So, here you go

Right now, the main machine is chewing through a piped tar of hda6 on a high end enterprise firewall. The name is not mentioned because they can get a mite testy about “their” software. Even though, it is in fact Redhat 9. The problem is that in the latest series they disabled root console access. Even from the serial port. Now, if someone can physically connect to the serial port, not allowing root access is not going to save you. But, it can be mighty handy for other uses. Furthermore, what admin is happy about being locked out of any box under their care?

In this case, another linux security expert has written about trying to mount the image under vmware. Ahem, it’s easier than that. Just take out the CF and put it into an old CF usb adapter and load up a finnix cd. Then back it up, map it, and start working. Some very strange scripts in there.

At first, for a superficial analysis, I usually just run a strings command over the binary. This can tell you what parameters are parsed by the binary.

For a more thorough analysis, you should use a disassembler/debugger like IDA Pro. I know it’s a little pricy (web page currently says USD 515.-), but it’s worth the investment. It can disassemble code for practically all platforms and has great features for reverse engineering. Alternativly, there’s also a freeware version, which is a little bit older. For standard binary analysis it should be enough.

Also check out some guides on reverse engineering in general.

HTH. and thanks again for reading!

Thanks and keep up the good work!