[Need-Help] Reversing Windows binary on Linux

Hi everyone, i'm new on HTB and i love this place !

Problem

Yesterday i've tried to solve my first reversing challenge called Tear Or Dear but i don't know how to debug/reverse a win32 binary in Linux.

Question

  • Did you know some software to do this in Linux ? Such as Wine with other tools ?
  • Is it better to make a windows VM for getting things done ?
  • Did you have some cool ressources about reversing win32 binary ?

Many thanks !

Jugulairel

Comments

  • I'm no expert, but I would seriously recommend that you have an windows machine for those. You'll have more powerful tools such as IDA and ILSpy (for .NET), and you'll be able execute the program in debug mode, saving a considerable amount of time of reading spaghetti code. If you insist on doing that on a linux machine you may give radare a try but I think it still isn't as good as IDA for windows applications.

    I know there might be linux alternatives to all of those, but it'll take much less time to set up an windows environment to do just the same thing.

    bianca

  • @jugulaire like @bianca said, you should do this kind of stuff on a Windows box. You could use ollydbg on kali but that is not very stable imo. On Windows you can use Immunitiy Debugger https://www.immunityinc.com/products/debugger/

  • After some research i've finally find THE tools !
    Flare VM is a powershell script that allow you to install every tools you need to reverse malware.
    Let's give a try !

    Jugulairel

  • hey i have downloaded the file Crack This! from reverse field i m new i don't know how to crack the file .... and may be the file affected my laptop. Now i open any files in my laptop it opens the vlc media player and show the images in the files.
    can anyone know how to fix this issue i am just a beginner

  • Basic rules of any RE guys :

    NEVER launch an unkown binary on your machine !
    Use always a VM to isolate yourself from getting pwn !
    Take a snapshot for retrun in clean state if needed !

    Jugulairel

  • Feedback about Flare VM

    This script is the perfect way to RE windows binary ! If you don't have this tools in your toolbox go ahead and get it !

    Jugulairel

  • I haven't idea of Flare VM and I am installing right now. Seems really nice from what I read about it. Thanks guys.

    Arrexel

  • edited February 2018

    For those who would like to use radare2 but find it a bit complicated - there is also cutter:
    https://github.com/radareorg/cutter
    Cutter is a very nice GUI for radare2, it's open source, very easy to use, actively maintained and available for win, linux and mac os.

    game0ver

  • Oh my gosh ! So clean looking GUI !

    Jugulairel

Sign In to comment.