom)