In the not too distant future I might need to do some reverse engineering and binary batching on Linux. But to me it looks like there is a paucity of reverse engineering tools on the Linux side, compared to Windows.
Anyone got some recommendations?
Do you mean a decompiler?
nsa uses this
and ida pro
https://www.hex-rays.com/products/ida/
time stamped for game rom and console reverse engineering
2 Likes
Yes and no. I mean a good decompiler would be nice, but seems too much to ask for, and probably unnecessary. I am mostly looking for a combined disassembler + debugger, preferably something with a (pseudo)GUI (ncurses is acceptable). Something like x64dbg on Windows, that works OK with a binary that has no debugging symbols.
I am also open to static analysis tools that can run on such binaries and any tools for patching ELF executables and object files.
You could check out the site https://alternativeto.net/software/ghidra/ for alternative software.
One of the benefits of Linux is you can run a live environment just as easily as a vm, and blow it away when you’re done, or even run a permanent USB image, to play around with,
and a lot of the projects are available with $0 cost, so not expensive to try, even if you go back to Windows, you can often use a lot of the tools.
But work is work, so better sticking with a tool you feel comfortable, so maybe look at some open source projects to do the tasks on the Windows platform?
https://ghidra-sre.org/InstallationGuide.html
ghidra is linux compatible
has src and you can build as well
yeah, it’s built in to Kali, iirc.
was meaning to point out the alternativesto site for OP to find other alternatives to existing tools in OP’s toolchain?
Ghidra runs on Linux?!
facepalm();
BTW, the issue at hand is that a certain piece of commercial software is shipping with MKL statically linked. MKL performance on AMD sucks hard, unless one uses the undocumented env.var. MKL_DEBUG_CPU_TYPE.
Recently I saw reports that the latest MKL update either removed this or disabled it on non-Intel CPUs. If this is true, one day, the newer versions of said software package will end up built with an MKL version that runs like absolute ass on our AMD systems.
So I might need to patch the binary to trick MKL functions into thinking it is running on a Haswell-like system, or at least an Intel CPU.