Reverse Engineering: The Crash Course
Download as PPTX, PDF1 like273 views
This presentation covers the fundamentals and motivations behind reverse engineering, emphasizing its educational purpose while noting legal implications. It explains key practices such as resource modification, control flow bypass, and code caving, as well as essential tools like hex editors, disassemblers, and debuggers. The document highlights the design patterns and programming language considerations involved in reverse engineering processes.
Reverse Engineering: The Crash Course
- 1. Reverse Engineering The Crash Course
- 2. Hi! I am Satria Ady Pradana Community Leader of Reversing.ID xathrya @xathrya Reversing.ID Revealing the Truth through Breaking Things https://xathrya.id
- 3. Disclaimer This presentation is intended for educational purposes only. Reverse engineering of copyrighted material is illegal an might cause you a direct or indirect consequence. We have no responsibility of anything you do after learning this.
- 4. “What do you think of Reverse Engineering?
- 5. Explaining Reversing Originally used in the context of mechanical engineering Breaks down an existing object or system to its construction and then rebuild it based on new demand. Extracting knowledge or design information from anything man- made and reproducing it or reproduce anything based on the extracted information.
- 6. Reversing = Solving Puzzles
- 8. Motivation Interfacing Improve documentation shortcomings Bug Fixing Creation of unlicensed duplicates Repurposing Finding security bugs For fun!
- 9. Common Practice Some popular and commonly used practice or operation
- 10. Resource Modification (Modding) Control Flow Bypass Code Caving
- 11. Resource Modification (Modding) Modify the resource of application Icon Menu Layout Sprite
- 12. Control Flow Bypass Alter program flow Force program to takes (or leaves) intended action. Jump over the protection mechanism
- 13. Code Caving Writing code to specific region of application (or process’ memory) Fast and easy No need for source In conjunction of Function Trampoline.
- 14. Basic Knowledge
- 15. The Language Depend on the target of reversing. Each programming languages might have unique trait or characteristic. Channel in Go Two classes of programming language: native, interpreted.
- 16. Assembly Primitive of Processors operations Complex operation is decomposed to various instructions Constrained by processors’ architecture
- 17. The Executable Format Application has a format. Identify by magic number. Structured and has some sections for data, code, resource, etc. Function might be provided by foreign module (ex: DLL), list of imported function is maintained.
- 20. Design Pattern Software is divided into conceptual module and working together. Repeatable solution to a commonly occurring problem in a software design.
- 21. Common Code Base Library Framework
- 22. Common Tools Breaking the system to fine-grain components
- 23. Hex Editor Disassembler Debugger Resource Editor
- 24. Hex Editor Display the content of file as collection of hex formatted-data and modify part of them. Find pattern and occurrence.
- 26. Disassembler Transform stream of hex bytes to its assembly representation. Resolve data and resource, referred by the code.
- 28. Debugger Test or debug other (target) program Examine program condition at runtime. Modify code or data section. Modify CPU state Alter control flow
- 30. Common Process in Reversing Some popular activity and flow
- 31. Identify Disassembly Decompile if possible Debug Patch
- 32. End of Game.