Jump to content
Tuts 4 You
nimaarek

How to make a file with a ReverseEngineering

Rate this topic

Recommended Posts

nimaarek

Using Fuzz, I found a vulnerability that was a problem in the file format structure. But because I'm in the test environment I patch the file responsible for checking CRC32 so I can not use exploit outside the test environment.

To fix this, I need to create a file in standard file format But there is no documentation of this file extension The only way I have to do is, of course, I think I'll reverse engineer the program that makes this file and create a new file as an exploit. Is this a logical solution? Do you have a better idea?

Share this post


Link to post
Share on other sites
deepzero

You have to reverse engineer how and from what the file checksum is calculated, and then fix the checksum in your exploit-file, yes.

If you are lucky and need   just the one checksum, you can try to find where it compares  the invalid checksum with the one it expects, and just replace the checksum in your file with that.

Edited by deepzero (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...