Programming Linux Anti-Reversing Techniques es un libro gratuito de Jacob Baines que muestra al lector cómo programar y analizar las técnicas más conocidas de anti-reversing en Linux. El libro muestra cómo un reverser analiza un binario con herramientas como IDA, Radare2, GDB, readelf y más. El código es presentado al lector listo para que pueda compilarlo y analizarlo por sí mismo.

Tabla de contenidos

    Preface
        Why Read This Book?
        Topics Not Covered
        Prerequisites
        Code and Command Output
    Chapter 1: Introductions
        Introducing “Trouble”
        Using CMake
        The Code
        Compiling
        Executing
        Accessing the Shell
    Chapter 2: Compiler Options
        -g
            Recovering the Bind Shell Password with Hexdump
            Recovering the Bind Shell Password with GDB
            The Debugging Information in IDA
            Removing the Debugging Information
            Case Study: XOR DDOS
        -s
            SYMTAB vs. DYNSYM
            Finding the Bind Shell Password Using .symtab
            Case Study: The FILE Symbol
            Examing Trouble After -s
        -fvisibility
            Looking at FUNC symbols
            Hiding FUNC symbols
        -O
            Corrected Block Tiny Encryption Algorithm (XXTEA)
            -Os
            -O3
            -funroll-loops
        -static
            Resolving Functions at Runtime
            ltrace
            LD_PRELOAD
            Using musl
    Chapter 3: File Format Hacks
        The Strip Utility
        Removing the Section Headers Table
        Little Endian or Big Endian?
        The Sections Are a Lie
            Flipping the Executable Bit
            Lying with .init
            Hiding the Entry Point
        Mixing the Symbols
    Chapter 4: Fighting Off String Analysis
        Code Reorganization
        Stack Strings
        XOR Stack String
        Function Encryption
            Computing the Function’s Size Using a Linker Script
            Decryption Logic
            Encryption Logic
        Creating a Cryptor
            Implementing the Cryptor
            Analyzing the Cryptor
    Chapter 5: Obstructing Code Flow Analysis
        Indirect Function Calls
        Signals
        Early Return
        Jump Over an Invalid Byte
        Jump! Jump!
        Always Follow the Conditional
        Overlapping Instructions
    Chapter 6: Evading the Debugger
        Trace Me
        Trapping the Debugger
        Becoming Attached
        madvise
        prctl
        Detection Before main()
        Computing Function Checksums
    Conclusion: All That We Fall For
    Notes

Proyecto: https://github.com/antire-book