Find the answer to your Linux question:
Results 1 to 3 of 3
I want to be able to disassemble a binary file, modify the assembly source, then assemble the modified assembly source back into a modified binary file. Purpose for this is ...
  1. 04-15-2011 #1
    corge
    corge is offline
    Linux Newbie
    Join Date
    Jul 2007
    Posts
    104

    Disassembly in GNU/Linux?

    I want to be able to disassemble a binary file, modify the assembly source, then assemble the modified assembly source back into a modified binary file.

    Purpose for this is pretty much just to play around with the Crackmes (Crackmes.de - Welcome to the longest running and most complete Crackmes web page on the internet.) game.

    Now, disassembly is easy, there are several tools that do it, including the standard objdump with the -d argument.

    However, how would you assemble an assembly source file created with objdump -d? GCC for sure doesn't want to assemble it in that format. What program, script, or arguments to GCC (none that I can think of) can be used to accomplish this?

    If someone also has some good tips for tools in general for Crackmes beyond what is standard in GNU/Linux I'd love to hear about it.
    Reply With Quote Reply With Quote
  2. 04-17-2011 #2
    kohog
    kohog is offline
    Just Joined!
    Join Date
    Nov 2009
    Location
    Sweden
    Posts
    31
    Trying to reassemble a disassembled program is usually not a good idea. It is better to make changes directly to the binary, using a hex editor.
    When cracking a program, you typically want to replace a conditional jump with an unconditional one, or overwrite it with a NOP instruction (0x90).

    The most useful tool is a debugger that lets you set breakpoints on all kinds of interrupts and kernel calls and then trace through the program. The classic debuggers for DOS and Windows are Softice and Winice. There is a Linux clone, called Linice, but it seems to be abandoned. You might get it to work with an old kernel.

    The debugger with the best user interface is however DeGlucker, a freeware program for DOS. It has a window where the memory contents at DS:SI, ES:DI, DS:DX and ES:BX are displayed (that's where the password usually shows up) and there are commands that automatically changes conditional jumps.
    If you are only doing this for fun, it might be more fun to try the DOS crackmes and use DeGlucker.
    Reply With Quote Reply With Quote
  3. 04-17-2011 #3
    Rubberman
    Rubberman is offline
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
    Posts
    8,974
    There is the GNU assembler, which should be installed on your system. It is usually found as /usr/bin/as, so you can try the 'as' command to assemble your program.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...