blau_araujo/pbn
blau_araujo/pbn
3
4
Fork 3
Code Issues 10 Pull requests Projects Releases Packages Wiki Activity Actions

Verificando o mínimo para formar um binário #6

New issue
Open
opened 2025-07-09 12:07:50 -03:00 by NRZCode · 1 comment
NRZCode commented 2025-07-09 12:07:50 -03:00
Copy link

Seguindo a dica do nosso colega Juca, modifiquei o script para apresentar a saída do utilitário file que lê o cabeçalho do arquivo identificando seu tipo.
Com a ajuda do dd, copiamos byte a byte de um binário formando outro binário chamado de minimo até termos uma cópia exata do binário de origem e analisamos as mudanças do tipo de arquivo formado.

bin=/usr/bin/cat
size=$(stat -c %s $bin)
> minimo
for ((n = 0; n <= size; n++)); do
    dd if=$bin of=minimo bs=1 count=1 skip=$n oflag=append conv=notrunc status=none 2>/dev/null
    min=$(file minimo)
    [[ $min != $prev ]] && echo "$n bytes: $min"
    prev=$min
done

Obtendo a saída

0 bytes: minimo: very short file (no magic)
1 bytes: minimo: International EBCDIC text, with no line terminators
3 bytes: minimo: ELF
4 bytes: minimo: ELF 64-bit
5 bytes: minimo: ELF 64-bit LSB
7 bytes: minimo: ELF 64-bit LSB (SYSV)
17 bytes: minimo: ELF 64-bit LSB shared object, (SYSV)
19 bytes: minimo: ELF 64-bit LSB shared object, x86-64, (SYSV)
23 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)
64 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 64, missing section headers at 47528
119 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 120, missing section headers at 47528
175 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 176, missing section headers at 47528
231 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 232, missing section headers at 47528
287 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 288, missing section headers at 47528
343 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 344, missing section headers at 47528
399 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 400, missing section headers at 47528
455 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 456, missing section headers at 47528
511 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 512, missing section headers at 47528
567 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 568, missing section headers at 47528
623 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 624, missing section headers at 47528
679 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 680, missing section headers at 47528
735 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 736, missing section headers at 47528
791 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 792, missing section headers at 47528
847 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, missing section headers at 47528
916 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, missing section headers at 47528
917 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /, missing section headers at 47528
918 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /l, missing section headers at 47528
919 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /li, missing section headers at 47528
920 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib, missing section headers at 47528
921 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib6, missing section headers at 47528
922 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64, missing section headers at 47528
923 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/, missing section headers at 47528
924 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, missing section headers at 47528
925 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld, missing section headers at 47528
926 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-, missing section headers at 47528
927 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-l, missing section headers at 47528
928 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-li, missing section headers at 47528
929 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-lin, missing section headers at 47528
930 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linu, missing section headers at 47528
931 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux, missing section headers at 47528
932 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-, missing section headers at 47528
933 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x, missing section headers at 47528
934 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x8, missing section headers at 47528
935 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86, missing section headers at 47528
936 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-, missing section headers at 47528
937 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-6, missing section headers at 47528
938 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64, missing section headers at 47528
939 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64., missing section headers at 47528
940 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.s, missing section headers at 47528
941 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so, missing section headers at 47528
942 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so., missing section headers at 47528
943 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, missing section headers at 47528
44343 bytes: minimo: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, missing section headers at 47528
47591 bytes: minimo: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8ff77e5585da488ded426fe771ceaae234703a9a, for GNU/Linux 3.2.0, stripped
47592 bytes: minimo: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8ff77e5585da488ded426fe771ceaae234703a9a, for GNU/Linux 3.2.0, stripped

real    6m11,216s
user    2m2,611s
sys     4m15,496s
Seguindo a dica do nosso colega Juca, modifiquei o script para apresentar a saída do utilitário file que lê o cabeçalho do arquivo identificando seu tipo. Com a ajuda do dd, copiamos byte a byte de um binário formando outro binário chamado de minimo até termos uma cópia exata do binário de origem e analisamos as mudanças do tipo de arquivo formado. ```bash bin=/usr/bin/cat size=$(stat -c %s $bin) > minimo for ((n = 0; n <= size; n++)); do dd if=$bin of=minimo bs=1 count=1 skip=$n oflag=append conv=notrunc status=none 2>/dev/null min=$(file minimo) [[ $min != $prev ]] && echo "$n bytes: $min" prev=$min done ``` Obtendo a saída ```text 0 bytes: minimo: very short file (no magic) 1 bytes: minimo: International EBCDIC text, with no line terminators 3 bytes: minimo: ELF 4 bytes: minimo: ELF 64-bit 5 bytes: minimo: ELF 64-bit LSB 7 bytes: minimo: ELF 64-bit LSB (SYSV) 17 bytes: minimo: ELF 64-bit LSB shared object, (SYSV) 19 bytes: minimo: ELF 64-bit LSB shared object, x86-64, (SYSV) 23 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV) 64 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 64, missing section headers at 47528 119 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 120, missing section headers at 47528 175 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 176, missing section headers at 47528 231 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 232, missing section headers at 47528 287 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 288, missing section headers at 47528 343 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 344, missing section headers at 47528 399 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 400, missing section headers at 47528 455 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 456, missing section headers at 47528 511 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 512, missing section headers at 47528 567 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 568, missing section headers at 47528 623 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 624, missing section headers at 47528 679 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 680, missing section headers at 47528 735 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 736, missing section headers at 47528 791 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 792, missing section headers at 47528 847 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, missing section headers at 47528 916 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, missing section headers at 47528 917 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /, missing section headers at 47528 918 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /l, missing section headers at 47528 919 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /li, missing section headers at 47528 920 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib, missing section headers at 47528 921 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib6, missing section headers at 47528 922 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64, missing section headers at 47528 923 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/, missing section headers at 47528 924 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, missing section headers at 47528 925 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld, missing section headers at 47528 926 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-, missing section headers at 47528 927 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-l, missing section headers at 47528 928 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-li, missing section headers at 47528 929 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-lin, missing section headers at 47528 930 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linu, missing section headers at 47528 931 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux, missing section headers at 47528 932 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-, missing section headers at 47528 933 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x, missing section headers at 47528 934 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x8, missing section headers at 47528 935 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86, missing section headers at 47528 936 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-, missing section headers at 47528 937 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-6, missing section headers at 47528 938 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64, missing section headers at 47528 939 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64., missing section headers at 47528 940 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.s, missing section headers at 47528 941 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so, missing section headers at 47528 942 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so., missing section headers at 47528 943 bytes: minimo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, missing section headers at 47528 44343 bytes: minimo: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, missing section headers at 47528 47591 bytes: minimo: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8ff77e5585da488ded426fe771ceaae234703a9a, for GNU/Linux 3.2.0, stripped 47592 bytes: minimo: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8ff77e5585da488ded426fe771ceaae234703a9a, for GNU/Linux 3.2.0, stripped real 6m11,216s user 2m2,611s sys 4m15,496s ```
NRZCode commented 2025-07-09 12:10:53 -03:00
Author
Copy link

dd if=$bin of=minimo bs=1 count=1 skip=$n oflag=append conv=notrunc status=none

O lance do dd aqui é que ele copia o próximo byte lido para o final do arquivo de destino, não o reescrevendo totalmente a cada iteração do laço.

> dd if=$bin of=minimo bs=1 count=1 skip=$n oflag=append conv=notrunc status=none O lance do dd aqui é que ele copia o próximo byte lido para o final do arquivo de destino, não o reescrevendo totalmente a cada iteração do laço.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: blau_araujo/pbn#6
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?