Slashdot Mirror
Learning Reverse Engineering
TheBoostedBrain writes "Mike Perry and Nasko Oskov have written a very complete article about reverse engineering. It provides an introduction to reverse engineering software under both Linux and Windows."
← Back to Stories (view on slashdot.org)
No need to. We'll take care of it just fine.
I can't believe they left out truss/strace/ktrace. Even without debugging symbols, these utilities can tell you what system calls are being called, when they are called, and what arguments are being passed.
truss under Solaris is even more useful than strace under Linux or ktrace under the BSDs; you can also trace function entry points into user-level ELF solibs.
Do daemons dream of electric sleep()?
What would we do without wget --recursive?
:P
We would use wget -r.
GNU-style flags are annoying to us lazy folk
--
the strongest word is still the word "free"
mimosa: ~ $ echo 'engineering' | rev
gnireenigne
What more do you need to know?
`(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
`(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
`(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
`(4) For purposes of this subsection, the term `interoperability' means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
DMCA
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
Well this was most unexpected. We still have a lot of work to do on this book, and are still in the process of looking for a publisher. In fact, both Nasko and I were working on the book as this was posted (quite a shock!). We're still putting together screenshots, describing debugging utilities, etc..
In fact, the book looks more complete than it actualy is. Most of the chapters are basically just an outline that we've been filling in as we go along.
Keep checking the book periodically for more updates, as again, this is a work in progress. If you notice any ommissions, or have any contributions, we would be glad to take them.
Thanks,
Nasko Oskov & Mike Perry
This. One of the funnier 404 messages I've seen. Take a look at the source for the page so you won't have to wait for the slow version of the text. :)
Very Good article, and I admit that I did not understand all of it, nor did I read all of it. However I did forward it along to a couple of friends who do not regularly /.
Here is a reverse engineering feat for you all...POS(Point of Sale) terminal equipment. Specifically to replace NSC(National Systems Corporation) and similar diamond touch gear. If you can reverse engineer a system for taking customer's orders(think pizza/food), showing it on multiple screens around the store, and keeping track of inventory, sales numbers and statistics, customer tracking and history...wow you would be great. Nobody wants to spend $15-30,000 for a new POS system. Nobody.
Biggest problem is that these small operators spend that much money on the system, that they are obligated and forced into using it for 10+ years, well after the hardware(monitors/keyboards) wear out. Then get stuck purchasing proprietary stuff at the same cost it was at the original purchase price...several hundred dollars for a custom keyboard...get real.
Somebody please show me where there is a project to reverse engineer this with an X window under RedHat/Slack. Even terminal would be fine. The current system runs text only...over 1 pair of copper in a phone plug(rj11).
Who is this that even the wind and the waves obey Him? Surely this computer must submit also!
For an excellent source of reverse engineering material, you really should check out the old Fravia pages. This is the original stuff right here.
Along with reversing tutorials and materials, there is a rich history behind this stuff. A man named +ORC published a tutorial on how to reverse engineer a Windows program called pooldemo.exe. From this text, an era was born. The Fravia website was created and was home to the +HCU. Many people sought after the true identity of +ORC, and he left a strainer (riddle) behind that would take you to a URL where he would be unmasked supposedly. Just look up "ORC riddle" on google for details. Neat stuff!
But now I know why, due to the authors' comments. Thanks for the pointer to the TOC entry though, don't how I missed that.
For the readership out there, I'm sure those will be covered in the future; in the meantime, read your strace/ktrace/truss man pages. Run them on the application you're trying to RE before doing *anything* else. Sometimes, those dumps can provide *amazing* insight into the behaviour and structure of the program (particularly if you're good with 'grep'), especially if you're trussing and using the program interactively.
Do daemons dream of electric sleep()?
This book is pretty weak. I skimmed through it and no where did I see win32dasm dead listings or hands on reversing. It seems like it just tries to explain different windows and unix tools people might use for reversing. Comments like this certainly should have been left out: If you don't know assembly language, at the end of this book you will literally know it inside-out I mean gimme a break. In less than a hundred pages of text, no one is going to learn x86 asm "inside-out." Chapter 9, which many people would be interested in, is incomplete. I wouldn't waste my time. Go search for "fravia pages reverse engineering" on google. That material took years to put together.
Quote from the introduction of the book:
:)"
"We don't know about you, but to us, software that we don't have source code to just pisses us off. So we figure: screw it, lets do some damage.
Cheap comments like this really degrade this book.
Here are a couple of beginner-level articles I've written on reverse-engineering malicious code:
Reverse Engineering Hostile Code
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
Recently I came by this book: Code Reading - The Open Source Perspective, which has the same idea except for when you have the source of a program and not only a binary.
bash$
http://www.eagle-i.com/JAVA/bb.html
Unfortunately, no one can be told what my sig is...
you might want to have a look at AntiCrack which is a huge collection of tutorials cracking , reverse engineering, and programming. They also have a copy of the Old Fravia'Site, the new one being about searching).
;-)
There's a few games/challenges out there about reverse engineering, cracking, logic and programming. Give them a try if you wish (Arcanum is really nice):
AngularVision, Apotheosis, Arcanum, Aspect, Aspect2, C&CDisIncorporated, CyberArmy, Disavowed, Electrica, Escape, HackME, HackersGames, HackersLab, HackQuest, Hybrid, ICEFortress, Lamebulun, Mod-X, NetSplit, NGSEC'sSecurityGame, ProblemSetArchive, ReverserCourse, SlyFX, TheGame, and Try2hack.
have fun
-- search the web