1 00:00:00,490 --> 00:00:08,380 Hello again, before we jump into Heidi, I would like to share with you some other do's commonly used 2 00:00:08,770 --> 00:00:10,240 in reverse engineering. 3 00:00:11,200 --> 00:00:13,120 So the first cease fire. 4 00:00:13,840 --> 00:00:20,730 So now we're in this photo here, so I'm going to have a list to list the contents of the first command 5 00:00:20,820 --> 00:00:21,190 I use. 6 00:00:21,190 --> 00:00:27,190 His fire and fire is used to determine the type of particular fire. 7 00:00:27,640 --> 00:00:33,520 So to use it, you take the command file, followed by the name of the father and you like to analyze 8 00:00:33,820 --> 00:00:34,690 and hit enter. 9 00:00:35,320 --> 00:00:42,400 And then you would tell you whatever it is in this case, you can see it is a 64 bit executable alpha, 10 00:00:42,400 --> 00:00:51,040 which is in binary file executable for Linux, the second command, which we commonly use his strength 11 00:00:51,040 --> 00:00:51,480 command. 12 00:00:52,240 --> 00:00:57,960 So the strength command is used to list all the strings contained within the file. 13 00:00:58,390 --> 00:01:04,690 So to use it, we take the strength command, followed by the name of the fiscella and hit Enter and 14 00:01:04,690 --> 00:01:08,250 you list all the strings that are found within this file. 15 00:01:08,740 --> 00:01:17,380 Sometimes the strings commands, so can list all the key, all the passports and all the keys, even 16 00:01:17,380 --> 00:01:19,120 the flag that you are trying to capture. 17 00:01:19,270 --> 00:01:20,300 You can see it from here. 18 00:01:20,890 --> 00:01:25,370 So that is how Strings Command is so useful sometimes. 19 00:01:25,990 --> 00:01:34,240 And the third command, let me clear the screen first that we normally use is the Hex editor so we can 20 00:01:34,240 --> 00:01:36,640 open the S1 file with the Hex editor. 21 00:01:37,030 --> 00:01:45,640 So the editor for Linux is accessing these and then you open the file in case I tell you to X1. 22 00:01:45,970 --> 00:01:50,930 Then you hit enter and you open the file and show it to you in a Hex editor. 23 00:01:50,950 --> 00:01:52,240 So this is a Hex editor. 24 00:01:53,180 --> 00:02:02,500 He shows you the entire path in two views on the right is your ASCII representation, the text representation 25 00:02:02,500 --> 00:02:04,340 of all the bytes inside the file. 26 00:02:04,900 --> 00:02:11,890 So as you can see here on the left, you have seven F in hexadecimal, which refers to E. 27 00:02:13,500 --> 00:02:22,560 And then next one is for fire, the house for fire refers to hell, followed by the Hecks falsey, which 28 00:02:22,560 --> 00:02:23,610 refers to F. 29 00:02:24,660 --> 00:02:31,860 So this is useful because you can use this to look into the fire cell to see what is contained in the 30 00:02:31,860 --> 00:02:32,220 fire. 31 00:02:33,270 --> 00:02:39,740 So EAF is the header for Linux executable files you see in here in Afghanistan. 32 00:02:40,260 --> 00:02:43,830 Then you know that this is a Linux executable file. 33 00:02:45,150 --> 00:02:50,760 And you scroll down, you can see other things are the strings within it, like, for example, libraries 34 00:02:50,970 --> 00:02:55,820 and very excited and some functions as well can be seen here. 35 00:02:57,480 --> 00:03:01,830 So and here probably is your quote, your instructions. 36 00:03:03,220 --> 00:03:07,210 But to view your instructions like this is quite confusing. 37 00:03:08,910 --> 00:03:16,680 So normally we will use either this assembler so that either can interpret how this hexadecimal code 38 00:03:17,160 --> 00:03:20,600 shinkle into assembly language, easier to view. 39 00:03:21,600 --> 00:03:30,850 So this is how we can use some of the common tools in finding Linux for doing initial analysis. 40 00:03:31,320 --> 00:03:36,160 So in the next lesson, we are going to start off with IDL. 41 00:03:36,660 --> 00:03:38,520 So thank you for watching. 42 00:03:39,660 --> 00:03:40,670 See you in the next one.