Tag: linux

[Linux] Introduction to Reverse Engineering Linux – The Tools Showcase

Hello all mates,

This is my latest papers, related to Revesing in Linux. This is brief description of tools and utilities which can be used to apply Reversing with Linux.

You can read the article here:

Enjoy and best Regards,



Linux Patching Helper – Source Code download

Hello all mates,

This is my small tool coded in Free Pascal/Lazarus for Linux Platform, that i’ve made a demonstration video before, you can view it here. I planned to make it public long time ago, but due to some issues in code makes it become non-stable. Nothing special, just some dummy lines of code, and now i fixed (a bit) about memory consumption when displaying the result in memobox. Changed from TMemo to TSynMemo and added a timer to avoid the delay. Take a look at this screenshot:

Click on the picture  to view full image

I captured that picture on my Arch KDE desktop, and the project was built using Qt (Created by Lazarus-qt version0. In order to make it working properly, we MUST HAVE binutils installed (which contains objdump – the most important tool)

The source code is a archive of whole my Lazarus Project. Just download the archive, extract and open project in Lazarus, and then compile it. It’s ready to use :). And if you don’t know how to use, just watch my demonstration video (link above).

Link download:


Update: Source code now available at github you can grab the source with bash commands;

 cd ~/
git clone git://github.com/levisre/linux_patching_helper.git

Enjoy and best regards,


Linux ELF File Format – Documentation

This document is not created by me,  I just grabbed it on the internet, and post it here, hope  this will help people in reverse engineering/ researching on *nix System.

ELF: Executable and Linking Format
The Executable and Linking Format was originally developed and published by UNIX System Labora-
tories (USL) as part of the Application Binary Interface (ABI).  The Tool Interface Standards committee
(TIS) has selected the evolving ELF standard as a portable object file format that works on 32-bit Intel
Architecture environments for a variety of operating systems.
The ELF standard is intended to streamline software development by providing developers with a set of
binary interface definitions that extend across multiple operating environments. This should reduce the
number of different interface implementations, thereby reducing the need for recoding and recompiling
About This Document
This document is intended for developers who are creating object or executable files on various 32-bit
environment operating systems.  It is divided into the following three parts:
Part 1, ‘‘Object Files’’ describes the ELF object file format for the three main types of object files.
Part 2, ‘‘Program  Loading and Dynamic Linking’’ describes the object file information and system
actions that create running programs.
Part 3, ‘‘C Library’’ lists the symbols contained in l i b s y s, the standard ANSI  C and l i b c routines,
and the global data symbols required by the l i b c routines.

Download link:



Enjoys and best regards,


Decompyle++ – A great python dissasembler/decompiler


A Python Byte-code Disassembler/Decompiler

Decompyle++ aims to translate compiled Python byte-code back into valid and human-readable Python source code. While other projects have achieved this with varied success, Decompyle++ is unique in that it seeks to support byte-code from any version of Python.

Decompyle++ includes both a byte-code disassembler (pycdas) and a decompiler (pycdc).

As the name implies, Decompyle++ is written in C++. If you wish to contribute, please fork us on github at https://github.com/zrax/pycdc

I’ve tested it in Windows 7 32bit and Arch Linux i686, and works good. It supports from py10 to py34 (according to list of map files in /bytes folder, tried with pyc compiled by py34 but not cecompiled yet, maybe support for py34 should be updated in future)

How to make it run under Linux:
Grab files from git and build it:

git clone git://github.com/zrax/pycdc
cd pycdc

Compiled files are pycdas for Python Disassembler and pycdc for Python decompiler.

pycdas [FILE_NAME]

to disassemble pyc/pyo file

pycdc [FILE_NAME]

to decompile pyc/pyo file

Enjoy and best regards,

[Linux Reversing] Linux Patching helper demostration video

Hello all mates,

I’m currently working on a small project named Linux Patching Helper , created in Pascal/Lazarus using qt, which aims to apply the method i used to crack some sommercial Linux applications (you cand find my RAR patching tutorial here). This tool is based on objdump, and it will dump data + code and then start tracing the code. Still on development and here is a demostration video to show how it works.

The target in this video is a download manager for Linux (comparible to IDM in windows) named FlareGet, but only for testing purposes, therefore cracked version will not be released:

Hope that i can release it soon, because there are some issues with memory management, the tool takes high memory consumption while executing, and i’m trying to fix. But don’t expect too much, because it’s only my hobby, only for fun 🙂




Detect It Easy (DiE) reached version 0.79 with Linux and MacOS Supports

Hello all mates,

Detect it Easy (aka DiE) is a packer indentifier like PEiD or exeinfoPE. Good sign is, now it supports Windows, Linux and MacOS.

Here is the picture captured from my running Linux:

DiE in Linux

Working smoothly and many more features are waiting for you to discover.
Sorry I’m testing it so i can not write a review article now, hope that i can write soon :).

For more Information and downlaod link, please go here:

Goto DiE’s Official Website

Enjoy and Best Regards,

For Rebirth: RAR Patching tutorial for Linux 32 bit

Hello all mates,
Sorry, i was inactive for a long time, due to many issues in real life forced me to stop my favorite works. But now i’m back, and here is my lastest tutorial. Thank for visiting me again. Love you guy so much. I switched to use Linux, and started research about Reverse Engineering in this operating system. Very interesting and i got some useful experiences, so i would like to share my knowledge with people. In this tutorial, i will show you the way to patch a commercial applicaton: rar (a.k.a WinRAR). RAR is the name of winRAR, under Linux system but i prefer to call it as WinRAR :). We will do Reverse Engineering, and also modify some byte to make it work without license. But, please remember, this tutorial ONLY for EDUCATIONAL PURPOSES, so read it with your own risk. I will not take any responsibility if anybody use knowledge in my tutorial for other purposes.
Name: RAR
Platform: Linux
Language: English (sorry about my bad English :D)
Type: PDF
Size: 1.5 MB
Link Download:

Enjoy and best regards,

P/s: I received many replies about dead links (not working links) and data lost of my blog). This is terrible, cause people hard to reach my data. Thank you all to report to me, and i will fix it as soon as possbile.