
Bird's-eye view of flow control graph from IDAfree
Got an ELF-32 (woohoo! working in Linux for a bit) called odd8. It draws a cat and then says illegal instruction.
Opened it up in IDA and got:
The graph is too big (more than 1000 nodes) to be displayed on the screen.
Switching to text mode.
(you can change this limit in the graph options dialog)
Dang. Got an illegal instruction right at the start when I ran the code in IDA too.
strace -e ./odd8
strace: invalid system call './odd8'
No joy there. Tried outputting to a file to review what was written, but couldn't do it. 0 bytes after illegal instruction.
Try copying the screen data to a file.
I ran strings odd8 -n 9 and found this of interest: repsych.asm
Searched for repsych.asm and found:
https://github.com/xoreaxeaxeax/REpsych
It's a code obfuscator described as:
The REpsych toolset is a proof-of-concept illustrating the generation of images through a program's control flow graph (CFG).
The process used to generate the proper control flow is outlined in the DEF CON presentation.
Although there is no specific point to the project (other than to show that it can be done), possible (non-serious) applications are outlined in the presentation.
The program works reliably with all tested versions of the IDA Pro reverse engineering tool, and semi-reliably with other CFG viewers (Hopper, BinNavi, radare2, etc).
After reading a bit, it looks like I need to open the file in IDA and raise my limit on the graph nodes to display a picture. I did that and looked at a graph view.
It just took some time to make out that it says PAN{Planet_Earth_iZ_blue_N_theres_nothing_U_can_do}