LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-07-2014, 05:31 AM   #1
Jenish_uk
LQ Newbie
 
Registered: Oct 2010
Posts: 25

Rep: Reputation: 0
How to reverse engineer binary files using sleuthkit?


Is there any technique to reverse engineer binary files to their original contents?
I have a few binary files which I need to check against c codes (files). Basically finding out which C files created which binary files.
I am using sleuthkit but not getting anywhere!

Many thanks,
Jen
 
Old 05-07-2014, 07:30 AM   #2
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 23,231

Rep: Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688Reputation: 7688
see here: http://www.sleuthkit.org/sleuthkit/ it is not the right tool to reverse engineer anything (but analyze disk images).
Most of the binaries cannot be reverse engineered to their original sources because of a lot of missing information (like debug info). Others are not allowed to reverse engineer!
What kind or files do you want to reverse engineer?

From the other side you can insert identifiers in your C code and later you need only check these ids in the binary.
 
Old 05-07-2014, 07:56 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,962
Blog Entries: 4

Rep: Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025Reputation: 4025
A common technique is to simply grep the binary file image for a known text-string that is also distinctly present in (and somehow used in) the program in question. (You do have to make sure that the string is actually used somehow so that a compiler does not optimize it away as dead-code or dead-data.)

In some environments (e.g. Windows) it is possible to specify version-identifying metadata which is inserted into the library or executable expressly for this purpose ... and any sort of named character-string can be put there.

A third strategy that's used in larger organizations is to calculate and to store the sha1sum signature of every software asset, which is used both as a positive form of identification and as a guard against unauthorized modification of that asset. This is similar to the idea of cryptographic "code signing," which in some environments can be used at the operating-system level to prevent the execution (at all!) of code that is not signed as the organization demands it to be.

The answer to the general question of "reverse engineering" is simply that, in the general case, it cannot be done. Optimizing compilers produce outputs which are functionally equivalent to what the source code said, but not directly comparable (let alone "reversible") to it.

Last edited by sundialsvcs; 05-07-2014 at 07:58 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse engineer USB RichardUK Programming 2 12-18-2010 06:21 AM
reverse engineer crypt(3) hash m4rtin Linux - Security 10 02-14-2010 06:50 PM
Trying to reverse engineer our network :) 8webguy8 Linux - Networking 12 03-17-2004 09:46 AM
How can you reverse engineer a small C program OrganicX Programming 1 01-30-2004 09:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration