Reverse Engineering 2

2 minute read

Reverse Engineering with Cutter

GDB and PEDA are good tools but when we face complex / heavy programs, it’s hard to make an efficient analysis. That’s why today we are going to learn how to use Cutter, a GUI tool built on top of Radare2 This tool is great because it features :

  • a clean and efficient interface
  • a good integration of the Ghidra decompiler (a decompiler deduces the C code from the binary asm instructions). Ghidra was developped and released by the NSA.
  • a built-in debugger

Download the .AppImage for Cutter and run it !

1 - ez-check

The challenge ez-check is pretty simple. Solve it using Cutter and take the time to discover the software and its various functionalities.

2 - impossible

Now we are going to learn how to patch a binary. Patching a binary means changing some instructions to change the behaviour of the program. To patch a binary in Cutter, you have to :

  • open the binary in write mode (the option must be set in the first popup window at the beginning of Cutter).
  • make a right click on the C / asm code and go to Edit -> instruction to rewrite the instruction !
  • then you can launch again your program and see the effect of your changes !

Depending on the size of the program and the impact of your changes, edition can take some time. Be patient !

Start analysing the impossible binary : first understand why it is called impossible, then solve the challenge !

3 - Craft

After all this reverse, you might want to hang out a little bit on this new Minecraft version. The problem is that it is licence protected…

Bypass the protections and start a game !

N.B. : This is actually not Minecraft. The binary you are dealing with is a modified version of Craft, an open source Minecraft clone made in C and OpenGL.

End of Act Two

This second part was meant to introduce you to Cutter and binary patching. If you have any questions or contributions, contact me !