Thursday, September 3, 2015

ELF binaries, remote debugging and IDA pro

.:: [Problem
Recently I had really hard time reversing and debugging a small crypto application for Linux (an ELF binary). I tried to use Bochs Emulator [1] (together with IDA) which crashed every single time I tried to load the executable. I could not find any tool native for Linux reasonably intuitive and with a built-in pack of useful analyses such as IDApro[2] and OllyDbg[3]. I ended up going Cowboy style by using Objdump, GDB and printed assembly code directly.

Fig 01 - Cowboy Style Reversing
All this headache could be avoided by using the Remote Debugging feature supported by IDA. This post describes some research results on "reversing and debugging ELF binaries using the remote debugging feature of IDA pro".