Useful Tools

Also check out the COMP6447 Lab 0

Syscall Reference

A table of register parameters for Linux system calls.
Useful for crafting shellcode, and for when you are trying to find gadgets for ROP chaining

Binary Ninja

Binary Ninja is a disassembler (like IDA, Radare, Ghidra) that helps you visualise the machine code of executables and libraries.
The free version has a 25 minute time limit, so if you use this you'll just need to restart the app every 25 minutes, or purchase a license.

(Note: Students get 75% off the license - It's still like $80 but hey find a group and chip in or something idk)

There's a Cloud Version of Binary Ninja as well, but I've never tried it before so... let me know how it is if you try it out!

objdump

objdump is a default Linux tool to inspect a binary

Note - By default instructions use the AT&T syntax, I prefer the Intel syntax.
You can use the Intel syntax with the -M intel flag

pwndbg

pwndbg is a plugin for GDB (yes that ugly thing), that makes it less ugly and even somewhat usable!

You get 🌈COLOURS🌈 and additional functions that make it much easier to revese engineer!

pwntools

pwntools is a Python library that contains useful functions to analyse and interact with executables and libraries.
It's especially useful and is crucial (unless you use an alternative) to writing consistent automated exploits - both locally and remotely!

grep + ropper = gropper

A quick function I wrote up to perform grep on the results of ropper

gropper.txt

A past tutor made a tool called ropr which is probably better, but I've never used it.

ASLR Disabler

When it comes to understanding the fundamentals of RE, Address Space Layout Randomisation can be a pain.
There are several ways to turn it off - both permanently and temporarily.

This alias is my preferred way to quickly launch a single program with ASLR turned off

ASLR Disabler

alias aslr="setarch `uname -m` -R"

$> aslr ./myProgram

This program does not have ASLR on yay! 0x8000fa7

pwndocker

pwndocker is a third-party Docker image that contains a bunch of tools that you'll probably want to use!

I personally used pwndocker solely throughout the course, as I didn't want to install heaps of stuff on my main computer.

If you're interested, I've created a script that launches pwndocker and binds the main directory to your current directory.

startPwnDocker.sh

alias banana=/opt/startPwnDocker.sh

$> banana
Launching pwndocker

--------------------
/ctf/work 12:34:56 0
#

pwntools Template Script

template_script.py