SlideShare a Scribd company logo

Introduction to Reverse Engineering

Download as PPT, PDF
Dobromir Enchev
Dobromir Enchev
Technology
1 of 13
REVERSE ENGINEERING ВЪВ WIN32 ПРИЛОЖЕНИЯ
ЩО Е ТО “REVERSE ENGINEERING”? Wikipedia казва.. Reversing / Reverse engineering (или обратно инжинерство) е процесът на откриване на технологичните принципи на устройство, обект или система, чрез анализ на неговата структура, функция или работа.
“HACKER” VS “CRACKER” WHITE HATS / BLACK HATS
ИЗВЕСТНИ CRACK ГРУПИ Интерационални: • Razor1911 • Myth • Phrozen Crew • CLASS • RELOADED • SKiDROW Български (преди десетина години): • PZ crack team • BiOCiDE • Freak-Inc • DIGIT • Pulse Reversing Force (ние по това време :P)
НАЙ-ЧЕСТИ ТИПОВЕ RELEASES • Application cracks, keygens, loaders • Съдържание (книги, филми, музика…) – по-типично за т. нар. warez • Трейнери за игри • Intros • Crack intros (Cracktros) • Tools • Chiptunes (!!!) • Keygenmes / Crackmes
СТРУКТУРА НА CRACK RELEASE Задължителни • Самият release • NFO файл Допълнително • DIZ файл • MD5 файл • Crack intro (cracktro)
ФОРМАТИ ИЗПЪЛНИМИ ФАЙЛОВЕ • DOS: COM, MZ EXE • Windows: PE32, PE32+, PE32 .NET, SCR (EXE), DLL, OCX, SYS • Mac OS X: Mach-O, .dylib • Linux: ELF, .so
ЕЗИЦИ И СЛОЖНОСТ НА REVERSING Език Сложност на дисасемблиране Трудност на модификация Visual Basic 6 (p-code) ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ Visual Basic 6 (native) ★ ★ ★ ★ ★ ★ Delphi ★ ★ ★ ★ ★ ★ ★ C# в чист вид ★ ★ Java ★ ★ ★ ★ ★ C/C++ ★ ★ ★ ★ Assembler ★ ★
БАЗОВА СТРУКТУРА НА PE ФОРМАТЪТ MZ Header PE Header Data section Code section Imports section Exports section Resource section
В РЕАЛНОСТ...
PE MODIFICATORS • Packers (PE compressors): UPX, MEW, FSG, ASPack и др. • Crypters: ASProtect, TeLock и др. • VM protectors: Themida • Obfuscators (за .NET): {smartassembly}, Eazfuscator.NET
ИНСТРУМЕНТИ Инструменти за анализ и информация: •ResourceHacker – за модификация на ресурси •Spy – За динамична промяна на прозорци •ProcMon – цялостен мониторинг •PEiD – анализ на пакер или език •W32dasm, IDA PRO, Olly DBG – дисасемблери с дебъг функция
КРАТКО ДЕМО • Resource Editing • Memory reading • File patching

Recommended

Направи си сам Raspberry Pi HAT
Направи си сам Raspberry Pi HATНаправи си сам Raspberry Pi HAT
Направи си сам Raspberry Pi HATLeon Anavi
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringSyed Zillay Ali
 
Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse EngineeringGopinath Chintala
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringYuffie Valen
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineeringdswanson
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its applicationmapqrs
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringananya0122
 
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)Sehan Lee
 

Recommended

Направи си сам Raspberry Pi HAT
Направи си сам Raspberry Pi HATНаправи си сам Raspberry Pi HAT
Направи си сам Raspberry Pi HATLeon Anavi
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringSyed Zillay Ali
 
Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse EngineeringGopinath Chintala
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringYuffie Valen
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineeringdswanson
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its applicationmapqrs
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringananya0122
 
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)Sehan Lee
 
Binary exploitation - AIS3
Binary exploitation - AIS3Binary exploitation - AIS3
Binary exploitation - AIS3Angel Boy
 
Bug hunting through_reverse_engineering
Bug hunting through_reverse_engineeringBug hunting through_reverse_engineering
Bug hunting through_reverse_engineeringarif
 
Glibc malloc internal
Glibc malloc internalGlibc malloc internal
Glibc malloc internalMotohiro KOSAKI
 
Heap exploitation
Heap exploitationHeap exploitation
Heap exploitationAngel Boy
 
Advanced heap exploitaion
Advanced heap exploitaionAdvanced heap exploitaion
Advanced heap exploitaionAngel Boy
 
Sigreturn Oriented Programming
Sigreturn Oriented ProgrammingSigreturn Oriented Programming
Sigreturn Oriented ProgrammingAngel Boy
 
Play with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniquePlay with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniqueAngel Boy
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringManish Kumar
 
Unit 1 Service Operations Management
Unit 1 Service Operations ManagementUnit 1 Service Operations Management
Unit 1 Service Operations ManagementGopinath Guru
 
Measuring capacity lesson3
Measuring capacity lesson3Measuring capacity lesson3
Measuring capacity lesson3Lidia Marie
 
intra and inter personal relations
intra and inter personal relationsintra and inter personal relations
intra and inter personal relationsGanesh Sahu
 
Service Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiService Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiMuhammad Idil Haq Amir
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringHicube Infosec
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringDaniel Stenberg
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineeringsiddu019
 
Measurement System Analysis
Measurement System AnalysisMeasurement System Analysis
Measurement System AnalysisRonald Shewchuk
 
Tools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning processTools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning processRohan Monis
 
Legacy Software Maintenance And Management
Legacy Software Maintenance And ManagementLegacy Software Maintenance And Management
Legacy Software Maintenance And ManagementValueCoders
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureDharmalingam Ganesan
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringSaswat Padhi
 
Webloz2011
Webloz2011Webloz2011
Webloz2011SuperHosting.BG
 
br15_single
br15_singlebr15_single
br15_singleKristian Dimitrov
 

More Related Content

Viewers also liked

Binary exploitation - AIS3
Binary exploitation - AIS3Binary exploitation - AIS3
Binary exploitation - AIS3Angel Boy
 
Bug hunting through_reverse_engineering
Bug hunting through_reverse_engineeringBug hunting through_reverse_engineering
Bug hunting through_reverse_engineeringarif
 
Heap exploitation
Heap exploitationHeap exploitation
Heap exploitationAngel Boy
 
Advanced heap exploitaion
Advanced heap exploitaionAdvanced heap exploitaion
Advanced heap exploitaionAngel Boy
 
Sigreturn Oriented Programming
Sigreturn Oriented ProgrammingSigreturn Oriented Programming
Sigreturn Oriented ProgrammingAngel Boy
 
Play with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniquePlay with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniqueAngel Boy
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringManish Kumar
 
Unit 1 Service Operations Management
Unit 1 Service Operations ManagementUnit 1 Service Operations Management
Unit 1 Service Operations ManagementGopinath Guru
 
Measuring capacity lesson3
Measuring capacity lesson3Measuring capacity lesson3
Measuring capacity lesson3Lidia Marie
 
intra and inter personal relations
intra and inter personal relationsintra and inter personal relations
intra and inter personal relationsGanesh Sahu
 
Service Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiService Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiMuhammad Idil Haq Amir
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineeringsiddu019
 
Measurement System Analysis
Measurement System AnalysisMeasurement System Analysis
Measurement System AnalysisRonald Shewchuk
 
Tools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning processTools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning processRohan Monis
 
Legacy Software Maintenance And Management
Legacy Software Maintenance And ManagementLegacy Software Maintenance And Management
Legacy Software Maintenance And ManagementValueCoders
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureDharmalingam Ganesan
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringSaswat Padhi
 

Viewers also liked (20)

Binary exploitation - AIS3
Binary exploitation - AIS3Binary exploitation - AIS3
Binary exploitation - AIS3
 
Bug hunting through_reverse_engineering
Bug hunting through_reverse_engineeringBug hunting through_reverse_engineering
Bug hunting through_reverse_engineering
 
Glibc malloc internal
Glibc malloc internalGlibc malloc internal
Glibc malloc internal
 
Heap exploitation
Heap exploitationHeap exploitation
Heap exploitation
 
Advanced heap exploitaion
Advanced heap exploitaionAdvanced heap exploitaion
Advanced heap exploitaion
 
Sigreturn Oriented Programming
Sigreturn Oriented ProgrammingSigreturn Oriented Programming
Sigreturn Oriented Programming
 
Play with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniquePlay with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit Technique
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
 
Unit 1 Service Operations Management
Unit 1 Service Operations ManagementUnit 1 Service Operations Management
Unit 1 Service Operations Management
 
Measuring capacity lesson3
Measuring capacity lesson3Measuring capacity lesson3
Measuring capacity lesson3
 
intra and inter personal relations
intra and inter personal relationsintra and inter personal relations
intra and inter personal relations
 
Service Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiService Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi Informasi
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineering
 
Measurement System Analysis
Measurement System AnalysisMeasurement System Analysis
Measurement System Analysis
 
Tools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning processTools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning process
 
Legacy Software Maintenance And Management
Legacy Software Maintenance And ManagementLegacy Software Maintenance And Management
Legacy Software Maintenance And Management
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software Architecture
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 

Similar to Introduction to Reverse Engineering

Memory problems in .NET apps
Memory problems in .NET appsMemory problems in .NET apps
Memory problems in .NET appsBorislav Ivanov
 
Демо урок по програмиране със Светлин Наков
Демо урок по програмиране със Светлин НаковДемо урок по програмиране със Светлин Наков
Демо урок по програмиране със Светлин НаковSvetlin Nakov
 
Mozllla Labs presentation
Mozllla Labs presentationMozllla Labs presentation
Mozllla Labs presentationBogomil Shopov
 
wtconference
wtconferencewtconference
wtconferenceunderlog
 

Similar to Introduction to Reverse Engineering (9)

Webloz2011
Webloz2011Webloz2011
Webloz2011
 
br15_single
br15_singlebr15_single
br15_single
 
W3 Приложения, Лекция 1, Част 1 Inet Pioners
W3 Приложения, Лекция 1, Част 1 Inet PionersW3 Приложения, Лекция 1, Част 1 Inet Pioners
W3 Приложения, Лекция 1, Част 1 Inet Pioners
 
Memory problems in .NET apps
Memory problems in .NET appsMemory problems in .NET apps
Memory problems in .NET apps
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Демо урок по програмиране със Светлин Наков
Демо урок по програмиране със Светлин НаковДемо урок по програмиране със Светлин Наков
Демо урок по програмиране със Светлин Наков
 
Въведение в Perl
Въведение в PerlВъведение в Perl
Въведение в Perl
 
Mozllla Labs presentation
Mozllla Labs presentationMozllla Labs presentation
Mozllla Labs presentation
 
wtconference
wtconferencewtconference
wtconference
 

Introduction to Reverse Engineering

  • 1. REVERSE ENGINEERING ВЪВ WIN32 ПРИЛОЖЕНИЯ
  • 2. ЩО Е ТО “REVERSE ENGINEERING”? Wikipedia казва.. Reversing / Reverse engineering (или обратно инжинерство) е процесът на откриване на технологичните принципи на устройство, обект или система, чрез анализ на неговата структура, функция или работа.
  • 4. ИЗВЕСТНИ CRACK ГРУПИ Интерационални: • Razor1911 • Myth • Phrozen Crew • CLASS • RELOADED • SKiDROW Български (преди десетина години): • PZ crack team • BiOCiDE • Freak-Inc • DIGIT • Pulse Reversing Force (ние по това време :P)
  • 5. НАЙ-ЧЕСТИ ТИПОВЕ RELEASES • Application cracks, keygens, loaders • Съдържание (книги, филми, музика…) – по-типично за т. нар. warez • Трейнери за игри • Intros • Crack intros (Cracktros) • Tools • Chiptunes (!!!) • Keygenmes / Crackmes
  • 6. СТРУКТУРА НА CRACK RELEASE Задължителни • Самият release • NFO файл Допълнително • DIZ файл • MD5 файл • Crack intro (cracktro)
  • 7. ФОРМАТИ ИЗПЪЛНИМИ ФАЙЛОВЕ • DOS: COM, MZ EXE • Windows: PE32, PE32+, PE32 .NET, SCR (EXE), DLL, OCX, SYS • Mac OS X: Mach-O, .dylib • Linux: ELF, .so
  • 8. ЕЗИЦИ И СЛОЖНОСТ НА REVERSING Език Сложност на дисасемблиране Трудност на модификация Visual Basic 6 (p-code) ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ Visual Basic 6 (native) ★ ★ ★ ★ ★ ★ Delphi ★ ★ ★ ★ ★ ★ ★ C# в чист вид ★ ★ Java ★ ★ ★ ★ ★ C/C++ ★ ★ ★ ★ Assembler ★ ★
  • 9. БАЗОВА СТРУКТУРА НА PE ФОРМАТЪТ MZ Header PE Header Data section Code section Imports section Exports section Resource section
  • 11. PE MODIFICATORS • Packers (PE compressors): UPX, MEW, FSG, ASPack и др. • Crypters: ASProtect, TeLock и др. • VM protectors: Themida • Obfuscators (за .NET): {smartassembly}, Eazfuscator.NET
  • 12. ИНСТРУМЕНТИ Инструменти за анализ и информация: •ResourceHacker – за модификация на ресурси •Spy – За динамична промяна на прозорци •ProcMon – цялостен мониторинг •PEiD – анализ на пакер или език •W32dasm, IDA PRO, Olly DBG – дисасемблери с дебъг функция
  • 13. КРАТКО ДЕМО • Resource Editing • Memory reading • File patching