• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
BSides Algiers - Reversing Win32 applications - Yacine Hebbal

BSides Algiers - Reversing Win32 applications - Yacine Hebbal






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    BSides Algiers - Reversing Win32 applications - Yacine Hebbal BSides Algiers - Reversing Win32 applications - Yacine Hebbal Presentation Transcript

    • 1
    • What is reverse engineering ? Reverse engineering is the process of extracting theknowledge or design blueprints from anything man-made. 2
    • What is reverse engineering ? Reverse engineering can be practiced on: mechanicaldevices, electronic components, or software programs, and wewill focus on reversing software programsReversing applications can be seen as "going backwardsthrough the development cycle”. 3
    • What is reverse engineering ? 4
    • Where do we need it?It is used for1-Evaluating the level of security that the application provides2-Analyzing and eventually defeat various copy protection schemes (cracking)3-Locating vulnerabilities in operating systems and other software4-Reversing Cryptographic Algorithms5-Infecting application by viruses or to healing them from the infection 5
    • Is it legal ? It depends on why you are reversing software, it is legal foreducation purposes and illegal for stealing password andprivate information 6
    • TerminologyPatching : A technique of modification of a program.Serial fishing : Finding the correct password for anapplication.Keygenning : Finding the algorithm that generate thepassword of an application. 7
    • So how to do it ?Software reverse engineering requires a combination of skills & toolsSo to do it we need:- Tools- Knowledge- A working mind , curiosity & the desire to learn 8
    • So how to do it ?Tools 1-disassemblers: are programs that let us get theassembly code from any application such as 9
    • OLLY 11
    • So how to do it ?Tools 2- Debuggers: they are programs that let us executeassembly code and see the results of any instruction IDA & Olly are also debuggers 12
    • So how to do it ?Tools 3-Hex editors: they show the content of any file (programs) in hexadecimal format, they allow us to modify instructions or to get some information (header information for ex) Ex: hex workshop 13
    • HEX WORK SHOP 14
    • So how to do it ?Tools 4- Other tools : We need also some other tools like :- Peid- ImpRec- metasploit- … 15
    • 16
    • 1- Patching applicationsBypassing Authentication 17
    • 2 - Password fishing Static passwords 18
    • 3 - Password fishingDynamic passwords 19
    • 4 - KeygenningCreate keygen 20
    • Some defense methodesTo protect your application there is many defense methodssuch as:PackersProtectorsEncryption algoritms… 21
    • Packers they compress the application so the constant like text forexample will be changed, and they will be restored after theexecution of the application so we can’t see theme before theexecution Ex : UPX , Morphine , Aspack , FSG … 22
    • Protectors they are small programs fused with the application thatcan detect the debugger or the disassembler so they won’t letus reverse the application Sometimes we can find a packer and protector in the sametime EX : YodaEncrypt , ARMprotect … 23
    • Encryption Also there are some other techniques like encrypting thepassword by using hash functions like MD5, SHA-1 … 24
    • Buffer overflow vulnerability Overview …. 25
    • Buffer overflow vulnerability Exploitation 26
    • Links:http://www.kromcrack.com/ http://tuts4you.com/http://www.newbiecontest.org 27
    • Thank youFor you attention 28