ELF x86 fake instructions¶

Root-me challenge: Some fakes instructions. Compiled with gcc 4.3.2 on Xubuntu 8.04. Proc : 32bits x86.

ltrace ./crackme password

Resources¶

• The GNU binary utils

• Executable and Linkable Format ELF

• Reverse engineering Linux ELF binaries on the x86 platform

Counter moves¶

Fake instructions try to derail the disassembler. Modern tooling defeats simple anti-disassembly, so it only buys minutes. Seen from the other side, this sits in the blue notes on the application layer as a target.