I really like these videos. It is just like the early ones that I subscribed for. Although I do like your recent content, this format is my favourite. Covering 1 topic concisely as part of a series that gets gradually more in-depth.
I'm good with this type of video too, however I really have a hard time with the low audio. I don't see anyone in the comments mentioning it, so maybe it's just me, but I have to crank my laptop volume almost up to full to hear you in this format. Upping the volume a bit would be greatly appreciated!
PLS KEEP the comntent good. Q_Q Im happy you have daily but I'm a bit concern about it. Bit of thinking. Actually this small bits keep me entertained and I also learn the same time. It's very digestable. It's a win. Wish you good luck /life/etc. .
4 ปีที่แล้ว +1
Hello. I am studiying and developing a Deep learning algorithm. I wonder, is there any deep learning method to extract and recognize the binary sembols. Deep learning is very good at it. It can learn almost all sembols and behaviour of compiler. I know it takes very long time but it can learn.
Could you make a list of all resources that could help in learning like wargame sites ? I don't know if you have something like this already on your site. Thanks for these videos mate.
How are these signatures made? it's some kind hash function of all the bytes used by the function, substituting `call`s by the bytes of the internal functions?
I spent a good 1 hour understanding this video and the weird flow of the statically linked stripped binary. So if I'm not wrong, whenever dynamic linking happens in a process with a debugger attached to it the debugger watches for the symbols being used for the linking and can subsequently tell the user the function names?
The stripped binary only has its own debug symbols removed, but still has its import table (symbols referring to external functions/variables to be dynamically bound). So no need for a debugger, a proper disassembler is enough. (It is the most common form of executable, no debug symbols and dynamic linking). The second part of the video is about using signatures to identify functions that we know of from another binary, it's a difficult task since the assembly can change between different compilations and thus different versions of a library. There are different identification methods around: flair (pattern + cross references), yara (behavior based, return value), ..
This seems to be a lesson in why you don't decompile code, you disassemble it. If you understand x86 enough, you can always see exactly what is happening and you don't run into problems where you end up with rogue function calls that shouldn't be there.
Ah well. Then I don’t know why any programmer would still write code with buffer overflow vulnerabilities. Or why XSS still exists. Or why iPhones still get jailbroken. Why are they not just writing secure code?!?!?
@@LiveOverflow That is not a fair comparison. People consciously choose to use MD5 where buffer overflows, XSS, and jail vulnerabilities happen on accident. Buffer overflows can be effectively eliminated by using a language that keeps tracks of buffer sizes with dependent types. XSS can be effectively mitigated by using refinement types to keep track of whether data is sanitized. Preventing escaping from a jail is much more complicated, but using formal verification of your specification and design can help avoid it.
md5 is pretty fast, pretty wide spread, and it's good enough for most tasks. the holes that it has aren't too significant enough for everyone to switch to another hash function. it's "good enough" when generating checksums and the like.
Real Hackers don't use Ghidra, or GDB Back in the good old days -- the "Golden Era" of computers, it was easy to separate the men from the boys (sometimes called "Real Men" and "Quiche Eaters" in the literature). During this period, the Real Men were the ones that understood binary code, and the Quiche Eaters were the ones that didn't. A real computer programmer said things in assebly. (they actually talked in capital letters, you understand)
I’m just trying to have some fun with daily videos in december. Calling it haxember. It’s just the 4th day old style videos are not gone. I just have to do a different style to be able to make daily stuff. It’s just an experiment ;)
dude i love those zoom ins and the cartoonish arrows, it makes your videos so enjoyable to watch, they are a beauty
I really like these videos. It is just like the early ones that I subscribed for. Although I do like your recent content, this format is my favourite. Covering 1 topic concisely as part of a series that gets gradually more in-depth.
I'm pissed the video isn't 13:37 long.
Why?
still waiting for a 13:37 long video
Hi you... we need vids about reversing more common software.
How about reverse engineering Source engine? @LiveOverflow!
@@AneeshDogra sounds interesting
I'm good with this type of video too, however I really have a hard time with the low audio. I don't see anyone in the comments mentioning it, so maybe it's just me, but I have to crank my laptop volume almost up to full to hear you in this format. Upping the volume a bit would be greatly appreciated!
PLS KEEP the comntent good. Q_Q
Im happy you have daily but I'm a bit concern about it.
Bit of thinking. Actually this small bits keep me entertained and I also learn the same time. It's very digestable.
It's a win. Wish you good luck /life/etc. .
Hello. I am studiying and developing a Deep learning algorithm. I wonder, is there any deep learning method to extract and recognize the binary sembols. Deep learning is very good at it.
It can learn almost all sembols and behaviour of compiler. I know it takes very long time but it can learn.
Could you make a list of all resources that could help in learning like wargame sites ? I don't know if you have something like this already on your site.
Thanks for these videos mate.
da mwnuseee
How are these signatures made? it's some kind hash function of all the bytes used by the function, substituting `call`s by the bytes of the internal functions?
I spent a good 1 hour understanding this video and the weird flow of the statically linked stripped binary. So if I'm not wrong, whenever dynamic linking happens in a process with a debugger attached to it the debugger watches for the symbols being used for the linking and can subsequently tell the user the function names?
The stripped binary only has its own debug symbols removed, but still has its import table (symbols referring to external functions/variables to be dynamically bound). So no need for a debugger, a proper disassembler is enough.
(It is the most common form of executable, no debug symbols and dynamic linking).
The second part of the video is about using signatures to identify functions that we know of from another binary, it's a difficult task since the assembly can change between different compilations and thus different versions of a library. There are different identification methods around: flair (pattern + cross references), yara (behavior based, return value), ..
wait a moment, that breadboard computer looks familiar ....
Epic hacker man is back at it again
This seems to be a lesson in why you don't decompile code, you disassemble it. If you understand x86 enough, you can always see exactly what is happening and you don't run into problems where you end up with rogue function calls that shouldn't be there.
How do we determine what libc version is embedded within a static/stripped binary?
Thanks a million for this amazing video. You answered many of my questions in just a few minutes :)
daily uploads👍👌
But can you reverse a linked list?
Great video, can you also created a video talking about other common anti debugging techniques and how to bypass them?
Would be nice to have the links for stuff you used in the video
Hold up, who's the hot guy he hired? Lmfao
I would love to see some reversing with cutter (if you abandoned gdb/r2...) which also added the ghidra decompiler....
i have spent hours reversing static stripped bins without knowing this, labeling stuff by hand.. thanks so much haha
Awesome.
Could you play that piano for us please? :)
Love the shorter videos. And right in the sweet spot in terms of difficulty, at least for me
Great volumeeeeeeeeeeeee! :)
Hah Can you do that using android phone
This guy's intro rocks
big cool
nice
Where is a .pdb file for not stripped binaries on linux
Because on windows if you remove .pdf file you loose all symbols
it's in the ELF binary itself, no external symbol file needed. If you strip a ELF binary you can see the size is smaller.
@@LiveOverflow can you use Ghidra to reverse engeneer linux bin on windows or you have to use linux to reverse linux binaries?
@@Veso266 Ghidra can reverse Linux binaries on any host platform. Same goes for IDA.
Fifth! Love your videos
The haiiiiiirrrrr!!!!! 😍😍
GBU !
Cool video
Noice keep them coming!
nice!
Now decompile a Go program.
Or rust or anything other than C.
Why would a program use md5 in 2019? MD5 has been broken for a long time.
Ah well. Then I don’t know why any programmer would still write code with buffer overflow vulnerabilities. Or why XSS still exists. Or why iPhones still get jailbroken. Why are they not just writing secure code?!?!?
@@LiveOverflow That is not a fair comparison. People consciously choose to use MD5 where buffer overflows, XSS, and jail vulnerabilities happen on accident. Buffer overflows can be effectively eliminated by using a language that keeps tracks of buffer sizes with dependent types. XSS can be effectively mitigated by using refinement types to keep track of whether data is sanitized. Preventing escaping from a jail is much more complicated, but using formal verification of your specification and design can help avoid it.
@@gyroninjamodder you are missing the point, friend.
@@eIicit What point am I missing?
md5 is pretty fast, pretty wide spread, and it's good enough for most tasks. the holes that it has aren't too significant enough for everyone to switch to another hash function. it's "good enough" when generating checksums and the like.
Could you make a video using the built-in Ghidra function identifier? It is possible to create signatures that way
First
Real Hackers don't use Ghidra, or GDB
Back in the good old days -- the "Golden Era" of computers, it was easy to separate the men from the boys (sometimes called "Real Men" and "Quiche Eaters" in the literature). During this period, the Real Men were the ones that understood binary code, and the Quiche Eaters were the ones that didn't. A real computer programmer said things in assebly. (they actually talked in capital letters, you understand)
Nothing against your face, but it was way easier to focus on the content before.
I’m just trying to have some fun with daily videos in december. Calling it haxember. It’s just the 4th day old style videos are not gone. I just have to do a different style to be able to make daily stuff. It’s just an experiment ;)