Use binwalk to find the offset, dd to extract it (usually binwalk also extracts things but my copy was buggy), edit it with gimp, make sure the edited file is same size or smaller than the original one (changing offsets is not something you can do easily), and then use dd to put the changed image back in place. Of course there is no such feature in dd, but it can open files, and read and write things at specific offsets, so if you know what to write where, voila there is your patch.įor example I had this binary that contained some PNG data. It depends on what you mean by "patch the binary".
Linux binary editor Patch#
So not only can we patch things using dd, we've just done it. This patching only allows making the string shorter or the same length, and not longer, but it's adequate for these purposes. The string literal the program prints out has been changed, so it now contains " /tmp\0tmp\0", but the string functions stop as soon as they see the first null byte. This reads data from tmp (our " /tmp\0" file), writing it into our binary, using an output block size of 1 byte, skipping to the offset we found earlier before it writes anything, and explicitly not truncating the file when it's done. Now we can use dd: $ dd if=tmp of=test obs=1 seek=1460 conv=notrunc
So now we have the binary, we know where the string we want to change is, and we have a file with the replacement string in it. Now let's make a temporary file with just " /tmp\0" in it: $ printf "/tmp\x00" > tmp t d prints the offset in decimal into the file of each string it finds. Let's find out where " /usr/tmp" is in the binary: $ strings -t d test | grep /usr/tmp We'll build that into test: $ cc -o test test.c The dd man-page says nothing about patching and a don't think it could be re-purposed to do this anyway.Ĭould binaries really be patched with dd? Is there any historical significance to this? After they found out what happened, the sysadmins did a chmod go-r /bin/* /usr/bin/* which "fixed" the problem, and deleted all our copies of the C compiler. Of course, this just made the problem worse - the disk space occupied by these copies did matter those days, and now /tmp filled up regularly, preventing other users from even editing their files. Many of us copied /usr/bin/cc to /home//cc, and used dd to patch the binary to use /tmp instead of /usr/tmp, which was bigger.
Of course, students weren't supposed to write "large programs" anyway large programs were typically source codes copied from "somewhere". Especially, the /usr/tmp file system was very small, which led to problems when someone tried to compile a large program.
The Unix system I used at school, 30 years ago, was very limited in RAM and Disk space. I have read this quote (below) several times, most recently here, and am continually puzzled at how dd can be used to patch anything let alone a compiler:
0 kommentar(er)
