SlideShare a Scribd company logo

Reverse code engineering

Download as PPTX, PDF
Krishs Patil
Krishs Patil

presentation for binary code reverse engineering talk in hacking and information security meetup group

1 of 34
Downloaded 11 times
Reverser view to application security Reverse Code Engineering
Speaker Info Krishs Patil Hold master degree in computer application Computer programmer Reverser And hobbyist security researcher
Outline  Introduction  Reversing Process  Tools andTechniques  Reversing in different context (Practice)  Lab demonstration  Defeating Reverse Engineering  Resources
Introduction  “Reverse engineering is the process of extracting the knowledge or design blueprints from anything man- made”.  It is usually conducted to obtain missing knowledge, ideas and design philosophy when such information is unavailable.  In computer science, It is the process of dis- assembling or de-compiling the binary code of computer program for various purpose.  Requires skills and understanding of computer and software development
Introduction Cont… Why reverse engineering… different people do it for different purpose … But, Specifically in the field of Cyber Security… … If you want to be serious security researcher, you must posses skills of reverse code engineering.
Reversing Process Defining scope of reversing…  System Reverse Engineering  Code Reverse Engineering  Data Reverse Engineering  Protocol Reverse Engineering
Reversing Process Cont… Setting up environment…  Setup Isolated environment (VMware,Virtual Box)  System monitoring (SysInternalTools)  Static Analysis  Dynamic Analysis (Debugging/Tracing)
Reversing Process Cont… DisassemblingVs Decompiling…  Native Code – Directly perform operations on CPU (Compiled with C,C++,Delphi)  IntermediateCode – Interpreter drives it to perform operations on CPU (Java byte code, MSIL)
Reversing Process Cont… Program structure… Higher level perspective …  Modules  Data  Control flow Lower level perspective …  Just assembly language!!!
Reversing Process Cont… So what I need to know prior reversing binary code ... Just a computer and brain  would be enough but … … mastering it might take time if you don’t know about  Computer architecture  Programming in Assembly Language and C,C++  Operating System-Platform and HEX numbering
Assembly Language  Lowest level in software  Platform specific (IA-32, IA-64,AMD)  Machine code (OpCode)  Assembly commands  Assembler converts assembly program into machine code that is executable by CPU  Dis-assembler is the program that coverts machine code into textual presentation of assembly commands  Mastering reversing without knowing assembly is almost impossible.
Assembly Language
Assembly Language Registers  Internal memory in processor  IA-32 has eight generic registers (EAX,EBX,ECX,EDX,ESI,EDI,EBP and ESP)  Floating point and debug registers  Special register – EFLAGS for flag management flags  OF, SF, ZF, AF, PF, CF
Assembly Language Basic Instructions  MOV - data copying  LEA – address loading (POINTER)  ADD, SUB, MUL, DIV, IMUL, IDIV – arithmetic  CMP,TEST – comparison  CALL , RET – function call and Return  J** - conditional branching  PUSH/POP - stack management  NOP – do nothing
System Calls  Used as interface between application and operating system.  System calls ask OS to perform specific task  Most operating system are written in “C” language, so providing SYSTEM Calls as “C” api’s - NIX system calls – unistd.h -WINDOWS system calls - windows.h  Studying OS platform and system calls is necessary part of reverse engineering
PE – Portable Executable file
Tools and Techniques  Various tools helps in reverse-engineering the binary code/program.  Compiler is the tool used to convert high level language like C,C++ into machine code.  Assembler is the tool used to convert pseudo-code written specific to processor into machine code.  At reverse Dis-Assembler and De-Compilers help us in reversing the process, recovering the high level code from machine code.  Debuggers are the tools used to debug live running program.  Virtual machines might help in providing protective/isolated environment for analysis.
Tools and Techniques Cont… Broad category of tools are divided into two category. Static AnalysisTools -Tools helps us to analysis program without even running it. -Tools includes Dis-assembler and De-Compilers Dynamic AnalysisTools -Tools in this category helps us dive deep into program by analyzing it while running it. -Tools includes Debuggers, Loaders and System Monitoring tools
Tools and Techniques Cont…  Compilers (VC compiler, GCC compiler suite, .NET framework)  Assemblers (MASM, NASM,TASM, FASM)  Dis-assemblers and Debuggers (IDAPro, OllyDbg, Immunity Debugger,WinDbg)  Hypervisors (VMWareWorkstation/Player,VirtualBox,QUEMU)  System monitoring withSysInternals tools  Hex Editors and Other system utilities
Tools and Techniques Cont…
Tools and Techniques Cont…
Tools and Techniques Cont…
Tools and Techniques Cont…
RCE in various context Time to understand field work!!!  Cracking (Illegal/Un-Ethical)  Malware analysis  Vulnerability analysis (exploit development)  Clean house RE (ChineseWall)  Recovering lost source code (legacy)  Investigating and solving faults cause in released software. (Microsoft global escalation support team)
Cool Huh … Lets play around some practical reversing lab exercise Lets see some cool stuff 
Lab – Cracking for serial.  This is for purely demonstration and educational purpose only.  Anything you do to obtain or provide fake registration key for software is considered cracking and a serious offense.  In lab we are going to study and recover serial key and defeat registration mechanism by various ways.
Defeating RE  Lot of research has been done, many ways to make it harden for reversing process. … But no solution is 100% perfect and secure.
Defeating RE Cont… Software armoring Obfuscation “ deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for human to understand” --Wikipedia
Defeating RE Cont… Some techniques for anti-analysis …  Packers (Compression)  Protectors (Encryption)  Anti-Debugging  Garbage Code and Code Permutation  Anti-Assembly  Hypervisor/Emulator detection
Defeating RE Cont…
Defeating RE Cont… Advanced technologies…  Mutation  CodeVirtualization
Resources  REVERSING – secrets of reverse engineering (By Eldad Eilam)  Microsoft windows internals (By Mark Russinovich and David Solomon)  Reverseme.de – cool reverseme.exe collections  InfoSec Institute Resources. – cool articles on security  NtDebugging blog (Microsoft global escalation support team) - fine gain exposure in windows insides  And finally some good book on x86 assembly tut and reference.
Questions??? Still there anything struggling in your mind.
Hope you enjoyed it. Thank you!!!
Ad

Recommended

Revers engineering
Revers engineeringRevers engineering
Revers engineering
AbdusSalam ALJBRI
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Saswat Padhi
 
resume_v36
resume_v36resume_v36
resume_v36
Zhiqiang Liu
 
Making reverse engineering fun
Making reverse engineering funMaking reverse engineering fun
Making reverse engineering fun
n|u - The Open Security Community
 
Embedded _c_
Embedded _c_Embedded _c_
Embedded _c_
Moorthy Peesapati
 
Standard embedded c
Standard embedded cStandard embedded c
Standard embedded c
Tam Thanh
 
C programming session 14
C programming session 14C programming session 14
C programming session 14
AjayBahoriya
 
Embedded C workshop
Embedded C workshopEmbedded C workshop
Embedded C workshop
Mostafa El-koumy
 
WhitePaperTemplate
WhitePaperTemplateWhitePaperTemplate
WhitePaperTemplate
Jo Marques
 
Embedded c c++ programming fundamentals master
Embedded c c++ programming fundamentals masterEmbedded c c++ programming fundamentals master
Embedded c c++ programming fundamentals master
Hossam Hassan
 
Codescape Debugger 8
Codescape Debugger 8Codescape Debugger 8
Codescape Debugger 8
Damien Ruscoe
 
C Programming For Embedded Systems
C Programming For Embedded SystemsC Programming For Embedded Systems
C Programming For Embedded Systems
Ganesh Samarthyam
 
Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine Code
Teodoro Cipresso
 
Interview Question of Aspdotnet
Interview Question of AspdotnetInterview Question of Aspdotnet
Interview Question of Aspdotnet
MohitKumar1985
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
bh-europe-01-clowes
bh-europe-01-clowesbh-europe-01-clowes
bh-europe-01-clowes
guest3e5046
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
Managed DirectX
Managed DirectXManaged DirectX
Managed DirectX
A. LE
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
linux device driver
linux device driverlinux device driver
linux device driver
Rahul Batra
 
Prasentation Managed DirectX
Prasentation Managed DirectXPrasentation Managed DirectX
Prasentation Managed DirectX
A. LE
 
Shravani_Nerella
Shravani_NerellaShravani_Nerella
Shravani_Nerella
Shravani Nerella
 
Embedded C - Day 1
Embedded C - Day 1Embedded C - Day 1
Embedded C - Day 1
Emertxe Information Technologies Pvt Ltd
 
Source vs object code
Source vs object codeSource vs object code
Source vs object code
Sana Ullah
 
Introduction to Level Zero API for Heterogeneous Programming : NOTES
Introduction to Level Zero API for Heterogeneous Programming : NOTESIntroduction to Level Zero API for Heterogeneous Programming : NOTES
Introduction to Level Zero API for Heterogeneous Programming : NOTES
Subhajit Sahu
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
ysurer
 
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
WE-IT TUTORIALS
 
Hacking with Reverse Engineering and Defense against it
Hacking with Reverse Engineering and Defense against it Hacking with Reverse Engineering and Defense against it
Hacking with Reverse Engineering and Defense against it
Prakashchand Suthar
 
Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse Engineering
Null Bhubaneswar
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 
Ad

More Related Content

What's hot (19)

WhitePaperTemplate
WhitePaperTemplateWhitePaperTemplate
WhitePaperTemplate
Jo Marques
 
Embedded c c++ programming fundamentals master
Embedded c c++ programming fundamentals masterEmbedded c c++ programming fundamentals master
Embedded c c++ programming fundamentals master
Hossam Hassan
 
Codescape Debugger 8
Codescape Debugger 8Codescape Debugger 8
Codescape Debugger 8
Damien Ruscoe
 
C Programming For Embedded Systems
C Programming For Embedded SystemsC Programming For Embedded Systems
C Programming For Embedded Systems
Ganesh Samarthyam
 
Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine Code
Teodoro Cipresso
 
Interview Question of Aspdotnet
Interview Question of AspdotnetInterview Question of Aspdotnet
Interview Question of Aspdotnet
MohitKumar1985
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
bh-europe-01-clowes
bh-europe-01-clowesbh-europe-01-clowes
bh-europe-01-clowes
guest3e5046
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
Managed DirectX
Managed DirectXManaged DirectX
Managed DirectX
A. LE
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
linux device driver
linux device driverlinux device driver
linux device driver
Rahul Batra
 
Prasentation Managed DirectX
Prasentation Managed DirectXPrasentation Managed DirectX
Prasentation Managed DirectX
A. LE
 
Shravani_Nerella
Shravani_NerellaShravani_Nerella
Shravani_Nerella
Shravani Nerella
 
Embedded C - Day 1
Embedded C - Day 1Embedded C - Day 1
Embedded C - Day 1
Emertxe Information Technologies Pvt Ltd
 
Source vs object code
Source vs object codeSource vs object code
Source vs object code
Sana Ullah
 
Introduction to Level Zero API for Heterogeneous Programming : NOTES
Introduction to Level Zero API for Heterogeneous Programming : NOTESIntroduction to Level Zero API for Heterogeneous Programming : NOTES
Introduction to Level Zero API for Heterogeneous Programming : NOTES
Subhajit Sahu
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
ysurer
 
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
WE-IT TUTORIALS
 
WhitePaperTemplate
WhitePaperTemplateWhitePaperTemplate
WhitePaperTemplate
Jo Marques
 
Embedded c c++ programming fundamentals master
Embedded c c++ programming fundamentals masterEmbedded c c++ programming fundamentals master
Embedded c c++ programming fundamentals master
Hossam Hassan
 
Codescape Debugger 8
Codescape Debugger 8Codescape Debugger 8
Codescape Debugger 8
Damien Ruscoe
 
C Programming For Embedded Systems
C Programming For Embedded SystemsC Programming For Embedded Systems
C Programming For Embedded Systems
Ganesh Samarthyam
 
Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine Code
Teodoro Cipresso
 
Interview Question of Aspdotnet
Interview Question of AspdotnetInterview Question of Aspdotnet
Interview Question of Aspdotnet
MohitKumar1985
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
bh-europe-01-clowes
bh-europe-01-clowesbh-europe-01-clowes
bh-europe-01-clowes
guest3e5046
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
Managed DirectX
Managed DirectXManaged DirectX
Managed DirectX
A. LE
 
ctchou-resume
ctchou-resumectchou-resume
ctchou-resume
Ching-Tsun Chou
 
linux device driver
linux device driverlinux device driver
linux device driver
Rahul Batra
 
Prasentation Managed DirectX
Prasentation Managed DirectXPrasentation Managed DirectX
Prasentation Managed DirectX
A. LE
 
Shravani_Nerella
Shravani_NerellaShravani_Nerella
Shravani_Nerella
Shravani Nerella
 
Embedded C - Day 1
Embedded C - Day 1Embedded C - Day 1
Embedded C - Day 1
Emertxe Information Technologies Pvt Ltd
 
Source vs object code
Source vs object codeSource vs object code
Source vs object code
Sana Ullah
 
Introduction to Level Zero API for Heterogeneous Programming : NOTES
Introduction to Level Zero API for Heterogeneous Programming : NOTESIntroduction to Level Zero API for Heterogeneous Programming : NOTES
Introduction to Level Zero API for Heterogeneous Programming : NOTES
Subhajit Sahu
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
ysurer
 
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
Tycs sem 5 asp.net notes unit 1 2 3 4 (2017)
WE-IT TUTORIALS
 

Similar to Reverse code engineering (20)

Hacking with Reverse Engineering and Defense against it
Hacking with Reverse Engineering and Defense against it Hacking with Reverse Engineering and Defense against it
Hacking with Reverse Engineering and Defense against it
Prakashchand Suthar
 
Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse Engineering
Null Bhubaneswar
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
CODE BLUE
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Embedded systems tools & peripherals
Embedded systems tools & peripheralsEmbedded systems tools & peripherals
Embedded systems tools & peripherals
imtiazalijoono
 
T3_Embedded programing_07072022T3_Embedded programing_07072022.pptx
T3_Embedded programing_07072022T3_Embedded programing_07072022.pptxT3_Embedded programing_07072022T3_Embedded programing_07072022.pptx
T3_Embedded programing_07072022T3_Embedded programing_07072022.pptx
HuyTrn352093
 
VB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkVB2013 - Security Research and Development Framework
VB2013 - Security Research and Development Framework
Amr Thabet
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Hicube Infosec
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Benjim Thomas Mathew
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensics
DefconRussia
 
2011.02.18 marco parenzan - case study. conversione di una applicazione for...
2011.02.18 marco parenzan - case study. conversione di una applicazione for...2011.02.18 marco parenzan - case study. conversione di una applicazione for...
2011.02.18 marco parenzan - case study. conversione di una applicazione for...
Marco Parenzan
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to Android
Vlatko Kosturjak
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
Dimitry Snezhkov
 
Software Reverse Engineering in a Security Context
Software Reverse Engineering in a Security ContextSoftware Reverse Engineering in a Security Context
Software Reverse Engineering in a Security Context
Lokendra Rawat
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
PROVAB TECHNOSOFT PVT. LTD.
 
Vxcon 2016
Vxcon 2016Vxcon 2016
Vxcon 2016
Kelvin Chan
 
Reverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the SoftwareReverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the Software
Satria Ady Pradana
 
Resume
ResumeResume
Resume
Anil Kumar
 
Unmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/InvokeUnmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/Invoke
Dmitri Nesteruk
 
Hacking with Reverse Engineering and Defense against it
Hacking with Reverse Engineering and Defense against it Hacking with Reverse Engineering and Defense against it
Hacking with Reverse Engineering and Defense against it
Prakashchand Suthar
 
Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse Engineering
Null Bhubaneswar
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
CODE BLUE
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Embedded systems tools & peripherals
Embedded systems tools & peripheralsEmbedded systems tools & peripherals
Embedded systems tools & peripherals
imtiazalijoono
 
T3_Embedded programing_07072022T3_Embedded programing_07072022.pptx
T3_Embedded programing_07072022T3_Embedded programing_07072022.pptxT3_Embedded programing_07072022T3_Embedded programing_07072022.pptx
T3_Embedded programing_07072022T3_Embedded programing_07072022.pptx
HuyTrn352093
 
VB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkVB2013 - Security Research and Development Framework
VB2013 - Security Research and Development Framework
Amr Thabet
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Hicube Infosec
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Benjim Thomas Mathew
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensics
DefconRussia
 
2011.02.18 marco parenzan - case study. conversione di una applicazione for...
2011.02.18 marco parenzan - case study. conversione di una applicazione for...2011.02.18 marco parenzan - case study. conversione di una applicazione for...
2011.02.18 marco parenzan - case study. conversione di una applicazione for...
Marco Parenzan
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to Android
Vlatko Kosturjak
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
Dimitry Snezhkov
 
Software Reverse Engineering in a Security Context
Software Reverse Engineering in a Security ContextSoftware Reverse Engineering in a Security Context
Software Reverse Engineering in a Security Context
Lokendra Rawat
 
Embedded systems
Embedded systemsEmbedded systems
Embedded systems
PROVAB TECHNOSOFT PVT. LTD.
 
Vxcon 2016
Vxcon 2016Vxcon 2016
Vxcon 2016
Kelvin Chan
 
Reverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the SoftwareReverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the Software
Satria Ady Pradana
 
Resume
ResumeResume
Resume
Anil Kumar
 
Unmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/InvokeUnmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/Invoke
Dmitri Nesteruk
 
Ad

Recently uploaded (20)

Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
The Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdfThe Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdf
drewplanas10
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)
Allon Mureinik
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
The Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdfThe Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdf
drewplanas10
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)
Allon Mureinik
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Ad

Reverse code engineering

  • 1. Reverser view to application security Reverse Code Engineering
  • 2. Speaker Info Krishs Patil Hold master degree in computer application Computer programmer Reverser And hobbyist security researcher
  • 3. Outline  Introduction  Reversing Process  Tools andTechniques  Reversing in different context (Practice)  Lab demonstration  Defeating Reverse Engineering  Resources
  • 4. Introduction  “Reverse engineering is the process of extracting the knowledge or design blueprints from anything man- made”.  It is usually conducted to obtain missing knowledge, ideas and design philosophy when such information is unavailable.  In computer science, It is the process of dis- assembling or de-compiling the binary code of computer program for various purpose.  Requires skills and understanding of computer and software development
  • 5. Introduction Cont… Why reverse engineering… different people do it for different purpose … But, Specifically in the field of Cyber Security… … If you want to be serious security researcher, you must posses skills of reverse code engineering.
  • 6. Reversing Process Defining scope of reversing…  System Reverse Engineering  Code Reverse Engineering  Data Reverse Engineering  Protocol Reverse Engineering
  • 7. Reversing Process Cont… Setting up environment…  Setup Isolated environment (VMware,Virtual Box)  System monitoring (SysInternalTools)  Static Analysis  Dynamic Analysis (Debugging/Tracing)
  • 8. Reversing Process Cont… DisassemblingVs Decompiling…  Native Code – Directly perform operations on CPU (Compiled with C,C++,Delphi)  IntermediateCode – Interpreter drives it to perform operations on CPU (Java byte code, MSIL)
  • 9. Reversing Process Cont… Program structure… Higher level perspective …  Modules  Data  Control flow Lower level perspective …  Just assembly language!!!
  • 10. Reversing Process Cont… So what I need to know prior reversing binary code ... Just a computer and brain  would be enough but … … mastering it might take time if you don’t know about  Computer architecture  Programming in Assembly Language and C,C++  Operating System-Platform and HEX numbering
  • 11. Assembly Language  Lowest level in software  Platform specific (IA-32, IA-64,AMD)  Machine code (OpCode)  Assembly commands  Assembler converts assembly program into machine code that is executable by CPU  Dis-assembler is the program that coverts machine code into textual presentation of assembly commands  Mastering reversing without knowing assembly is almost impossible.
  • 13. Assembly Language Registers  Internal memory in processor  IA-32 has eight generic registers (EAX,EBX,ECX,EDX,ESI,EDI,EBP and ESP)  Floating point and debug registers  Special register – EFLAGS for flag management flags  OF, SF, ZF, AF, PF, CF
  • 14. Assembly Language Basic Instructions  MOV - data copying  LEA – address loading (POINTER)  ADD, SUB, MUL, DIV, IMUL, IDIV – arithmetic  CMP,TEST – comparison  CALL , RET – function call and Return  J** - conditional branching  PUSH/POP - stack management  NOP – do nothing
  • 15. System Calls  Used as interface between application and operating system.  System calls ask OS to perform specific task  Most operating system are written in “C” language, so providing SYSTEM Calls as “C” api’s - NIX system calls – unistd.h -WINDOWS system calls - windows.h  Studying OS platform and system calls is necessary part of reverse engineering
  • 16. PE – Portable Executable file
  • 17. Tools and Techniques  Various tools helps in reverse-engineering the binary code/program.  Compiler is the tool used to convert high level language like C,C++ into machine code.  Assembler is the tool used to convert pseudo-code written specific to processor into machine code.  At reverse Dis-Assembler and De-Compilers help us in reversing the process, recovering the high level code from machine code.  Debuggers are the tools used to debug live running program.  Virtual machines might help in providing protective/isolated environment for analysis.
  • 18. Tools and Techniques Cont… Broad category of tools are divided into two category. Static AnalysisTools -Tools helps us to analysis program without even running it. -Tools includes Dis-assembler and De-Compilers Dynamic AnalysisTools -Tools in this category helps us dive deep into program by analyzing it while running it. -Tools includes Debuggers, Loaders and System Monitoring tools
  • 19. Tools and Techniques Cont…  Compilers (VC compiler, GCC compiler suite, .NET framework)  Assemblers (MASM, NASM,TASM, FASM)  Dis-assemblers and Debuggers (IDAPro, OllyDbg, Immunity Debugger,WinDbg)  Hypervisors (VMWareWorkstation/Player,VirtualBox,QUEMU)  System monitoring withSysInternals tools  Hex Editors and Other system utilities
  • 24. RCE in various context Time to understand field work!!!  Cracking (Illegal/Un-Ethical)  Malware analysis  Vulnerability analysis (exploit development)  Clean house RE (ChineseWall)  Recovering lost source code (legacy)  Investigating and solving faults cause in released software. (Microsoft global escalation support team)
  • 25. Cool Huh … Lets play around some practical reversing lab exercise Lets see some cool stuff 
  • 26. Lab – Cracking for serial.  This is for purely demonstration and educational purpose only.  Anything you do to obtain or provide fake registration key for software is considered cracking and a serious offense.  In lab we are going to study and recover serial key and defeat registration mechanism by various ways.
  • 27. Defeating RE  Lot of research has been done, many ways to make it harden for reversing process. … But no solution is 100% perfect and secure.
  • 28. Defeating RE Cont… Software armoring Obfuscation “ deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for human to understand” --Wikipedia
  • 29. Defeating RE Cont… Some techniques for anti-analysis …  Packers (Compression)  Protectors (Encryption)  Anti-Debugging  Garbage Code and Code Permutation  Anti-Assembly  Hypervisor/Emulator detection
  • 31. Defeating RE Cont… Advanced technologies…  Mutation  CodeVirtualization
  • 32. Resources  REVERSING – secrets of reverse engineering (By Eldad Eilam)  Microsoft windows internals (By Mark Russinovich and David Solomon)  Reverseme.de – cool reverseme.exe collections  InfoSec Institute Resources. – cool articles on security  NtDebugging blog (Microsoft global escalation support team) - fine gain exposure in windows insides  And finally some good book on x86 assembly tut and reference.
  • 33. Questions??? Still there anything struggling in your mind.
  • 34. Hope you enjoyed it. Thank you!!!