Home Linux Basics How To Analyze ELF Binaries With Binsider In Linux

How To Analyze ELF Binaries With Binsider In Linux

By sk
612 views

Binsider is a command-line tool that makes analysing ELF (Executable and Linkable Format) binaries a breeze. In this blog post, we will explore Binsider's features, its user-friendly interface, and how to use it to analyze ELF binaries effectively in Linux.

What is Binsider?

Binsider is a powerful command-line tool that provides a user-friendly terminal interface for static and dynamic analysis of ELF binaries. It offers features like inspecting strings, examining linked libraries, and performing hexdumps, similar to popular tools like readelf and strace.

Binsider provides a comprehensive dashboard and a hexdump view to analyse binary content in a structured manner. It can also be used to modify the hex data and enter new values, similar to an editor, although it is recommended to back up the binary before making any changes.

Binsider is designed to make it easier for reverse engineers and security researchers to explore and understand ELF binaries.

Why Binsider?

Binsider simplifies the complex world of binary analysis. Here's why security researchers, developers, and anyone working with binaries should consider using it:

  • User-Friendly Interface: Binsider employs a TUI that presents complex information in an easy-to-navigate manner.
  • Static and Dynamic Analysis: Binsider allows for both static examination of binary components and dynamic analysis of a binary's behaviour during execution.
  • Comprehensive Feature Set: From inspecting strings and linked libraries to performing hexdumps and tracing system calls, Binsider offers a wide range of features

Install Binsider in Linux

Installing Binsider is straightforward. Since it is written in Rust programming language, you can install it using cargo package manager. Make sure you have installed Rust:

After installing Rust, run the following command to install binsider using Cargo:

cargo install binsider

Analyze ELF Binaries with Binsider

Once installed, analyse an ELF binary by simply running:

binsider <binary>

You can even launch Binsider without any arguments to analyse the binsider binary itself!

Analyze Binsider Binary itself using Binsider
Analyze Binsider Binary itself using Binsider

Hit the tab key to navigate to the other sections. To quit, press q.

General Analysis

For instance, let us examine the /bin/uname binary using command:

binsider /bin/uname
Analyze ELF Binaries using Binsider
Analyze ELF Binaries using Binsider
  • Upon launching Binsider, you're greeted with general information about the binary, mimicking the output of stat(1) and ldd(1). This includes file details like size, permissions, and linked shared libraries.
  • Binsider allows you to seamlessly transition between analysing the main binary and its linked shared libraries. This feature provides a holistic view of the binary ecosystem.

Static Analysis

Static Analysis of ELF Binary
Static Analysis of ELF Binary
  • Binsider excels at static analysis, providing an in-depth understanding of the ELF structure without running the binary.
  • You can explore various ELF components, including sections, segments, headers, symbols, relocations and notes.
  • Binsider's visual representation of the ELF structure and convenient navigation keys (like n/p for next/previous and h/j/k/l for scrolling) make navigating through these components intuitive.

Dynamic Analysis

Dynamic Analysis of ELF Binary
Dynamic Analysis of ELF Binary
  • Binsider allows for dynamic analysis by executing the binary and tracing its system calls.
  • Similar to strace(1), Binsider provides detailed information about each system call, including the process ID, system call name, arguments, and return value.
  • Binsider offers a summary output of the execution, including time spent, errors, and the number of system calls made, giving you insights into the binary's runtime behaviour.

Strings

Extract Strings from a ELF Binary
Extract Strings from a ELF Binary
  • Binsider can extract strings from the binary, similar to the strings(1) command.
  • This is particularly useful for uncovering hidden information within the binary, like URLs, passwords, or other sensitive data.
  • You can even adjust the length of the extracted strings using the +/- keys or the -n argument.

Hexdump

View Hexdump of a ELF Binary
View Hexdump of a ELF Binary
  • Binsider provides a hexdump view alongside a rich dashboard for analysing the binary's raw content.
  • This feature allows for a granular examination of the binary data and facilitates the identification of patterns.
  • Binsider takes hexdumping a step further by allowing you to modify the hex data and save the changes directly to the binary.

Conclusion

Binsider is a powerful and versatile tool that simplifies the analysis of ELF binaries. Its combination of a user-friendly TUI, comprehensive features, and intuitive navigation makes it an excellent choice for anyone working with binaries.

Whether you're conducting security research, debugging software, or exploring the internals of ELF files, Binsider provides the tools you need in an accessible and efficient package.

Resource:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More