This recipe involves writing a Bash script to use the various tools we've learned to perform information gathering and disassembly as part of the static analysis phases of our methodology. Our script starts with the shebang (#!) followed by /bin/bash in order to use Bash to execute the instructions in this script. After the shebang line, we incorporate some comments that communicate the name, author, and date this script was created. Our first block of code is an if statement that looks to see if there were at least two arguments passed to the script, and when there aren't exactly two arguments, echos a message to the screen on how to use this script properly. This is a very crude way of performing this operation, but it will work for our needs. Should the if block not execute, that means the user passed exactly two arguments, and our script passes control and executes the else block.

The first two lines of code in the else block set variables to each of the two expected arguments. The $1 first argument will hold the value for the binary we want to analyze and will store that value into the BINARY variable. The $2 second argument will hold the value of whatever we want to call our output file, and will store this into the OUTPUTFILE variable. Bash is case sensitive, so since we chose to use all capital letters for our variables, we have to make sure to reference them with all capital letters.

A purist may scream at us for using all capital letters for our variables and that's fine. If you choose to use all lowercase, just make sure all references to your variables also use all lowercase letters. The next line of code in step 3 echos the This output created by $USER on $(date). string, and then pipes the output into a file using the tee command. Bash will automatically replace $USER with the username of the account running the script. The $(date) entry will tell Bash to execute the date command, which will output the system date and time using the host's default settings. We could have easily used >> or > instead of using a | with the tee command, but the tee command also outputs to our screen while at the same time writing to a file. In my opinion, this is very handy, especially if you like visual clues that your script is working. Next, we use the echo command piped to tee -a, which appends two blank lines to our output file. If you're unfamiliar with the tee command: the -a argument tells tee to append to a document instead of overwriting it. The rest of the code follows a similar format, where we title the output in the file, skip a line, run a command and pipe its output into the output file, skip two lines, and then repeat this format with the next command. Each subsequent block of code runs file (step 4), strings (step 5), readelf (step 6), and objdump (step 7) in that order while piping all output to our output file.

In step 8, we save our work and exit the text editor program we used to create our script. In step 9, we run the chmod command to make the script executable by supplying the +x argument to chmod. Finally, execute our script to make sure it works without error and then review the output.