Reverse Engineering

Reverse Engineering and CTF Challenge Notes Reverse engineering is the process of understanding how software works without access to its original source code. In security challenges (CTFs), the goal is often to recover hidden data or logic by dissecting a binary. This walkthrough documents my first attempt at such a challenge, focusing on ELF-based reverse engineering and the reasoning process behind each step. 1. Static Analysis Static analysis means inspecting the binary without running it. ...

ELF Format: Sections and Section Header Table In the previous post, we explored Program Headers and Segments - the runtime view of an ELF file. Now we’ll look at Section Headers and Sections - the link-time and debugging view. What Are Sections? Sections are the link-time view of an ELF file. While segments tell the operating system how to load and execute a program, sections organize the file’s contents for: ...

ELF Format: Segments and Program Header Table After understanding the ELF Header, the next critical component is the Program Header Table. This table describes segments - the portions of the file that will be loaded into memory when the program executes. What Are Segments? Segments are the runtime view of an ELF file. While sections (which we’ll cover later) are used during linking and debugging, segments are what the operating system cares about when loading and executing a program. ...

ELF Format: ELF Header What is ELF? ELF (Executable and Linkable Format) is the standard binary format used by Unix-like systems (Linux, BSD, etc.) for: Executable files (a.out, /bin/ls) Object files (.o) Shared libraries (.so) Core dumps It’s a container format that describes: What parts of the file get loaded into memory, Where execution starts, How relocations and dynamic linking are handled. Contains useful information for the debuggers. General Structure of an ELF File An ELF file is organized into several key components that serve different purposes during compilation, linking, and execution. ...