Now where the hack.lu 2014 CTF is over, I can finally publish a small ELF analysis tool fuck up, I found some months ago. I used this ELF analysis tools fuck up in a challenge of the CTF ("the union") because I did not find anything about it on the internet (you can almost say it was a kind of "0 day" to obfuscate stuff in analysis tools).
So a short back story how I came to it. I gave a little talk about ELF basics and some obfuscation with the help of ELF sections at a colloquium. I discussed some ELF stuff with guys there and an idea was raised: "What would happen, if you put two dynamic string tables in there. One manipulated in the section table and the original in the dynamic segment?". And this is what this post is all about.
more here..............http://h4des.org/blog/index.php?/archives/346-ELF-obfuscation-let-analysis-tools-show-wrong-external-symbol-calls.html
So a short back story how I came to it. I gave a little talk about ELF basics and some obfuscation with the help of ELF sections at a colloquium. I discussed some ELF stuff with guys there and an idea was raised: "What would happen, if you put two dynamic string tables in there. One manipulated in the section table and the original in the dynamic segment?". And this is what this post is all about.
more here..............http://h4des.org/blog/index.php?/archives/346-ELF-obfuscation-let-analysis-tools-show-wrong-external-symbol-calls.html