How To Analyze ELF Binaries With Binsider In Linux

Binsider: A command line tool that simplifies ELF binary file analysis

This article will explore the functionality of Binsider, the user-friendly interface, and how to use it effectively in Linux to analyze ELF binary files.

Catalog

• What is Binsider?
• Why choose Binsider?
• Install Binsider in Linux
• Analyzing ELF binary files using Binsider
  • General Analysis
  • Static Analysis
  • Dynamic Analysis
  • String
  • Hex Dump
• Conclusion

What is Binsider?

Binsider is a powerful command line tool that provides a user-friendly terminal interface for static and dynamic analysis of ELF binary files. It provides features such as checking strings, checking link libraries, and performing hexadecimal dumps, similar to popular tools such as readelf and strace.

Binsider provides a comprehensive dashboard and a hex dump view to analyze binary content in a structured way. It can also be used to modify hexadecimal data and enter new values, similar to the editor, although it is recommended to back up the binary before making any changes.

Binsider is designed to make it easier for reverse engineers and security researchers to explore and understand ELF binary files.

Why choose Binsider?

Binsider simplifies complex binary analysis processes. Here are some security researchers, developers, and anyone who uses binary files should consider using it:

• User-friendly interface: Binsider uses a TUI (text user interface) to present complex information in an easy-to-browse way.
• Static and dynamic analysis: Binsider allows static checks of binary components and dynamic analysis of the behavior of binary files during execution.
• Comprehensive feature set : From checking strings and linking libraries to executing hex dumps and tracking system calls, Binsider offers a wide range of features.

Install Binsider in Linux

Installing Binsider is very simple. Since it is written in the Rust programming language, you can install it using the cargo package manager. Make sure you have Rust installed:

• How to install Rust programming language in Linux

After installing Rust, run the following command to install the binder using Cargo:

cargo install binsider

Analyzing ELF binary files using Binsider

After the installation is complete, just run the following command to analyze the ELF binary:

binsider <binary></binary>

You can even start Binsider without any parameters to analyze the binary file itself!

Press the Tab key to navigate to other sections. To exit, press q.

General Analysis

For example, let's check the /bin/uname binary using the following command:

cargo install binsider

• After starting Binsider you will see general information about the binary file, similar to the outputs of stat(1) and ldd(1). This includes file details such as size, permissions, and a shared library for links.
• Binsider allows you to seamlessly switch between shared libraries that analyze the main binary and its linked ones. This feature provides an overall view of the binary ecosystem.

Static Analysis

• Binsider is good at static analysis and provides in-depth understanding of ELF structure without running binary files.
• You can explore a variety of ELF components including sections, segments, headers, symbols, relocations, and annotations.
• Binsider's intuitive representation of ELF structures and convenient navigation keys (e.g. n/p for the next/previous, h/j/k/l for scrolling) make browsing these components intuitive.

Dynamic Analysis

• Binsider allows dynamic analysis by executing binary files and tracking its system calls.
• Similar to strace(1), Binsider provides detailed information about each system call, including process ID, system call name, parameters, and return value.
• Binsider provides summary output of execution, including time spent, errors and number of system calls made, giving you an in-depth understanding of the runtime behavior of binary files.

String

• Binsider can extract strings from binary files, similar to the strings(1) command.
• This is especially useful for discovering hidden information in binary files, such as URLs, passwords, or other sensitive data.
• You can even adjust the length of the extracted string using the /-key or -n parameter.

Hex Dump

• Binsider provides a hex dump view as well as a rich dashboard for analyzing the original content of a binary file.
• This feature allows fine-grained checks on binary data and helps identify patterns.
• Binsider further improves the hex dump functionality by allowing you to modify hex data and save changes directly to a binary file.

Conclusion

Binsider is a powerful and universal tool that simplifies the analysis of ELF binary files. It combines user-friendly TUI, comprehensive features and intuitive navigation, making it an excellent choice for anyone using binary files.

Whether you are doing security research, debugging software, or exploring the internal structure of ELF files, Binsider provides the tools you need in an easy-to-access and efficient way.

Resources:

• Binsider GitHub Repository

The above is the detailed content of How To Analyze ELF Binaries With Binsider In Linux. For more information, please follow other related articles on the PHP Chinese website!