There aren’t a whole lot of options when it comes to reverse engineering Linux executables / binaries. Thanks to Chris Rohlf this process is now much easier and flexible. Chris has created a framework called Leaf that aids in the reversing process. His works strictly focuses on Linux ELF format which is equivalent to Windows PE format. Chris gave a talk at Carolina Con 2009 and his talk about the framework was excellent. It was nice to see that one of his main focal points was creating easy to read output. We all know that if your output is crap then you won’t be able to make heads or tails of what the tool is doing.
Now the Leaf framework is still in beta but this project is open source and Chris welcomes more input into the project. The framework only works on the x86 architecture but supports both 32 and 64 bit binaries. The title of this post refers to reverse engineering Linux but the Leaf framework works on both BSD and Solaris as well. Hopefully this framework will get good traction as Chris has built a nice foundation.
2 replies on “Reverse engineering Linux executables”
Chris Rohlf is one sexy manbeast.