The purpose of this lab is to "reverse engineer" a binary file using gdb. For this lab, we'll be using a benign binary available in both regular and stripped versions. This lab is scheduled to take two weeks.
The regular binary is mystery and the stripped binary is mystery2. If you are logged in to Sleipnir, you can copy both over to your current directory with:
cp /home/fac/melissa/public_html/cs451-s15/mystery* .
Both binaries were built off the same source code so you can see the difference between disassembling stripped binaries versus regular binaries.
Besides gdb
, other command line tools that can be used to
investigate unknown binaries on Linux are readelf
and
objdump
.
The readelf dumps information about an ELF format executable. If you look
carefully at the output of readelf, you can even find the original source code
filename in the output. A brief tutorial on readelf can be found at
removed: website infected
The objdump command is a non-interactive way to disassemble a binary. It can be more useful on stripped binaries than gdb, but can also be a lot of information to dig through. A brief tutorial on objdump can be found at http://www.thegeekstuff.com/2012/09/objdump-examples/
The task for this lab is to disassemble the binary and determine what it is doing. You will receive points for properly blocking out the logic of the program, even if you cannot derive an approximation of the original source code.