library fingerprinting
stripped static-linked crackmes have always been a pain for me (i suppose for other reversers as well). there have been attempts to address the problem of a) restoring the stripped symbols in binaries b) identification of function during disassembly.
[ fenris ]
a well known example is the dress utility found in michal zalewski’s project fenris. (new homepage) portage has it but i still haven’t been able to succesfully compile it. see fenris gentoo bugzilla entry.
the idea is simple. create a fingerprint database of a particular (unstripped) ‘library’ and run a comparison of the binary in question against this database, identifying what belongs to whom. (standard library or user supplied crap)
[ flair ]
or fast library acquisition for identification and recognition (4.90 at this time of writing), which is offered as a separate “freebie” for ida pro. for the record, i’m using sys-libs/glibc-2.3.4.20041102-r1 and upon generation of the signature file (for libc), it encountered some a collisions… but other than that, the signature seems ok in the end. you can get the signature file here.
[ others ]
this honeynet reverse challenge entry also employed some symbol generation..
