Reverse Engineering ELF

Reverse Engineering Process

1. file
   1. Determine architecture
   2. Determine if Stripped Binary
2. FLOSS
   1. This is to find strings
3. strace ./filename (See strace)
   1. Look at the Syscall
4. ltrace ./filename
   1. Look at what libraries are loaded and when
5. readelf -a ./filename
   1. Look for the entry point
6. nm -a ./filename 2. Look at the functions in the program
7. objdump -d ./filename -M intel
   1. Look at the disassembly of the program
8. Ghidra
9. Symbolic Execution
10. https://ide.kaitai.io/

Concepts

• ELF
• Register
• OS Stack
• OS Heap