Reverse Engineering Rustlang Binaries - A Series
This is a series of notes of my take on understanding how to reverse rustlang binaries.
I’ve been struggling with reverse engineering rustlang binaries for a while in CTF challenges. So I’m starting a reverse engineering series where I reverse engineer several rustlang binariesa and try to understand how they actually work.
- Part One [forgot date] : I tried to understand the basic structure of an empty rustlang binary. This helped me understand some ground rules while reversing a rustlang binary. Like where is the actual main function of rust program stored.
- Part Two [forgot date] : I tried to reverse a basic Hello, World! program. I’m taking slight midifications at a time!
- Part Three [Sun Dec 18 2022] : Tried reversing a program that takes input from user and prints the name with a greeting message. I think I need to explore custom function calls and simple input taking first. I suspect that rust might be using other registers instead of standard linux calling convention registers.
- Part Four [Sun Dec 18 2022] : Tried to understand how printf works and confirmed that
new_display
is actually to place the arguments ofprintln!
where they must be. Also gained some useful insight in how rust stores variables and how it passes them as arguments to be used. - Part Five [Mon Dec 26 2022] : Recently me and my team (zh3r0) played a ctf where we had a rust VM challenge. I struggled a bit but was able to understand exactly how it’s working. Thanks to my previous efforts of trying to understand rust binaries, this time I had enough confidence.
If you find this research work useful in your work, please consider giving attribution or something like that. Also, if you think that you can give some hints to improve this work, please consider contact me through email misra.cxx@gmail.com