Pentest Tools

Published on February 26th, 2018 📆 | 4848 Views ⚑

0

gef v2018.02 releases: Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers

iSpeech

GEF – GDB Enhanced Features

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development.

It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

Feature

• One single GDB script.
• Entirely OS Agnostic, NO dependencies: GEF is battery-included and is installable in 2 seconds (unlike PwnDBG).
• Fast limiting the number of dependencies and optimizing code to make the commands as fast as possible (unlike PwnDBG).
• Provides more than 50 commands to drastically change your experience in GDB.
• Easily extendable to create other commands by providing more comprehensible layout to GDB Python API.
• Works consistently on both Python2 and Python3.
• Built around an architecture abstraction layer, so all commands work in any GDB-supported architecture such as x86-32/64, ARMv5/6/7, AARCH64, SPARC, MIPS, PowerPC, etc. (unlike PEDA)
• Suited for real-life apps debugging, exploit development, just as much as CTF (unlike PEDAor PwnDBG)

Changelog 2018.02

• Issue #137: [heap] new sub-command: heap set-arena
• Issue #137: [heap] new subcommand chunks : display all allocated chunks
• issue #137: added documentation to `heap set-arena` and `heap chunk`
• issue #137 – added tests for heap set-arena, heap chunks

Installation

# via the install script
$ wget -q -O- https://github.com/hugsy/gef/raw/master/gef.sh | sh

Then just start playing (for local files):

$ gdb -q /path/to/my/bin
gef➤  gef help
Or (for remote debugging):

remote:~ $ gdbserver 0.0.0.0:1234 /path/to/file
Running as PID: 666
And:

local:~ $ gdb -q
gef➤  gef-remote -t your.ip.address:1234 -p 666

# manually
$ wget -O ~/.gdbinit-gef.py -q https://github.com/hugsy/gef/raw/master/gef.py
$ echo source ~/.gdbinit-gef.py >> ~/.gdbinit

Emulating code in GDB via Unicorn-Engine (x86-64)

Displaying ELF information, memory mapping and using Capstone/Keystone integration (ARM v6)

Automatic dereferencing of registers values and identifying binary protections (PowerPC)

Showing current context and heap information (MIPS)

Playing with Capstone engine (SPARC v9)

Copyright (c) 2013-2017 crazy rabbidz

Source: https://github.com/hugsy/gef