The Reverse Challenge

Version: Fri May 31 23:41:15 UTC 2002

Table of Contents

1. Summary
2. Answers
Identify and explain the purpose of the binary
Identify and explain the different features of the binary. What are its capabilities?
The binary uses a network data encoding process. Identify the encoding process and develop a decoder for it
Command Packets
Reply Packets
The Decoder
Identify one method of detecting this network traffic using a method that is not just specific to this situation, but other ones as well
Identify and explain any techniques in the binary that protect it from being analyzed or reverse engineered
Identify two tools in the past that have demonstrated similar functionality
What kind of information can be derived about the person who developed this tool? For example, what is their skill level?
What advancements in tools with similar purposes can we expect in the future?
3. Analysis
The Tools
Rpat UNIX Libraries Preprocessor for IDA Pro
Fun with strings
Generating Libc5 signatures for IDA
Working with IDA
Some hints
Socket Functions
Example: Identifying a Libc Function
Example: Identifying a Global Libc Variable
the-binary Disassembly
the-binary IDA Database
the-binary Server
the-binary Traffic Decoder
the-binary Client
4. Honeypot University Security Advisory
honeyp DDoS Tool
5. Costs
6. Timestamps