LAB8
Lab 8: Binary Analysis (Reverse Engineering)
Introduction
In this lab, you will extract the hidden Flag from a binary file. You will use several binary analysis tools that are available on Linux operating systems. Like the static source code analysis, binary analysis is a static analysis technique. However, binary analysis is performed on the compiled code as opposed to static source code analysis. That's why the process of binary analysis is also called reverse engineering.
Binary analysis can be used to analyze malware and software from unknown sources. It can also be integrated into SDLC processes in highly critical environments/projects and can provide inputs to the design and development steps. For example, reverse engineers may be tasked with extracting intellectual property, credentials, shared secrets, and private keys from the compiled binaries. Their findings might change how the developers write the code, how the code is compiled and obfuscated.
Lab Environment
Please download VM from oracle on your computer and run Binary on your
Instructions
Setting Virtual Machine Ready for Binary Analysis
1. Click on the "Binary" on the menu to open the Linux virtual machine to perform binary analysis.
2. Because of the virtual machine’s incompatibility with the Netlab environment, the mouse will not be active. You will use a single Terminal window to complete the steps in this lab. The operating system is ready for the next steps when you see the screen below.
3. If you are using a Windows computer, press ALT-F1, type terminal and hit Enter.
4. Alternatively, you can press ALT-F2, type xterm, and hit Enter.
Terminal has larger fonts and colorful compared to xterm.
Note: For MacBook, press control-command-F1. If your MacBook has a touch bar, press the "fn” key to access F1. Therefore, the key combination will be fn-control-command-F1 (F1 is the softkey). When you see the textbook on the top of the screen, type terminal and hit Enter. Note that you can open different terminal windows by pressing F2, F3, etc., in addition to F1.
Perform Binary Analysis (Reverse Engineering)
1. Navigate to /home/binary/code/chapter5 in Terminal window by typing this cd code/chapter5 and pressing Enter.
2. The following was the reading resource of chapter 5. You should have already reviewed this at the beginning of the week. Perform all of the steps to find the Flag.
3. Note that the part at the end of the chapter is NOT included in this lab (shown below).
This exercise is not included.
4. In the last step of the lab you will need to type the following command in the terminal window to show the flag:
$ GUESSME="Crackers Don't Matter" ./ctf show_me_the_flag
Please follow the steps below to type quote (") and single quote ('):
By default, both characters should be assigned to the same key in your keyboard:
To type a single quote in the Binary Virtual Machine terminal, please press the key shown above once and then press the space key.
In a similar fashion, press the shift key together with the key shown above, and then press the space key to type a double quote.
5. Take the screenshot of the step where you captured the Flag.
Questions
1. Submit the screenshot.
2. Summarize what you’ve done in this lab as if you are explaining it to a non-technical person.
3. Select three Linux commands you used in this lab. Explain why you used each.