Let's have a reverse engineering thread. What is Sup Forums peeking at?
I'm looking into an Android app which uses a highly obfuscated JNI to sign requests.
I recently discovered Capstone/Keystone/Unicorn, a set of three libraries (which has lots of bindings but I use these with Python) with resembling APIs, used for respectively disassembly, assembly and emulation. I already used the first two ones for stuff such as suppressing calculated jumps, and started using the latter for dumping decrypted .data section and intercepting system calls. It's quite a pleasure to work with, you pass the raw code, load addresses, a few hook functions and it goes with running whether platform you are on.
Also, ARM is a great architecture and reading asm is more poignant than books.
I like the four bytes-aligned instructions thing but it's rather common to RISC.
For RE learning, I like root-me.org/ a lot, including the "App - System" and "Cracking" sections (but it is generally great for infosec training). However the wild has also tons of greats things to train on.
Ethan Cruz
Also, what is your favorite x86 instruction? Mine is rdtsc. Catchy name and is mostly used for anti-debug tricks.
Asher Davis
>favourite x86 instruction
Nicholas Brown
Shit nigger
Juan Reed
anyone knows what happened to reverse?
Xavier Cox
Cortana search. Working on neutering the telemetry botnet activity
Kayden Baker
post results
Dylan Wood
Anyone know if the Playstore has a bounty program for malicious apps?
Brandon Cook
Are you going to try to document the APIs used or are you doing higher-level research?
Dominic Ross
How do you even get into this field? This sounds like the coolest job in the world, but entry-level positions don't exist.
>What You Will Be Doing
>Multiple positions are available in the following areas: >- Reverse Engineering >- Vulnerability Analysis >- Exploit Development >- Offensive Information Operations/Information Warfare >- Mobile Device Hacking
>What You Need for this Position
>Experience in the following areas is a strong plus: >- Reverse engineering and general purpose hacking >- IDA Pro, WinDbg, Immunity Debugger or other reverse engineering tools >- Security vulnerability R&D >- Code obfuscation, polymorphism, and anti-debugging techniques >- Malware analysis >- Linux programming in C/C++, Perl, or shell scripts >- Operating system internals >- Device driver development >- Network protocols (DNS, HTTP, IPSec, VoIP) >- Strong C/C++/Python skills >- Mobile Hacking (Android and iOS) >- Assembly-level programming
Logan Fisher
>What You Need for this Position
>Experience in the following areas is a strong plus: >- Reverse engineering and general purpose hacking check >- IDA Pro, WinDbg, Immunity Debugger or other reverse engineering tools check >- Security vulnerability R&D >- Code obfuscation, polymorphism, and anti-debugging techniques check >- Malware analysis check >- Linux programming in C/C++, Perl, or shell scripts >- Operating system internals big check >- Device driver development >- Network protocols (DNS, HTTP, IPSec, VoIP) >- Strong C/C++/Python skills check >- Mobile Hacking (Android and iOS) >- Assembly-level programming check
think i could get the job?
Ryder Bailey
I check each of these too but don't have the next requirements
>• A BS, MS, or PhD in Computer Science, Computer Engineering, or Electrical Engineering. Other majors will be considered for the candidate with the desired skill set.
>• U.S. citizenship along with the ability to obtain a high-level security clearance
Carter Russell
Would they not waive the whole education thing if you could prove you had the skills? Maybe not. I suppose security clearance == gov and they tend to be sticklers about that sort of thing.
Easton King
>Would they not waive the whole education thing if you could prove you had the skills? probably not unless you had an insider vouch for you. that's just the way the cookie crumbles. culture fit.
Anthony Long
If you were already experienced outside the government, certain government agencies would be willing to skip over the requirement for the degree and high level security clearance (i.e. ignoring previous felonies). I'm not sure about citizenship.
Kevin Torres
Nigger buffet
Zachary Jackson
Ching chong fling flong
Adam Long
Bing bong ping pong
Landon Wood
I'm interested, op, how can I get into re?
And could you link me to the scripts used in your gif? Or at least name them?
Jackson Morris
Not OP. Bottom left is htop, bottom center cmatrix, bottom right either cmus of ncpmwhatever, over the player looks like cava or another visualizer. Upper right is pipes.sh. The rest at the top I dunno but looks like an animated ascii art issue is the one in the middle.
Logan Adams
thanks kind user, but I was acutally looking for the first two at the top :3
Nathaniel Campbell
>I'm interested, op, how can I get into re? General paradigm: dive into whatever software you're curious how it works, for that, Google about the tools you need to disassemble or decompile code, use the tools, read the code, restitute or take notes about what you're curious about (the two large parts), Google more when you don't understand something. If you want wish to have details on a specific activity, you should specify whether you're looking into native code, Java/Flash application, a network protocol, hardware, knowledge needed for binary exploitation...
