Hellf

Just a bad joke between ELF and Hell 😩

switch @h2g2 - 12 Décembre 2020

switch @swuitch

 

🐳 sentry whale

🖤 python & ELF

 

0xswitch.fr

Why dev Hellf and what is Hellf

  • school 2nd year  project about anti-reverse methods
  • need to modify ELF file programmatically
  • no really nice tool available or not adapted (LIEF, patchelf)
  • to learn how ELF work

a python library ,  from Hellf import *,  to dissect and patch ELF files

 

(x86 and x86-64 for the moment)

TL DR; ELF files

TL DR; ELF files

Program Headers [Phdr]

Describes how data is organized (mapped) in memory

- permissions (RWX), addresses, sizes

- segments

- used by the loader

 $ readelf --segments poc

Section Headers [Shdr]

Describes how data is organized on disk

- .text, .data, .bss, .comment ..

- offset on disk, sizes on disk

- used by the linker and not needed for execution

$ readelf --sections poc

TL DR; ELF files

0x400000

0x401000

0x402000

On file system
On file system

 $ ./poc

Virtual Memory (RAM)

 GDB  : $ vmmap and $ info file and $ xinfo <addr>

Virtual Memory (RAM)

TL DR; Hellf

(! TL DR;) demo

Inspecting

Patching

Unstripping

Going further

github.com/0xswitch/Hellf

github.com/magnussen7/Embuche

 

 

 

 

 

 

 

 

 

 

https://kaitai.io/

https://excalidraw.com/

Hellf

By switch

Made with Slides.com

Hellf

Presentation of my project Hellf about ELF patching in python

  • 540