BSides Algiers - Reversing Win32 applications - Yacine Hebbal

854 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
854
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

BSides Algiers - Reversing Win32 applications - Yacine Hebbal

  1. 1. 1
  2. 2. What is reverse engineering ? Reverse engineering is the process of extracting theknowledge or design blueprints from anything man-made. 2
  3. 3. What is reverse engineering ? Reverse engineering can be practiced on: mechanicaldevices, electronic components, or software programs, and wewill focus on reversing software programsReversing applications can be seen as "going backwardsthrough the development cycle”. 3
  4. 4. What is reverse engineering ? 4
  5. 5. Where do we need it?It is used for1-Evaluating the level of security that the application provides2-Analyzing and eventually defeat various copy protection schemes (cracking)3-Locating vulnerabilities in operating systems and other software4-Reversing Cryptographic Algorithms5-Infecting application by viruses or to healing them from the infection 5
  6. 6. Is it legal ? It depends on why you are reversing software, it is legal foreducation purposes and illegal for stealing password andprivate information 6
  7. 7. TerminologyPatching : A technique of modification of a program.Serial fishing : Finding the correct password for anapplication.Keygenning : Finding the algorithm that generate thepassword of an application. 7
  8. 8. So how to do it ?Software reverse engineering requires a combination of skills & toolsSo to do it we need:- Tools- Knowledge- A working mind , curiosity & the desire to learn 8
  9. 9. So how to do it ?Tools 1-disassemblers: are programs that let us get theassembly code from any application such as 9
  10. 10. IDA PRO DISASSEMBLER 10
  11. 11. OLLY 11
  12. 12. So how to do it ?Tools 2- Debuggers: they are programs that let us executeassembly code and see the results of any instruction IDA & Olly are also debuggers 12
  13. 13. So how to do it ?Tools 3-Hex editors: they show the content of any file (programs) in hexadecimal format, they allow us to modify instructions or to get some information (header information for ex) Ex: hex workshop 13
  14. 14. HEX WORK SHOP 14
  15. 15. So how to do it ?Tools 4- Other tools : We need also some other tools like :- Peid- ImpRec- metasploit- … 15
  16. 16. 16
  17. 17. 1- Patching applicationsBypassing Authentication 17
  18. 18. 2 - Password fishing Static passwords 18
  19. 19. 3 - Password fishingDynamic passwords 19
  20. 20. 4 - KeygenningCreate keygen 20
  21. 21. Some defense methodesTo protect your application there is many defense methodssuch as:PackersProtectorsEncryption algoritms… 21
  22. 22. Packers they compress the application so the constant like text forexample will be changed, and they will be restored after theexecution of the application so we can’t see theme before theexecution Ex : UPX , Morphine , Aspack , FSG … 22
  23. 23. Protectors they are small programs fused with the application thatcan detect the debugger or the disassembler so they won’t letus reverse the application Sometimes we can find a packer and protector in the sametime EX : YodaEncrypt , ARMprotect … 23
  24. 24. Encryption Also there are some other techniques like encrypting thepassword by using hash functions like MD5, SHA-1 … 24
  25. 25. Buffer overflow vulnerability Overview …. 25
  26. 26. Buffer overflow vulnerability Exploitation 26
  27. 27. Links:http://www.kromcrack.com/ http://tuts4you.com/http://www.newbiecontest.org 27
  28. 28. Thank youFor you attention 28

×