(@jeffreycrowell)

More documents

Recommendations

Info

knowing context is useful • does your register point to a string you control? • what’s in the stack? • keep flags, symbols, etc. • use from within visual mode ‘e dbg.slow = true‘ 52
pattern generate • DeBruijn patterns. • made famous by metasploit pattern create.rb • cyclic patterns, find offset in string. • Where’s our faked struct/string/etc. being referenced? • Where did we crash? • ragg2 -P -r or woD to write • ragg2 -q or woO to find your offset. 53
Page 1 and 2: adare2 Radare2 - a framework for re
Page 3 and 4: anton kochkov • Living in Moscow,
Page 5 and 6: jeffrey crowell • Boston, MA, USA
Page 7 and 8: installation
Page 9 and 10: utilities
Page 11 and 12: utilities • rax2 • rabin2 • r
Page 19 and 20: utilities: radiff2 — graph exampl
Page 21 and 22: utilities: rafind2 rafind2 — Adva
Page 23 and 24: utilities: rahash2 rahash2 — bloc
Page 25 and 26: adare2 — command line
Page 27 and 28: the # command — hashing command 1
Page 29 and 30: the i command — information comma
Page 31 and 32: adare2 - types command example Quic
Page 33 and 34: adare2 — visual mode
Page 35 and 36: adare2 — webui
Page 37 and 38: adare2 — debugger
Page 41 and 42: debugging • Native local debug (r
Page 43 and 44: now your turn! • Crackmes: IOLI-C
Page 45 and 46: scripting capabilities Available fo
Page 47 and 48: popular tools • gdb + peda - sear
Page 49 and 50: getting binary info 49
Page 51: ”telescoping” register • we c
Page 55 and 56: debug ’profiles’ • r2 -de dbg
Page 57 and 58: context + patterns • write your o
Page 59 and 60: shellcoding • relocatable • tes
Page 61 and 62: code reuse • return to libc • r
Page 63 and 64: code reuse • demo • r2 -A /path
Page 65 and 66: stack layout • when you ”ret”
Page 67 and 68: demo time • super basic rop expl.
Page 69 and 70: debugging
Page 71 and 72: gdb protocol + wine Winedbg allows
Page 73 and 74: debugging omap bootrom Just run it
Page 75 and 76: firmware analysis
Page 77 and 78: old legacy bios analysis • Load t
Page 79 and 80: searching guids 1. We need r2pipe (
Page 81 and 82: embedded controller - 8051 - esil v
Page 83 and 84: eferences

(@jeffreycrowell)

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?