Questions tagged [binary-code]
The binary-code tag has no summary.
59 questions
-1
votes
1
answer
294
views
Confused about memory examination using gdb
I started reading "Hacking, The Art of Exploitation" and I am confused about some things regarding memory examination.
When I disassemble main, I get an output of all memories where the ...
- 1
1
vote
1
answer
614
views
How is it possible to simply a decode Bluetooth communications from a medical device?
Excuse the naive question but I'm trying to understand a bit about security in home health and medial devices and a recent report about how home Covid test results can be altered has left me a bit ...
- 333
0
votes
0
answers
31
views
The difference between a virtual door-lock and a public key [duplicate]
The thing that helped me to understand what is a "public key" was to parallel it with a door lock:
The door lock is public in the sense that anyone can try to unlock it and the door key is ...
1
vote
1
answer
250
views
Is there any way to get a unicode character that has a byte of 23?
I am pentesting a web application. It makes a backend call to another application, and I am trying to hijack that call.
I have gained control over the URL path, query parameters, and fragment that is ...
- 99
2
votes
1
answer
471
views
Does recompiling a binary from source code make it more secure/obscure?
Using standard hardening options like PIC, Stack Protection ...
does a mere recompilation make a program more secure against attacks?
You have the source code of a program, compile it two times with ...
- 21
1
vote
0
answers
485
views
2
votes
0
answers
189
views
Can binary firmware packages be executed on the system?
Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default.
From my limited understanding of their functionality, a binary firmware ...
- 273
9
votes
0
answers
2k
views
How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?
My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.
When it comes to advertising, the type of ...
- 483
2
votes
0
answers
503
views
Binary exploitation
I am trying to upsolve a challenge from a CTF I played but I just can't get it right. I think you have to somehow manage to use buffer overflow, but I can't see what I'm doing wrong since this works ...
- 121
-1
votes
3
answers
1k
views
3
votes
1
answer
232
views
Running a brief asm script inline for dynamic analysis
Is there any good reason not to run a brief unknown (30 line) assembly script inline in a usermode c program for dynamic analysis directly on my laptop?
There's only one system call to time, and at ...
0
votes
1
answer
224
views
SAT (Satisfiability) it is security risk?
If researcher found satisfiability in any software, this is a threat to security? If answer - "Yes", how can attacker to use SAT?
- 113
1
vote
2
answers
2k
views
How to make a well-known malicious programs undetectable by anti-virus solutions? [closed]
I want to make well-known malicious programs, like Mimikatz and Incognito, undetectable by anti-virus solutions.
I have already tried various approaches myself, like packing the binary with UPX or ...
- 1,317
1
vote
1
answer
668
views
Binary Exploitation - How to set GID of a SUID binary using shellcode?
I have a binary that is SUID which I can currently use a buffer overflow exploit to obtain an elevated EUID shell.
However I haven't worked much with changing IDs through shellcode, and the file I ...
- 13
4
votes
1
answer
226
views
Unidirectional Data Transmission to a Smartphone
Unidirectional Data Transmission to a Smartphone
I'm going to use an old Android phone to store sensitive data (e.g., Bitcoin wallet private key), with no SIM card and WiFi and Bluetooth turned off. ...
- 41
-1
votes
1
answer
309
views
What tools exist to crack, disable, and undo the effects of a malicious Linux binary? [closed]
I'm a network Penetration Tester and I'm trying to learn how to crack binaries. As an exercise, I've spent two days trying to crack a Linux binary that was supposedly designed to be cracked. ...
- 32
1
vote
2
answers
228
views
Is there any ability to determine the exploit used by compiled binary?
I have a binary file which uses some exploit(i guess, it was generated with metasploit), but I can`t determine the exact exploit it uses.
The disassembly listing of it contains a plenty of "mov" ...
- 154
15
votes
1
answer
5k
views
What does the NSA's Recently Leaked "The Equation Group" Files do?
First Hand Details
TEG (The Equation Group) is NSA's team of hackers who'd write code to exploit systems worldwide. Some of the private files were recently dropped by a group called Shadow Brokers and ...
- 1,600
1
vote
1
answer
16k
views
Decrypting binary code from a base64 string [duplicate]
So, this online discussion function use decoded account names in every post, along with that they call "logging data", an example of this can be:
Loggin data: 10878
Encoded account info: ...
- 111
11
votes
4
answers
7k
views
What's more secure? Hard coding credentials or storing them in a database? [duplicate]
I wonder which of these things is more secure.
Imagine hard coded credentials, similar to this:
if user.Equals("registereduser") && (password.Equals(encryptedpassword))
{
Give access to ...
- 119
8
votes
4
answers
4k
views
Static code review approach
My questions is related with static code analysis approach used by Veracode vs Fortify/AppScan.
Veracode – Finds security flaws in application binaries and bytecode without requiring source
Fortify/...
6
votes
1
answer
8k
views
Difference Between Binary Exploitation and Reverse Engineering?
I am a beginner in Reverse Engineering and am trying to improve my skill by participating in any CTF's I can and solving CrackMe's. I am trying to find out why Binary Exploitation and Reverse ...
- 203
2
votes
1
answer
2k
views
Supplying a password to PBKDF2 in raw binary vs. base64?
Background: I'm working with Node's crypto library. I'm using PBKDF2 to convert a variable-length binary "passphrase" into constant-length keys for an AES cipher later on.
The underlying source of ...
- 2,115
4
votes
1
answer
381
views
auditing open source compiler binaries for trojans
It is a well known vulnerability that a properly altered compiler binary can transfer itself to new binaries of the compiler, and still be entirely absent from the source code.
But how real is this ...
- 1,250
8
votes
5
answers
2k
views
Is it safer to compile open source code vs simply running the binary?
I understand that with OpenSource software, my milage may vary based on the trust of the author and the distribution platform they use (Codeplex, Git, or private server).
Oftentimes a FOSS website ...
- 51.2k