Reverse Engineering: The Crash Course

Jan 19, 2018Download as PPTX, PDF1 like265 views

Satria Ady Pradana

Presentation for Roadshow of Cyber Security Marathon 2018 Universitas Trilogi Jakarta, 2018-01-13

Hi!
I am Satria Ady Pradana
Community Leader
of
Reversing.ID
xathrya
@xathrya
Reversing.ID
Revealing the Truth through Breaking Things
https://xathrya.id

Disclaimer
 This presentation is intended for educational purposes only.
 Reverse engineering of copyrighted material is illegal an might
cause you a direct or indirect consequence. We have no
responsibility of anything you do after learning this.

“What do you think of
Reverse Engineering?

Explaining Reversing
 Originally used in the context of mechanical engineering
 Breaks down an existing object or system to its construction
and then rebuild it based on new demand.
 Extracting knowledge or design information from anything man-
made and reproducing it or reproduce anything based on the
extracted information.

Motivation
 Interfacing
 Improve documentation shortcomings
 Bug Fixing
 Creation of unlicensed duplicates
 Repurposing
 Finding security bugs
 For fun!

Common Practice
Some popular and commonly used practice or operation

 Resource Modification (Modding)
 Control Flow Bypass
 Code Caving

Resource Modification (Modding)
 Modify the resource of application
 Icon
 Menu
 Layout
 Sprite

Control Flow Bypass
 Alter program flow
 Force program to takes (or leaves) intended action.
 Jump over the protection mechanism

Code Caving
 Writing code to specific region of application (or process’
memory)
 Fast and easy
 No need for source
 In conjunction of Function Trampoline.

The Language
 Depend on the target of reversing.
 Each programming languages might have unique trait or
characteristic.
 Channel in Go
 Two classes of programming language: native, interpreted.

 Assembly
 Primitive of Processors operations
 Complex operation is decomposed to various instructions
 Constrained by processors’ architecture

The Executable Format
 Application has a format.
 Identify by magic number.
 Structured and has some sections for data, code, resource, etc.
 Function might be provided by foreign module (ex: DLL), list of
imported function is maintained.

Design Pattern
 Software is divided into conceptual module and working
together.
 Repeatable solution to a commonly occurring problem in a
software design.

Common Tools
Breaking the system to fine-grain components

 Hex Editor
 Disassembler
 Debugger
 Resource Editor

Hex Editor
 Display the content of file as collection of hex formatted-data and modify
part of them.
 Find pattern and occurrence.

Disassembler
 Transform stream of hex bytes to its assembly representation.
 Resolve data and resource, referred by the code.

Debugger
 Test or debug other (target) program
 Examine program condition at runtime.
 Modify code or data section.
 Modify CPU state
 Alter control flow

Common Process in Reversing
Some popular activity and flow

 Identify
 Disassembly
 Decompile if possible
 Debug
 Patch

Software Reverse Engineering in a Security Context (ncrisc 2018) this research paper was proposed in university event and it's targeted audience was junior students and anyone who doesn't have a clue on reverse engineering , also useful for developers because this will help them to understand execution of their developed applications on low level and malicious person able to exploit their applications

SdlcProgram in Interdisciplinary Computing

Software Reverse Engineering in a Security Context (ncrisc 2018)Lokendra Rawat

Backend engineer journeyChristoforus Surjoputro

This document provides an overview of what a backend engineer is and the key skills required for the role. It defines a backend engineer as a software engineer who applies principles of software engineering to design, develop, maintain, test and evaluate server-side software. The document outlines important backend-related skills like backend programming languages, databases, algorithms and data structures. It also lists some non-backend skills such as version control, workflow and effective communication.

Reverse Engineering - Protecting and Breaking the SoftwareSatria Ady Pradana

Reverse Engineering: Protecting and Breaking the SoftwareSatria Ady Pradana

(Workshop) Reverse Engineering - Protecting and Breaking the SoftwareSatria Ady Pradana

The document discusses reverse engineering principles and techniques. It introduces reverse engineering as breaking down an existing system to understand its construction and components. The three fundamental principles are comprehension, decomposition, and reconstruction. Common reverse engineering practices are described like resource modification, control flow bypass, and code caving. Hands-on examples are provided using a CrackMe program in C# to demonstrate reverse engineering a .NET binary, including modifying strings, bypassing checks, changing function targets, and injecting custom code.

Reverse Engineering: Protecting and Breaking the Software (Workshop)Satria Ady Pradana

Reengineering including reverse & forward EngineeringMuhammad Chaudhry

The document discusses forward engineering and reverse engineering. Reverse engineering involves extracting design information from source code through activities like data and processing analysis. This helps understand the internal structure and functionality. Forward engineering applies modern principles to redevelop existing applications, extending their capabilities. It may involve migrating applications to new architectures like client-server or object-oriented models. Reverse engineering provides critical information for both maintenance and reengineering existing software.

Building Large Scale PHP Web Applications with Laravel 4Darwin Biler

Software ReengineeringDeniz Kılınç

Reengineering involves improving existing software or business processes by making them more efficient, effective and adaptable to current business needs. It is an iterative process that involves reverse engineering the existing system, redesigning problematic areas, and forward engineering changes by implementing a redesigned prototype and refining it based on feedback. The goal is to create a system with improved functionality, performance, maintainability and alignment with current business goals and technologies.

Mit104 software engineeringsmumbahelp

My Saminar On PhpArjun Kumawat

06 fse designMohesh Chandran

This document discusses fundamentals of software engineering design. It explains that design creates a representation of software that provides implementation details beyond an analysis model. Four design models are described: data design, architectural design, user interface design, and component-level design. Design principles, concepts like abstraction and patterns are explained. Tools like CASE tools can support design, and evaluation ensures a quality design. A design specification document formally specifies the design.

1. IntroductionAshis Kumar Chanda

The document discusses the goals and challenges of software engineering. It notes that the goals of producing software that is correct, with minimal effort and cost, and in the least time are difficult to fully achieve. Large software involves many people and millions of dollars over many years. Real-life examples like Eclipse have over 1.35 million lines of code and cost over $54 million to develop. The document outlines why software engineering is important to avoid costly failures and ensure efficient development. It also discusses myths and the need for different approaches like formal processes for large software.

reverse(1)ahmad bassiouny

The document discusses reverse engineering and provides three key points: 1. Reverse engineering is the process of analyzing a subject system to understand how it works and create representations at higher levels of abstraction, in order to facilitate tasks like software maintenance and migration. 2. The goals of reverse engineering include recovering lost information and documentation, assisting with maintenance, and enabling software reuse. It allows understanding an existing system without access to the original source code or design documents. 3. Reverse engineering approaches include restructuring, re-documentation, re-engineering, and abstraction recovery. Program understanding is the most important part of reverse engineering, and discovery of abstractions in large complex systems is a key challenge.

Hibernate training at HarshithaTechnologySolutions @ NizampetJayarajus

HTS is a professionally managed IT Software Development and Consulting company offering services in the area of Software Development, Software Integration, Web Solutions, Outsourcing Services, Technical Staff Augmentation. Our business approach models provide our clients the highest quality services at significantly reduced costs. <a />Hibernate</a> Hibernate weekends Training is an Object-Relational Mapping (ORM) solution for JAVA and it raised as an open source persistent framework created by Gavin King in 2001. Hibernate weekends Training is a powerful, high performance Object-Relational Persistence and Query service for any Java Application. Hibernate Training maps Java classes to database tables and from Java data types to SQL data types and relieve the developer from 95% of common data persistence related programming tasks. Hibernate sits between traditional Java objects and database server to handle all the work in persisting those objects based on the appropriate O/R mechanisms and patterns. Checkout for schedules Contact Us: Flat No: 2A, 2B, Livingston Estate, Beside Andhra Bank, NIzampet Main Road, Hyderabad-85. Phone: +91-40-42020378. [email protected]

10 Ways To Improve Your CodeConSanFrancisco123

This document summarizes 10 ways to improve code based on a presentation by Neal Ford. The techniques discussed include composing methods to perform single tasks, test-driven development to design through tests, using static analysis tools to find bugs, avoiding singletons, applying the YAGNI principle to only build what is needed, questioning conventions, embracing polyglot programming, learning Java nuances, enforcing the single level of abstraction principle, and considering "anti-objects" that go against object-oriented design. Questions from the audience are then addressed.

SdlcBilal Aslam

The document discusses various phases of the software development life cycle (SDLC) including analysis, design, coding, and testing. In the analysis phase, it discusses software requirements specifications, business analysts, and their roles in initiating projects, elaborating details, and supporting implementation. The design phase covers use case diagrams, data flow diagrams, sequence diagrams, and class diagrams. It provides examples of how to draw and use each type of diagram. Coding involves programming languages like Java. Testing discusses the JUnit testing framework and Selenium, an open source web testing tool, covering their features and why Selenium is commonly used for automated testing.

SdlcBilal Aslam

IDAPROMatt Vieyra

Simon Brown: Software Architecture as Code at I T.A.K.E. Unconference 2015Mozaic Works

This document discusses software architecture and how it relates to code. It suggests that software architecture should be more accessible to developers and embodied in the code through architecturally evident coding styles. Components can be extracted from code if naming conventions, packaging, and other patterns are used. Both diagrams and code should reflect the architectural abstractions. Software architecture models can be maintained as code to keep them in sync with implementation changes.

10 Ways To Improve Your Code( Neal Ford)guestebde

This document discusses 10 ways to improve programming code through practices like composing methods, test-driven development, static analysis, and questioning assumptions. It encourages techniques like short single-purpose methods, writing tests before code, using tools like FindBugs, avoiding unnecessary complexity, and continually learning language nuances. Examples show refactoring code to follow these practices. Resources are provided on related topics like pair programming and anti-object-oriented design.

Framework engineering JCO 2011YoungSu Son

Framework design involves balancing many considerations, such as: - Managing dependencies between components to allow for flexibility and evolution over time. Techniques like dependency injection and layering help achieve this. - Designing APIs by first writing code samples for key scenarios and defining object models to support these samples to ensure usability. - Treating simplicity as a feature by removing unnecessary requirements and reusing existing concepts where possible.

Malware for Red TeamSatria Ady Pradana

Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana

More Related Content

Similar to Reverse Engineering: The Crash Course (20)

Reverse Engineering - Protecting and Breaking the SoftwareSatria Ady Pradana

Reverse Engineering: Protecting and Breaking the SoftwareSatria Ady Pradana

(Workshop) Reverse Engineering - Protecting and Breaking the SoftwareSatria Ady Pradana

Reverse Engineering: Protecting and Breaking the Software (Workshop)Satria Ady Pradana

Reengineering including reverse & forward EngineeringMuhammad Chaudhry

Building Large Scale PHP Web Applications with Laravel 4Darwin Biler

Software ReengineeringDeniz Kılınç

Mit104 software engineeringsmumbahelp

My Saminar On PhpArjun Kumawat

06 fse designMohesh Chandran

1. IntroductionAshis Kumar Chanda

reverse(1)ahmad bassiouny

Hibernate training at HarshithaTechnologySolutions @ NizampetJayarajus

10 Ways To Improve Your CodeConSanFrancisco123

SdlcBilal Aslam

IDAPROMatt Vieyra

Simon Brown: Software Architecture as Code at I T.A.K.E. Unconference 2015Mozaic Works

10 Ways To Improve Your Code( Neal Ford)guestebde

Framework engineering JCO 2011YoungSu Son

Reverse Engineering - Protecting and Breaking the SoftwareSatria Ady Pradana

Reverse Engineering: Protecting and Breaking the SoftwareSatria Ady Pradana

(Workshop) Reverse Engineering - Protecting and Breaking the SoftwareSatria Ady Pradana

Reverse Engineering: Protecting and Breaking the Software (Workshop)Satria Ady Pradana

Reengineering including reverse & forward EngineeringMuhammad Chaudhry

Building Large Scale PHP Web Applications with Laravel 4Darwin Biler

Software ReengineeringDeniz Kılınç

Mit104 software engineeringsmumbahelp

My Saminar On PhpArjun Kumawat

06 fse designMohesh Chandran

1. IntroductionAshis Kumar Chanda

reverse(1)ahmad bassiouny

Hibernate training at HarshithaTechnologySolutions @ NizampetJayarajus

10 Ways To Improve Your CodeConSanFrancisco123

SdlcBilal Aslam

IDAPROMatt Vieyra

Simon Brown: Software Architecture as Code at I T.A.K.E. Unconference 2015Mozaic Works

10 Ways To Improve Your Code( Neal Ford)guestebde

Framework engineering JCO 2011YoungSu Son

More from Satria Ady Pradana (20)

Malware for Red TeamSatria Ady Pradana

Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana

MITM: Tales of Trust and BetrayalSatria Ady Pradana

Berkarir di Cyber SecuritySatria Ady Pradana

This document discusses cyber security careers in Indonesia. It provides an overview of common cyber security jobs including penetration tester, security engineer, SOC engineer, and forensic investigator. It also outlines the skills needed to work in cyber security, challenges in the field in Indonesia like a lack of professionals, and ways to prepare like building skills through virtual labs, capture the flag challenges, and communities. Daily activities of a penetration tester are also summarized as finding vulnerabilities, creating proof of concepts, writing reports, and presenting results.

IOT Security FUN-damentalSatria Ady Pradana

Python-Assisted Red-Teaming OperationSatria Ady Pradana

IoT Security - Preparing for the WorstSatria Ady Pradana

This document discusses security issues related to the Internet of Things (IoT). It begins with an introduction to IoT, noting the exponential growth in connected devices. It then outlines common threats to IoT systems, including attacks aimed at devices, networks, and cloud infrastructure. Specific examples like the Mirai botnet and attacks on Ukrainian power grids are examined. The presentation concludes with recommendations for improving IoT security, such as understanding system architectures, implementing policies, and regularly monitoring networks.

Silabus Training Reverse EngineeringSatria Ady Pradana

This 5-day course teaches reverse engineering and malware analysis skills. It covers analyzing Windows and Linux binaries to understand program flow and perform static and dynamic analysis. Topics include disassembly, decompilation, debugging, instrumentation, and patching code. The course is intended for reverse engineers, malware analysts, security engineers, incident responders, and security professionals who need to analyze and modify binaries to securely defend against evolving threats.

Practical Security - Modern Day SoftwareSatria Ady Pradana

Modern software applications are complex and connected systems that process, store, and transmit data. This complexity introduces many potential attack vectors if proper security practices are not followed. Common attacks include injection attacks by inserting malicious code into inputs, insecure direct object reference issues that allow unauthorized access to restricted resources, and exposing sensitive information if debugging artifacts or unobfuscated binaries are deployed. To mitigate these risks, developers must filter all inputs, carefully check authorization for resources, and ensure no secrets or development files are included in production deployments.

The Offensive Python: Practical Python for Penetration TestingSatria Ady Pradana

From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana

This document discusses techniques for analyzing and exploiting Android applications. It begins by explaining why security is important given people's growing dependency on digital technology and mobile devices. It then discusses decompiling APK files and using tools like Apktool, Dex2Jar, and decompilers to view an app's code. The document also covers using proxies like Burp Suite and Frida to intercept network traffic and manipulate app behavior at runtime. The goal is usually to obtain sensitive data, bypass restrictions, or modify the app. Examples of scenarios explored include tampering with network requests, bypassing security checks, and decrypting encrypted data.

Android Security: Art of ExploitationSatria Ady Pradana

Bypass Security Checking with FridaSatria Ady Pradana

Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana

Malware comes in many forms and poses increasing threats. The document discusses the basics of how malware works, including propagation techniques to spread, payloads to damage systems, and self-defense mechanisms. It also covers common malware classes like viruses, worms and Trojans. Examples are given of real malware outbreaks like WannaCry and Petya to show how quickly they can spread. Defense strategies include using antivirus software, keeping systems updated, and maintaining backups.

Memory Forensic: Investigating Memory Artefact (Workshop)Satria Ady Pradana

Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana

Another Side of HackingSatria Ady Pradana

Automatic Malware Analysis & RepositorySatria Ady Pradana

Web Security JumpstartSatria Ady Pradana

This document outlines an agenda for a web security workshop. It introduces the presenter, Satria Ady Pradana, and mentions that he will discuss the Dracos Linux penetration testing operating system. The workshop will cover installing and using Dracos Linux in a virtual machine, including configuring the network, installing packages, and using its user interface. Attendees will have the opportunity to try SQL injection, cross-site scripting, and cross-site request forgery attacks on a target website.

DracOs Forensic Flavor - WorkshopSatria Ady Pradana

Malware for Red TeamSatria Ady Pradana

Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana

MITM: Tales of Trust and BetrayalSatria Ady Pradana

Berkarir di Cyber SecuritySatria Ady Pradana

IOT Security FUN-damentalSatria Ady Pradana

Python-Assisted Red-Teaming OperationSatria Ady Pradana

IoT Security - Preparing for the WorstSatria Ady Pradana

Silabus Training Reverse EngineeringSatria Ady Pradana

Practical Security - Modern Day SoftwareSatria Ady Pradana

The Offensive Python: Practical Python for Penetration TestingSatria Ady Pradana

From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana

Android Security: Art of ExploitationSatria Ady Pradana

Bypass Security Checking with FridaSatria Ady Pradana

Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana

Memory Forensic: Investigating Memory Artefact (Workshop)Satria Ady Pradana

Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana

Another Side of HackingSatria Ady Pradana

Automatic Malware Analysis & RepositorySatria Ady Pradana

Web Security JumpstartSatria Ady Pradana

DracOs Forensic Flavor - WorkshopSatria Ady Pradana

Recently uploaded (20)

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Most consumers believe they’re making informed decisions about their personal data—adjusting privacy settings, blocking trackers, and opting out where they can. However, our new research reveals that while awareness is high, taking meaningful action is still lacking. On the corporate side, many organizations report strong policies for managing third-party data and consumer consent yet fall short when it comes to consistency, accountability and transparency. This session will explore the research findings from TrustArc’s Privacy Pulse Survey, examining consumer attitudes toward personal data collection and practical suggestions for corporate practices around purchasing third-party data. Attendees will learn: - Consumer awareness around data brokers and what consumers are doing to limit data collection - How businesses assess third-party vendors and their consent management operations - Where business preparedness needs improvement - What these trends mean for the future of privacy governance and public trust This discussion is essential for privacy, risk, and compliance professionals who want to ground their strategies in current data and prepare for what’s next in the privacy landscape.

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Rusty Waters: Elevating Lakehouses Beyond Sparkcarlyakerly1

Spark is a powerhouse for large datasets, but when it comes to smaller data workloads, its overhead can sometimes slow things down. What if you could achieve high performance and efficiency without the need for Spark? At S&P Global Commodity Insights, having a complete view of global energy and commodities markets enables customers to make data-driven decisions with confidence and create long-term, sustainable value. 🌍 Explore delta-rs + CDC and how these open-source innovations power lightweight, high-performance data applications beyond Spark! 🚀

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

At InData Labs, we have been keeping an ear to the ground, looking out for AI-enabled digital transformation trends coming our way in 2025. Our report will provide a look into the technology landscape of the future, including: -Artificial Intelligence Market Overview -Strategies for AI Adoption in 2025 -Anticipated drivers of AI adoption and transformative technologies -Benefits of AI and Big data for your business -Tips on how to prepare your business for innovation -AI and data privacy: Strategies for securing data privacy in AI models, etc. Download your free copy nowand implement the key findings to improve your business.

How Can I use the AI Hype in my Business Context?Daniel Lehner

𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨? Everyone’s talking about AI but is anyone really using it to create real value? Most companies want to leverage AI. Few know 𝗵𝗼𝘄. ✅ What exactly should you ask to find real AI opportunities? ✅ Which AI techniques actually fit your business? ✅ Is your data even ready for AI? If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Toradex brings robust Linux support to SMARC (Smart Mobility Architecture), ensuring high performance and long-term reliability for embedded applications. Here’s how: • Optimized Torizon OS & Yocto Support – Toradex provides Torizon OS, a Debian-based easy-to-use platform, and Yocto BSPs for customized Linux images on SMARC modules. • Seamless Integration with i.MX 8M Plus and i.MX 95 – Toradex SMARC solutions leverage NXP’s i.MX 8 M Plus and i.MX 95 SoCs, delivering power efficiency and AI-ready performance. • Secure and Reliable – With Secure Boot, over-the-air (OTA) updates, and LTS kernel support, Toradex ensures industrial-grade security and longevity. • Containerized Workflows for AI & IoT – Support for Docker, ROS, and real-time Linux enables scalable AI, ML, and IoT applications. • Strong Ecosystem & Developer Support – Toradex offers comprehensive documentation, developer tools, and dedicated support, accelerating time-to-market. With Toradex’s Linux support for SMARC, developers get a scalable, secure, and high-performance solution for industrial, medical, and AI-driven applications. Do you have a specific project or application in mind where you're considering SMARC? We can help with Free Compatibility Check and help you with quick time-to-market For more information: https://www.toradex.com/computer-on-modules/smarc-arm-family

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

How analogue intelligence complements AIPaul Rowe

Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results. News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?

Heap, Types of Heap, Insertion and DeletionJaydeep Kale

Drupalcamp Finland – Measuring Front-end Energy ConsumptionExove

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

Splunk Security Update | Public Sector Summit Germany 2025Splunk

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Rusty Waters: Elevating Lakehouses Beyond Sparkcarlyakerly1

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

How Can I use the AI Hype in my Business Context?Daniel Lehner

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

Mobile App Development Company in Saudi ArabiaSteve Jonas

How analogue intelligence complements AIPaul Rowe

Heap, Types of Heap, Insertion and DeletionJaydeep Kale

Drupalcamp Finland – Measuring Front-end Energy ConsumptionExove

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

Splunk Security Update | Public Sector Summit Germany 2025Splunk

Reverse Engineering: The Crash Course

1. Reverse Engineering The Crash Course

2. Hi! I am Satria Ady Pradana Community Leader of Reversing.ID xathrya @xathrya Reversing.ID Revealing the Truth through Breaking Things https://xathrya.id

3. Disclaimer  This presentation is intended for educational purposes only.  Reverse engineering of copyrighted material is illegal an might cause you a direct or indirect consequence. We have no responsibility of anything you do after learning this.

4. “What do you think of Reverse Engineering?

5. Explaining Reversing  Originally used in the context of mechanical engineering  Breaks down an existing object or system to its construction and then rebuild it based on new demand.  Extracting knowledge or design information from anything man- made and reproducing it or reproduce anything based on the extracted information.

6. Reversing = Solving Puzzles

8. Motivation  Interfacing  Improve documentation shortcomings  Bug Fixing  Creation of unlicensed duplicates  Repurposing  Finding security bugs  For fun!

9. Common Practice Some popular and commonly used practice or operation

10.  Resource Modification (Modding)  Control Flow Bypass  Code Caving

11. Resource Modification (Modding)  Modify the resource of application  Icon  Menu  Layout  Sprite

12. Control Flow Bypass  Alter program flow  Force program to takes (or leaves) intended action.  Jump over the protection mechanism

13. Code Caving  Writing code to specific region of application (or process’ memory)  Fast and easy  No need for source  In conjunction of Function Trampoline.

14. Basic Knowledge

15. The Language  Depend on the target of reversing.  Each programming languages might have unique trait or characteristic.  Channel in Go  Two classes of programming language: native, interpreted.

16.  Assembly  Primitive of Processors operations  Complex operation is decomposed to various instructions  Constrained by processors’ architecture

17. The Executable Format  Application has a format.  Identify by magic number.  Structured and has some sections for data, code, resource, etc.  Function might be provided by foreign module (ex: DLL), list of imported function is maintained.

20. Design Pattern  Software is divided into conceptual module and working together.  Repeatable solution to a commonly occurring problem in a software design.

21. Common Code Base  Library  Framework

22. Common Tools Breaking the system to fine-grain components

23.  Hex Editor  Disassembler  Debugger  Resource Editor

24. Hex Editor  Display the content of file as collection of hex formatted-data and modify part of them.  Find pattern and occurrence.

26. Disassembler  Transform stream of hex bytes to its assembly representation.  Resolve data and resource, referred by the code.

28. Debugger  Test or debug other (target) program  Examine program condition at runtime.  Modify code or data section.  Modify CPU state  Alter control flow

30. Common Process in Reversing Some popular activity and flow

31.  Identify  Disassembly  Decompile if possible  Debug  Patch

32. End of Game.

Reverse Engineering: The Crash Course

Recommended

More Related Content

Similar to Reverse Engineering: The Crash Course (20)

More from Satria Ady Pradana (20)

Recently uploaded (20)

Reverse Engineering: The Crash Course