Very Computer

I am trying to study a particular function in a shared library,
without source. (I am trying to crack a random number generator.) I tried
using a decompiler(REC). But the decompiler segfaults even before it
reaches my function. So I want to pullout the function from the ELF .so
file and put it into a new file and try my luck.  Any ideas what I can do?
already wasted a lot of time on this.  this is on a x86 machine. rhl 7.3
2.4 kernel.

Sudhakar
http://www.cs.princeton.edu/~sudhakar/

You can often do this:

  gdb /path/to/elf.so
  (gdb) disas function_name

Quote:> So I want to pullout the function from the ELF .so
> file and put it into a new file and try my luck.

I don't think there is an easy way to do that.

Cheers,
--
In order to understand recursion you must first understand recursion.

   > So I want to pullout the function from the ELF .so
   > file and put it into a new file and try my luck.

It should be possible to make a new .so with only that function visible,
which might isolate the function enough to be useful.  It depends on whether
the names of the other functions in the same .so conflict with the rest
of your runtime symbol table.

Do "nm -D foo.so" to see the dynamic runtime global symbols.  Use 'objcopy'
to make a new .so, changing all defined global symbols (other than the
function you want) into 'weak' symbols:

        objcopy -W sym1 -W sym2 -W sym3 ... foo.so bar.so

You might also try "-N sym1" to remove 'sym1' entirely.

Then link with bar.so and let the fun begin.

use objectdump.  with this tool you can determine the start and end address of
your function, and then you can use it to convert the binary code into assembly.
  Of course, if your goal is to simply recompile it into your own library you
will need to do a good bit of work to incorporate it, but using objectdump will
  give you enough insight into the functions mechanics that you can probably
reproduce the c code function by hand.
Hope that helps
Neil

Quote:> I am trying to study a particular function in a shared library,
> without source. (I am trying to crack a random number generator.) I tried
> using a decompiler(REC). But the decompiler segfaults even before it
> reaches my function. So I want to pullout the function from the ELF .so
> file and put it into a new file and try my luck.  Any ideas what I can do?
> already wasted a lot of time on this.  this is on a x86 machine. rhl 7.3
> 2.4 kernel.

> Sudhakar
> http://www.cs.princeton.edu/~sudhakar/

have you tried to use dlopen family functions? I think you can open
the .so library with dlopen, and then find symbol of your function
with dlsym and you will receive a pointer to your function. Now is a
black box ... hard job but ...

Another solution: using objdump (dissasembly option) you can optain
asm code.

I hope this is usefull for you.
DTM