Jump to content
Tuts 4 You

How to make a file with a ReverseEngineering


nimaarek

Recommended Posts

Using Fuzz, I found a vulnerability that was a problem in the file format structure. But because I'm in the test environment I patch the file responsible for checking CRC32 so I can not use exploit outside the test environment.

To fix this, I need to create a file in standard file format But there is no documentation of this file extension The only way I have to do is, of course, I think I'll reverse engineer the program that makes this file and create a new file as an exploit. Is this a logical solution? Do you have a better idea?

Link to comment

You have to reverse engineer how and from what the file checksum is calculated, and then fix the checksum in your exploit-file, yes.

If you are lucky and need   just the one checksum, you can try to find where it compares  the invalid checksum with the one it expects, and just replace the checksum in your file with that.

Edited by deepzero
  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...