Reverse Engineering Section 1 PDF

1 Reverse Engineering Section 1 BY :KAREEM ABDELRAZIK 2 What is Reverse Engineering ? "is the process of extracting knowledge or design information from anything man- made and re-producing it or re-producing anything based on the extracted information” Reverse engineering is more about understanding how something works 3 what are the common applications of reverse engineering in the software world? are two categories of reverse engineering applications  Security related  Software development related 4 Security-Related Reversing Reversing Cryptographic Algorithms: - Obtain the key - Try all possible combinations until you get to the key malicious software : Hackers sometimes employ reversing techniques to locate software vulnerabilities that allow a malicious program to gain access to sensitive Malware analysis :They use reversing techniques to trace every step the program takes and assess the damage it popular with crackers : analyze and eventually defeat various copy protection schemes 5 Reversing in Software Development Evaluating Software Quality and Robustness :evaluate its security and vulnerability Mastering low-level software and the various software-engineering concepts is just as important as mastering the actual reversing techniques if one is to become an accomplished reverser reversing tools such as disassemblers or decompilers 6 Compilation process 8 #output Format The output of the compilation process can take many forms: PE (Windows)  ELF (Linux) Mach-O (OSX) This output file is often your starting point as a reverse engineer For this course we will focus on the PE format 8 # Compiler  9 #Assembler 7 Disassembler vs decompilation process Decomilation Dissembler 10 Assembly Language Assembly language is the lowest level in the software chain Assembly language is the language of reversing To master the world of reversing, one must develop a solid understanding of the chosen platform’s assembly Every computer platform has its own assembly language 11 Assembly Language vs machine code Instruction Example 00000010 00110010 01000000 (Machine Language) ADD 50 64 (Assembly Language) x= 50 + 64 (high level Language C,C++) 12 Reverse engineering tools  System-level reversing requires a variety of tools that sniff, monitor, explore monitor networking activity, file accesses, registry access.  Procmon :Monitor processes/thread, files system, network, and registry activity on the system  Procexplorer :Monitor processes running on the system  InetSim: Internet Services Simulation Suite  Yara: pattern matching rule engine  Wireshark - network sniffing  API Monitor 13 reverse engineering tools  Disassemblers are programs that take a program’s executable binary as input and generate textual files that contain the assembly IDAPro Ghidra Radare ILDasm Capstone 14 reverse engineering tools  debugger A debugger is a program that allows software developers to observe their program while it is running. x64dbg Immunity OllyDbg (Most Popular) WinDbg 15 reverse engineering tools  A decompilers takes an executable binary file and attempts to produce readable high-level language code from it. Ghidra Snowman (Integrated with x64dbg) dot Peek.NET decompiler 16 reverse engineering Vs cybersecurity 17 What Are the Steps of Reverse Engineering malware? Types of malware Setup lab -environment Basic static Analysis Basic dynamic Analysis Advanced static Analysis Advanced dynamic Analysis 18 Reverse Code Engineering Using disassembler such: IDA Pro Ghidra 1 Getting started with IDA Pro Reverse Engineering Malware 2 Using IDA Pro 3 Getting started with Ghidra Reverse Engineering Malware 4 Using Ghidra 19 Course prerequisites Assembly Language Window Architecture (x64-bit) Programming Language Network Fundamentals cryptography 20 thanks

Reverse Engineering Section 1 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue