Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Maijin/radare2-workshop-2015
https://github.com/Maijin/radare2-workshop-2015
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/Maijin/radare2-workshop-2015
- Owner: Maijin
- Archived: true
- Created: 2015-07-11T09:09:27.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2015-09-04T20:31:25.000Z (about 9 years ago)
- Last Synced: 2024-05-19T04:51:35.831Z (6 months ago)
- Language: C
- Size: 11 MB
- Stars: 340
- Watchers: 22
- Forks: 90
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-radare2 - Radare2 Workshop 2015 (Defcon)
README
# Workshop2015
TOC
Part 0. Intro to the radare world (45 min + 15 min practice)
=================================
0.0 - Generality on radare2 framework
1.1 - Utility toolsuit
2.1 - Radare2 - Generalities
2.2 - Radare2 - Printing
2.3 - Radare2 - Info Commands
2.4 - Radare2 - Search
2.5 - Analysis
2.6 - Visual Mode(s)
2.7 - Student Practices - IOLI Set - Questions/Answers
Part I. Static analysis (1 hour 30 minutes)
=======================
Chapter 1. Malware (45 minutes)
------------------
1.1 Windows malware example
1.2 Linux malware example
Chapter 2. Firmware (45 minutes)
-------------------
2.1. General MIPS router firmware unpacking (15 minutes)
Showing low-hanging vulnerabilities in a classic SOHO router.
2.2 General ARM firmware analysis - bootloaders and android
executables (15 minutes)
- Texas Instruments bootrom analysis
- Qualcomm TrustZone analysis
- One of Android executables
2.3 HDD firmware analysis (15 minutes)
- Seagate firmware unpacking and disassembling
Chapter 3. Practice (30 minutes)
-------------------
Part II Debugging - (40 minutes)
=================
Chapter 1. General techniques (30 minutes)
-----------------------------
1.1 gdb (10 minutes)
Since the current native debugger is not perfect (it will be the focus
for the next release),
Radare2 can use gdb as a backend to debug processes.
1.2 native (10 minutes)
We'll show basic on-host debugging case, when you are brave enough
to debug executable (or even malware) directly on your machine.
Also:
- rarun2 - setup execution environment for a program (chroot,
parameters, env, etc.)
- remote r2 debugging r2 -c=h && r2 -C http://.../cmd/
1.3 WinDbg and PDB (10 minutes)
Essential part for the windows debuggind is loading PDB files,
especially for Windows drivers.
Chapter 2. Firmware (10 minutes)
-------------------
2.1 qemu (10 minutes)
Using embedded gdbserver to debug x86 bootloader/bios/uefi,
and arm bootloader (see Part II, 2.2 section)
Part III Scripting (1 hour)
==================
Chapter 1. Radare2 script (15 minutes)
-------------------------
Basic scripting, pipelining radare2 commands, without any external plugins.
Using python plugins, high-level analysis using python bindings
Chapter 2. Scripting with r2pipe (30 minutes)
--------------------------------
Using r2pipe for scripting with python, javascript.
Chapter 3. Python bindings (15 minutes)
--------------------------
Using 'classic' and 'ctypes' python bindings for the radare2 library
Part IV ESIL (1 hour)
============
ESIL is an Evaluateable String Intermediate Language
Chapter 1. Small ESIL introduction
----------------------------------
ESIL syntax, opcodes, sources of the ESIL analysis
Chapter 2. ESIL emulation
-------------------------
Using ESIL for the emulation, without qemu/bochs/vbox needed
Chapter 3. ESIL to REIL conversion
----------------------------------
To be able to use already existing tools based on REIL
THE END