Today I was reminded of the NGsec security games site from a DefCon CTF team-mate. (This game was actually used as a prequal for DefCon 10, which I didn’t go to. Ken told me stories about it, though.) I burned through stages 1-9 in about 45 minutes, and then hit stage 10 and was side-tracked learning about encrypted ELF binaries.
There continues to be no useful FOSS binary analyzers for this kind of reverse engineering. gdb just doesn’t even begin to cut it: it was made for (surprise!) debugging programs built by friendly compilers, not doing forensics on decidedly unfriendly, hand-crafted binaries . If Paul Graham and Richard Hamming are to be believed:
- What are the most important problems in your field?
- Are you working on one of them?
- Why not?
I should be writing a static binary analyzer. And a dynamic one too. GPL IDApro replacement. Yeow.
© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.