Anyone here into Reverse Engineering?

looks like its on libgen
i'll read through and do the exercises for the first chapter and then probably lose interest like usually
thanks though, i'd like to be able to learn this actually

See my post - after working through that book I ended up getting an internship in college doing more malware RE. It's a good way to get started doing RE and get good at it, but can get boring after a while (unless you're analyzing super high end nation state stuff, you end up seeing the same repetitive patterns in each sample). Perfect for an internship in college though.

Also try this course, it's somewhat based on the Practical Malware Analysis book, but covers some other topics like Windows kernel rootkit analysis and such github.com/rpisec/malware

Reverse engineered encrypted assets in a game once, that was fun.

If your on OSX or Linux, check out Hopper. Nothing beats IDA but it's still fairly usable.

what do you guys think about new radare2 gui? Is it enough to learn basic RE?
github.com/radareorg/cutter

>github.com/radareorg/cutter

Radare has an extremely steep learning curve, and lots of bugs. I'd recommend starting on IDA's free version

It is interesting so you can know how to crack the DRM on software

do people ever use cheatengine for reverse engineering?

user, I appreciate you. I’m stupid too. But I’m glad I’m some way we can be anonymously stupid on this board together. Good luck out there in the world

I think RE, at least when getting into it, is more about persistence and memorization than having some spark of genius

memorization of what?

What instructions do, how to recognize functions, etc... there's a lot of base knowledge you need to acquire, but it's not particularly hard.

youtube.com/watch?v=pzcLTPy8yDQ

How smart do you need to be for that book linked earlier
I'm only halfway through my college education and wouldn't call myself braindead
But I definitely have never even touched this shit before. But it looks interesting.

You should probably know how to write C, and having taken courses in operating systems and computer architecture can help, but honestly I know lots of people who started out learning those topics with the book. It's very exciting stuff, really addicting - if you're motivated to work hard you can crush though.

is x64 dbg any good?

I have not personally used it, I use WinDBG when I'm debugging stuff on Windows - it has a steep learning curve, but it is extremely powerful once you get it down, and is deeply integrated with Windows as MS makes it.

Generally I prefer to do static RE in IDA, and then compliment that with some dynamic analysis in a debugger to check my work

what kind of careers use this?

Malware analysis (and related fields - eg, incident response)
Exploit development
General software security consulting
All kinds of government "cyber" work

I can't even do normal engineering

ghostbin.com/paste/uquxj

the cool kids use gdb

Thank you user
extremely appreciated.

Yea currently working through a crackme series.
Stuck on #4 :/
First one was simple string checking,
second was manipulating a jmp
and 3rd could be solved by a NOP.

It is surely not helping that im starting with r2,
even if i have a hunch about to solve a task i get lost in the tools complexity pretty easily.

yes, cheat engine is actually very useful for your average hobby reversing but it's much much easier to find functions with ida first

It's very usable, but it lacks certain features, like Kernel Mode debugging under Windows, which so far only WinDBG (+ IDA) can do.

I would be, except I'm not about to go drop 2 grand on an IDA license and there doesn't seem to be any good tools that work with x86_64 binaries.

see

Thanks, but I don't pirate stuff. Gonna give Hopper a try. At least their prices are fucking reasonable.

>ghostbin.com/paste/uquxj
Ummm...
virustotal.com/#/file/7a0c4fde8d1d8cbd25426a5d6e098a4870dcc6980e18e600a660de31f5e08e11/detection

im sure its fine :^)

>HackTool.FilePatch
No shit.

Used cheat engine to set my luck stat to 100 in fallout 1, once.

Anyone ever use radare2 or r2. It's a freeware disassembler similar in functionality to host hopper or ida. When I first got into re I was poor so I learned with that.

>sudo apt-get install r2

microcorruption.com

Seconding this. If you're interested in more exploitation stuff also try github.com/rpisec/mbe

REMnux is pretty good for a general purpose FOSS toolset to RE.

I will use x64dbg to RE also. I find that I'm too poor to buy IDA Pro.... Not too poor, but I just cant convince myself to pay for that kind of license.

I'm not a particularly big fan of reversing entropy, no. Though I have decoded some simple internal file formats for modding purposes.

can anyone post resources like these but free

Dude, go find online somewhere Malware Analysts Cookbook

i cant find a good dbg, radare is too buggy, so far only VS studio + GDB, DDD and cgdb kinda work for me

How would I go about reverse engineering a cell phone? Basically so I can control the hardware to do whatever I want

REMnux => remnux.org/

/thread

I'm mostly into kernel VR, rootkits and online game hacking.

Yeah but it's a hassle to work with, get a proper debugger/disassembler

Yes, for most purposes except kernel diving

How do you even hack in multiplayer shit?

I was doing packet editing but servers don’t respond to my brute forces packets unless it’s to send a message to the server for all chat. Or for some random FPS game I was able to brute force packets to take fall damage any time I wanted.

github.com/rpisec/malware
github.com/rpisec/mbe

that depends on where exactly in the chain you edit your packets, whether they're encrypted or not if you're external etc
there might be a server-side sanity check (there almost certainly is, by your description)

Oh nice, VR.... what OS kernel?

mostly NT

also, I prefer the good old way, packet editing can lead to crazy amount of bans when you're trying to figure out what is allowed by server and what isn't

it's fun though

Excellent... fuzzing? manual RE?

a bit of both, I have a dedicated machine for fuzzing working 24/7
currently trying to play with ML to reduce the dimensionality
that's still a hobby, I'm not skilled enough to make it my main job though

Very cool. Yeah, the intersection of ML and fuzzing is interesting. Not necessarily ML related, but the recent HaCRS paper is worth a look - basically combining humans and advanced symbolic execution / fuzzing to create a hybrid system more efficient than either arxiv.org/pdf/1708.02749.pdf

Retard time: you use a disassembler on an exe/etc to get the raw assembly code and then slowly work out what it does? I assume the tools have some way to group shit like OP's pic in order for this not to take a year?

its graph layout mode; x64dbg has that. Go play with that for awhile and you'll learn.

No I'm allergic to assembly

radare2 is free as in freedom

>you use a disassembler on an exe/etc to get the raw assembly code and then slowly work out what it does?
Yes, that's static analysis. There are a lot of tools to make it easier and more convenient (decompiling into pseudocode/C/C++, all sorts of automated guessing etc), but it's generally slower than debugging/emulation. Both ways have their own uses, sometimes one of them is either harder in the particular case, or cannot be used at all.

How do you debug a packed exe?

you have to unpack it first

It has to be unpacked to execute somehow (if you're talking about classic packers like UPX), so you just debug it in place as usual. Packing is more useful against static analysis, you have to unpack it first. There are plenty of anti-tampering measures to implement against debugging though, but what can be executed can also be dumped, debugged/emulated and disassembled with the right amount of knowledge and motivation.

Unless they are relying on certain hardware features to lock it, of course. However, the secure hardware can also be attacked, it's not a black box.

Are their any good resources that document/demonstrate this and RE in general? I somewhat I understand the process, but what do you actually get from an unpacked exe? Assembly files and data blobs or something?

>what do you actually get from an unpacked exe?
After unpacking (removing the protection) you get exactly that: an ordinary unpacked binary, usually exe, sometimes a surrogate of some kind. You can execute or analyze it further after that, without the protection standing in your way. Assembly listing is a result of analysis, not unpacking.

>Are their any good resources that document/demonstrate this and RE in general?
There's a great deal of unpacking tutorials and unpackmes over the net, can't really recommend something specific.

An unpacked binary in memory that you can then interact with, and occassionally dump with something like chimprec. Check out github.com/RPISEC/Malware/blob/master/Lectures/09_Packers_and_Unpacking/09_Packers_and_Unpacking.pdf

the graph view in OP is from Binary Ninja

Anyone use capstone? Opinions?

Capstone is just a disassembly library, it's not useful on it's own, it's got to be integrated with other tools to be useful. I've been impressed with it when I've tried it.

My issue is that yes there are resources but a lot of them will try to explain things to beginners allthewhile assuming they know certain things. like i had a malware resource that mentioned SEC / UEFI without even explaining at all. anyone have absolute ground up resource for reversing? same with assembly like fuck. a lot of infosec stuff seems to be intentionally kept under wraps it's getting pretty annoying because i want to learn it so bad. even malware unicorns RE101 (supposed to be defacto for learning) holds your hand for one second and then rushes you off the cliff.

Honestly thats sort of how a lot of stuff in this field is - there's a lot that you just have to figure out for yourself and keep at it. That said, I found doing the exercises in the Practical Malware Analysis book, and then reading the writeups from the authors to be extremely helpful - I picked up on a lot things from the writeups that I didn't figure out on my own.

In any case, it's going to take a lot of work, keep at it.

From personal experience I've found that writing simple binaries in C and experimenting with GDB is tremendously helpful to understand the basics.

how do you reverse without assembly?

want to get into this desperately not sure where to start, dont even know how to learn about different APIs. got any helplful source?

The absolute ground for reverse engineering is "forward" engineering. You have to be at least vaguely familiar with things you're reversing, and with reasoning behind the design. If it's a kernel, go read a book about its internals and why it's designed like that. If it's userspace, go read a book about linking, compilers, APIs etc. If it's firmware, educate yourself about UEFI or whatever you're reversing. Don't just rely on reverse engineering tutorials and book.

Otherwise, it's just a lot of experimenting and playing around, you can't do anything without this. Just fire up a debugger/disassembler and do something.

sucks but i think ive been interested / trying long enough to know i'll keep at it. also sucks since im on os x pretty much all of the time, it's hard working with it from my experience.

somehow i just dont get it. im decent with simple C code. i understand instructions etc but in gdb i literally dont get it and there are only like 10 tutorials on this. for some reason my gdb doesnt like to give hints, just pure registers.

thanks to you both thought genuinely good and encouraging advice. i cant be a noob forever

Practical Reverse Engineering has a good chapter on the NT Kernel that will set you up on the basics of it, or at least what you need to know to get by doing RE....

Look into conference talks about kernel vulns... Win32K, etc. Any talk by Alex Ionescu is worth watching to learn more about the system design

i use os x (yes i dude same fagging over and over) time to break out the VM i guess because os x internals are a mess and thats once you get 5 year old documentation after hours of searching for it. will watch cool stuff. you might like Xeno Kovah if you dont know btw he's definitely pretty inspiring to me

IIRC if you're on Mac, GDB isn't going to work the same, because it shims out operations to LLDB, which isn't very usable. I recommend getting a 32-bit Linux VM and experimenting with that - you can get VirtualBox, which is free.

As I've recommended several times through this thread, this course is really good -
more offense focused, but it if you can do it, it will also teach you everything you need to know along the way about assembly, etc... but don't get discouraged if it doesn't make sense at first github.com/rpisec/mbe

Yeah Xeno Kovah's work is pretty great... have you checked out his site (opensecuritytraining.info/) - lots of good material on there.

>want to get into this desperately not sure where to start
windows internals by Ionescu is a definitive source on inner workings of the NT kernel. Then there are many books on writing windows drivers which can be immensely helpful in understanding this. After that (and in the process), you can try to poke the kernel with a debugger/disassembler and actually understand what you're looking at. The next step is to learn about typical attacks against kernel hardening mechanisms, like ROP, atombombing, GDI exploitation, ghost hooking, cache timing, various other injection, anti-tampering and rootkit hiding techniques. And trying to implement them against the older/unpatched versions. There's a somewhat old but good book Rootkits: Subverting the Windows Kernel, and plenty of tutorials and conference talks/slides.

yes i made a promise id follow the site on the path of: intro x86 > Trusted Computing > intel VT-x > x86 bios SMM still banging my head at intro to x86. self discipline is a bitch but its no one elses fault but my own no excuses

cool ill try this course apparently course comes with a vm

A couple con talks I've enjoyed... not necessarily good for beginners, but cool research on Win Kernel stuff.

The spam filter stopped me from submitting links, so try Googling:

Bochspwn-Reloaded-Detecting-Kernel-Memory-Disclosure-with-x86-Emulation-and-Taint-Tracking.mp4

recon2017-brx-03-andrea-allievi-richard-johnson-Harnessing-Intel-Processor-Trace-on-Windows-for-fuzzing-and-dynamic-analysis.mp4

REcon 2015 - Reverse Engineering Windows AFD.sys (Steven Vittitoe)

Windows Kernel Fuzzing for Intermediate Learners - Ben Nagy, COSEINC

you guys are amazing this has been a struggle for the past year

In addition to Ionescu's work, Geoff Chappell also writes some good stuff geoffchappell.com/

If anyone reading this looks into the Rootkits book, make sure you buy the first edition, not the second, as the second is really more a sequel and heavily anti-forensics focused. That said, it's pretty outdated so ehn.

Dang et al's Practical Reverse Engineering 3rd chapter is a good crash course in kernel topics for security people without the bloat of knowing everything about what goes on that the Internals books will give you

...

who IDA Pro here

you guys reverse engineering shit or are you all javascript webdev brainlets

Yo... been playing with Lighthouse for fuzzing code cov recently, good stuff, check it out if you use IDA github.com/gaasedelen/lighthouse

I'm amazed no one has linked this yet:

beginners.re/

>1079 pages
Fuck

You say that like it's a bad thing.

A bit daunting is all.

That's fair.
But this is a pretty huge topic. At least it makes for a nice goal.

It is. It's now third on my list. I have to focus on a pen testing book first (for work), but I plan on jumping into re from there. I'll start with Practical Malware Analysis then move to this one