2-reverse-engineering.org

Reverse engineering

Resources

• Ghidra tutorial pt0
• Ghidra tutorial pt1
• The Ghidra Book
• Intel code table
• OMU training - GCC 2022
• crackmes.one
• Compiler explorer
• Rizin/cutter
• GDB GEF extensions

Basics

Scenarios for RE

• analysing compiled code (e.g. protocols)
• finding vulnerabilities
• exploiting vulnerabilities
• malware analysis
• forensics

Reverse engineering mindset

• software is HUGE, it’s easy to get lost
• RE is about finding the right place – not about understanding everything

Today we cover

• searching for strings
• finding entrypoints
• understanding disassembly
• debugging code

What is Reverse Engineering?

#+[[file:img/2-reverse-engineering_files/image.png

#+

#+

CPU (x86)

• fetch-decode-execute cycle
• instruction set cheatsheet

Function frame

Calling conventions, stack vs registers

Assignments, arithmetics, conditionals, loops etc.

ASLR and the Global Offset Table (GOT) and Procedure Linkage Table (PLT)

• https://ctf101.org/binary-exploitation/what-is-the-got/

RISC (e.g. ARM)

• tutorial: ARM buffer overflow explitation

Stack-based VMs

• e.g. JVM/Java, Python etc.
• bytecode maps more directly to source language
• easier decompilation: Ghidra, Mocha

Register-based VMs

• e.g. .NET/CLR, Dalvik/Java etc.
• infinite number of registers available, unlike real CPUs
• also easy to decompile: dotPeek, JEB

Exercise session:

CS: For pwn.college, optionally do the introduction Dojo to get accustomed with starting the VSCode- and Desktop workspace. With these workspaces you’ll be ready to hack away without having to download Ghidra or setting up VMs. For RE exercises, use Ghidra in the desktop workspace.

• PWN college
• IOLI crackmes
• HackTheBox (requires VIP subscription) Reversing track and Exploitation track

SD: Learning Assembly with OMU