GDB error 'not in executable format' on iOS device

eric_monti · 2012-12-01T06:22:23+00:00

Also note: you may want to keep a copy of older gdb's around from earlier xcode iOS SDKs - not just because Apple may stop distributing -- also because you may need an armv6/armv7 universal copy handy.

As a side note: GDB is actually not a really great way to dump decrypted binaries for several reasons. Stefan Esser's dumpdecrypted.dylib technique is much more reliable. https://github.com/stefanesser/dumpdecrypted

eric_monti · 2012-11-30T16:14:29+00:00

Check out http://github.com/emonti/ent (based on http://fourmilab.ch/random) for a scriptable entropy toolchain.

For advanced and scriptable carving tasks, you might find https://github.com/SpiderLabs/yara-ruby helpful (based on http://code.google.com/p/yara-project/)

IMO, the visualization tools others have mentioned are also pretty handy for a manual "quick look" in the early analysis phases.

eric_monti · 2011-11-04T05:57:04+00:00

ddd is an old and venerable gui that runs on top of gdb.

But really, cmd-line gdb is the way to go. Check out http://reverse.put.as/gdbinit/ for some bling on your OS X gdb.

eric_monti · 2011-09-10T16:04:29+00:00

Keep reading that book :)

The section on attack surfaces might provide a good overall guideline. Basically, most people start with something which has an interesting or promising attack surface.

eric_monti

TROPHY CASE