Reverse Engineering: Protecting and Breaking the Software (Workshop)
Download as PPTX, PDF2 likes115 views
The document outlines a workshop on reverse engineering, emphasizing practical activities and principles such as comprehension, decomposition, and reconstruction. It discusses common techniques, programming languages, and tools involved in reverse engineering, along with hands-on tasks including disassembly and code modification. The workshop is facilitated by Satria Ady Pradana, a cyber security consultant and coordinator of reversing.id.
Reverse Engineering: Protecting and Breaking the Software (Workshop)
- 1. Reverse Engineering Protecting and Breaking the Software WORKSHOP Satria Ady Pradana https://xathrya.id Reversing.ID Revealing the Truth through Breaking Things
- 2. # Whoami? Cyber Security Consultant at Mitra Integrasi Informatika (MII) Researcher at dracOs Dev Team Coordinator of Reversing.ID Member of Indonesia Honeynet Project
- 3. Overview Engage in practical basic reverse engineering activity Three basic reverse engineering principle. Common reversing technique
- 4. Review the Reversing What, Why, and How?
- 5. The Term Originally used in the context of mechanical engineering Breaks down an existing object or system to its construction and then rebuild it based on new demand. Extracting knowledge or design information from anything man- mad and reproducing it or reproduce anything based on the extracted information.
- 6. Fundamental Principle Comprehension Gain knowledge of basic principle or mechanics of object, the behavior, and knowledge that might related to subject. Decomposition Breaking down the system into its structure and gain insight about inherent structure and properties of the component that make the system. Reconstruction Reform or reconstruct the components based on need.
- 7. Common Practice Resource Modification (Modding) Modify the application resource. Control Flow Bypass Alter program flow, force the execution to takes or jump over the intended action. Code Caving Writing code to specific region of process.
- 8. The Language Various programming language exists with unique and distinctive characteristic. Typically, divided into two classes of programming language: native, interpreted. Native: C, C++, Pascal, Rust, Assembly. Interpreted: Python, Ruby, Java, .NET
- 9. The Executable Format Application has a format. Identify by magic number. Structured and has some sections for data, code, resource, etc. Function might be provided by foreign module (ex: DLL), list of imported function is maintained.
- 12. Common Tools Hex Editor Disassembler Debugger Resource Editor
- 13. Our Tools Radare2 Mono
- 14. Our Target CrackMe.cs Challenge.cs Compile them mcs CrackMe.cs
- 15. Dwelling to the New Language Learning one programming language might speed up learning curve for learning other programming language. The basic programming syntax you need to know: Basic type declaration Control Flow: Decision (if, switch, etc) Loop (for, while, etc) Function The rest is about language charactestic.
- 16. C# Managed code, interpreted Run on top of .NET framework Translated into “bytecode” or some kind of “assembly” The language is called Common Interpreted Language (CIL) The interpreter is called Common Language Runtime (CLR) Very similar to its high level code.
- 17. Operations to Know in “Assembly” Assignment Load/Store data Branching (Jump & Call) Arithmetic Logical Language specific feature
- 18. Hands On: CrackMe in C#
- 19. Task 1: Get Binary Information $ file CrackMe.exe $ rabin2 –I CrackMe.exe
- 20. Task 2: Disassembler and Assembler the Code $ monodis CrackMe.exe --output=CrackMe.cil $ ilasm /exe /output:CrackMe2.exe CrackMe.cil
- 21. Task 3: Modify Resource (String) Disassemble the file Search for header string, such as “Personalize Crackme for Satria” Change to exclusive for you, such as “Personalize Crackme for Ady” Assemble the file
- 22. Task 4: Get the Right Password We are asked for password. Grab it. It is hardcoded so you may need to scroll the code.
- 23. Task 5: Bypass the Jump Something happen, our code is stopped. Jump to the next stage, please. There is a mechanism that checking the condition. See the return value of stage1() and see the required value.
- 24. Task 6: Change Target Function We got the wrong destination, let see if we are able to change it. Currently we are calling a function stage3() while the function we want is stage3_true() Change the code to the respective intention.
- 25. Task 7: Inject Custom Code Mayday! We need code! Write it by yourself. The last stage require specific value assigned to access the function. We can create a function to change this value and call it before calling the function.
- 26. Challenge