Binary Analysis Skill
Quick Workflow
Progress:
- Run checksec (identify protections)
- Identify binary type and dangerous functions
- Find vulnerability (BOF/format string/heap)
- Calculate offsets
- Develop exploit with pwntools
- Test locally, then remote
Quick Analysis Pipeline
1. File identification
file <binary>
2. Security features
checksec --file=<binary>
3. Interesting strings
strings <binary> | grep -iE "flag|ctf|password|correct|wrong|win|shell|secret"
4. Function symbols
nm <binary> 2>/dev/null | grep -E " T | t " | head -20
5. Dangerous functions
objdump -d <binary> 2>/dev/null | grep -E "gets|strcpy|sprintf|scanf|system|exec"
6. Auto vulnerability scan
cwe_checker <binary>
Reference Files
Topic Reference
Protections & Vuln Detection reference/protections.md
Exploitation Templates reference/exploits.md
Advanced Tools reference/tools.md
Quick Commands
Generate cyclic pattern
python3 -c "from pwn import *; print(cyclic(200))"
Find offset
python3 -c "from pwn import *; print(cyclic_find(0x61616167))"
Find ROP gadgets
ROPgadget --binary <binary> | grep "pop rdi"
Find one_gadget
one_gadget <libc>
Tools Summary
Tool Purpose
checksec Check binary protections
pwntools Exploit development
ROPgadget Find ROP gadgets
one_gadget Find libc one-shot gadgets
cwe_checker Auto vuln detection
qira Runtime analysis
Triton Symbolic execution