Loading
Reverse Engineering Malware on Linux with IDA Pro
The brief method. If I get good response to this post, I will put up a more detailed and in-depth look at malware reversing on Linux.
Steps:
* Download IDA Pro (freeware)
* Install wine
* Install IDA Pro
* Start reversing
Download IDA Pro (freeware):
$ cd /tmp
$ wget http://85.17.201.4/files/idafree49.exe
Install wine:
$ sudo aptitude install wine
Install IDA Pro:
$ wine /tmp/idafree49.exe
Start reversing:
$ wine "~/.wine/drive_c/Program Files/IDA Free/idag.exe"
-> Now open the malware binary and select the option for ELF executables
This post is a stub for a future longer version if anyone shows interest. I don't even know how many Linux Journal readers actually reverse malware on Linux...
______________________
Kristian Erik Hermansen is a Linux Journal Reader Advisory Panelist. Track Me.
- Fun with ethtool
- Parallel Programming with NVIDIA CUDA
- Readers' Choice Awards 2011
- 100% disappointed with the decision to go all digital.
- Linux-Based X Terminals with XDMCP
- Validate an E-Mail Address with PHP, the Right Way
- You Need A Budget
- The Linux powered LAN Gaming House
- Why Python?
- Python for Android
- Employment Posters
3 hours 45 min ago - Sure the best distro is
5 hours 5 min ago - BeOS was the best
7 hours 48 min ago - I use Wireshark on a daily
12 hours 19 min ago - buena información
17 hours 26 min ago - One important "bucket" that I didn't note (désolé si qqun deja d
18 hours 26 min ago - Gnome3 is such a POS. No one
1 day 3 hours ago - Gnome 3 is the biggest POS
1 day 4 hours ago - I didn't knew this thing by
1 day 10 hours ago - Author's reply
1 day 13 hours ago
Comments
+1
I need to see more!
I need it too!
Count me in.
I want to see a more
I want to see a more detailed and in-depth look at malware reversing on Linux too!
Thanks in advance!
Count me in(terested)
I am definitely interested in the in-depth version!
~EdT.
the linux part is irrelevant
Reverse engineering malware with IDA is the same regardless of which platform you use, especially if you are using WINE and IDA v4.9 free. There is a linux native version of IDA, except that it is commercial only.
Either way, you are still going to need a virtualbox/vmware/etc virtualization image of Windows XP SP2 or newer in order to effectively unpack most malware using a debugger.
I dont see why you think a
I dont see why you think a windows installation is necessary to unpack linux ELF obfuscated binaries :-)
Kristian Erik Hermansen is a Linux Journal Reader Advisory Panelist. Track Me.