Master the fundamentals of reverse engineering and debugging using command-line tools. Essential skills for analyzing binaries, understanding assembly, and tackling crackme challenges.
Compatibility Note: GDB debugging features may not work on Apple Silicon (M1/M2/M3) due to emulation limitations. Intel/AMD64 systems and static analysis tools work fine on all platforms.
Understand binary structure and assembly using CLI tools
Use objdump, readelf, and strings to analyze binaries
Debug with GDB + GEF to inspect runtime behavior
Use Radare2 for advanced binary analysis
Analyze compiled binaries using command-line tools. objdump disassembles code, readelf shows ELF structure, strings extracts text, and Radare2 provides advanced analysis capabilities.
Step through programs, inspect memory, and modify execution using GDB with GEF. Enhanced debugging with features like stack visualization and register inspection.
Use file, ldd, nm, and other CLI tools to understand binary structure, dependencies, symbols, and identify potential vulnerabilities in compiled programs.
Disassemble binaries
Enhanced debugger
Advanced binary analysis
Extract text from binaries
# Start the Docker container
docker-compose up -d
docker-compose exec sec-env bash
# Navigate to workspace and examine the binary
cd /workspace
file static/example1
strings static/example1
Apple Silicon Limitation: GDB debugging may not work properly on Apple Silicon (M1/M2/M3) devices due to x86_64 emulation limitations. Static analysis tools like objdump, strings, and radare2 will work fine.
# Get file information
file static/example1
# View strings in the binary
strings static/example1
# Disassemble the main function
objdump -d static/example1 | grep -A 20 "<main>:"
# View ELF headers
readelf -h static/example1
# View symbols
nm static/example1
# View shared library dependencies
ldd static/example1
Security Note: Look for calls to unsafe functions like gets or strcpy in the disassembly.
# Start Radare2 analysis
r2 -A static/example1
# In r2, analyze all
aa
# List functions
afl
# Disassemble main function
pdf @main
# View cross-references
axt @main
# Exit r2
qRadare2 provides powerful analysis capabilities including function identification, cross-references, and graph visualization.
# Start GDB with GEF
gdb static/example1
# Set breakpoint at main
(gdb) break main
(gdb) run
# When prompted, enter test input
Enter input: test
# Inspect registers
(gdb) info registers
# View disassembly at current location
(gdb) x/10i $rip
# Step through instructions
(gdb) stepi
# View stack
(gdb) stack
# View memory at stack pointer
(gdb) x/16xb $rsp
# Continue execution
(gdb) continue
# Exit GDB
(gdb) quitGEF enhances GDB with features like colored output, better stack visualization, and exploit development helpers.
Use objdump and strings to identify the password in the binary.
Use GDB to set a breakpoint and inspect the stack when input overflows the buffer.
Use Radare2 to find all function calls and identify the vulnerable function.
Use readelf and nm to understand the binary's structure.
CLI tools like objdump, readelf, and strings provide powerful binary analysis capabilities
GDB with GEF allows runtime analysis of registers, stack, and memory
Radare2 offers advanced features for function analysis and cross-references