SlideShare a Scribd company logo

Reverse engineering

Download as PPTX, PDF
Japneet Singh
Japneet Singh

Introduction to reverse engineering

Engineering
1 of 10
Finding secrets using Reverse engineering By Japneet Singh
Why reverse engineer? • Security researchers use it to • Understand and defend against malware • Find vulnerabilities as part of pen testing • Malware authors use it to • Find bypasses in security software • Find vulnerabilities to abuse • IP theft
x64 General purpose register set Accumulator Base Counter Data Stack Base pointer Source Index Destination Index Stack Pointer Auxiliary
x64 Calling convention • First 4 arguments in registers, rest on the stack void func(arg1, arg2, arg3, arg4, arg5, …) RCX RDX R8 R9 Stack
Few instructions • Arithmetic – ADD, SUB, IMUL, DIV, INC, DEC • Stack – PUSH, POP • Memory – MOV, LEA • Branching – JMP, JZ, JNZ, JGE, JLE, … • Functions – CALL • Logical – XOR, AND, OR, NOT
IDA • Popular RE tool for binaries • Supports many different binary formats and CPU architectures • Quite user friendly • Expensive license! • Alternatives • Binary Ninja • Ghidra
Warming up! • Lab 1 – Hello world • Lab 2 – Simple arithmetic • Lab 3 – Branching • Lab 4 – Loops
Fun! • Lab 5 – Secret passcode • Lab 6 – Another secret passcode • Lab 7 – Binary patching
FLIRT signatures • Used to find what part of code belongs to known libraries • Very important role!
Q & A

Recommended

Arpwall - protect from ARP spoofing
Arpwall - protect from ARP spoofingArpwall - protect from ARP spoofing
Arpwall - protect from ARP spoofingAmmar WK
 
Александр Черников: Использование netmap
Александр Черников: Использование netmapАлександр Черников: Использование netmap
Александр Черников: Использование netmapYandex
 
The Joy of SciPy
The Joy of SciPyThe Joy of SciPy
The Joy of SciPykammeyer
 
ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2Anton Kochkov
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootYashin Mehaboobe
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptxSameer Sapra
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Network programming in python..
Network programming in python..Network programming in python..
Network programming in python..Bharath Kumar
 

Recommended

Arpwall - protect from ARP spoofing
Arpwall - protect from ARP spoofingArpwall - protect from ARP spoofing
Arpwall - protect from ARP spoofingAmmar WK
 
Александр Черников: Использование netmap
Александр Черников: Использование netmapАлександр Черников: Использование netmap
Александр Черников: Использование netmapYandex
 
The Joy of SciPy
The Joy of SciPyThe Joy of SciPy
The Joy of SciPykammeyer
 
ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2ESIL - Universal IL (Intermediate Language) for Radare2
ESIL - Universal IL (Intermediate Language) for Radare2Anton Kochkov
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootYashin Mehaboobe
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptxSameer Sapra
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Network programming in python..
Network programming in python..Network programming in python..
Network programming in python..Bharath Kumar
 
Smashing the stack with Hydra
Smashing the stack with HydraSmashing the stack with Hydra
Smashing the stack with Hydrapratap21
 
Demystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampDemystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampAndré Baptista
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Shellcode mastering
Shellcode masteringShellcode mastering
Shellcode masteringPositive Hack Days
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Positive Hack Days
 
sylabus
sylabussylabus
sylabusAlexei Nomazov
 
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Sam Bowne
 
Current status of PSR - Phpblt1
Current status of PSR - Phpblt1Current status of PSR - Phpblt1
Current status of PSR - Phpblt1Yui Sakamoto
 
Open Source Automated Documentation in a Development Environment
Open Source Automated Documentation in a Development EnvironmentOpen Source Automated Documentation in a Development Environment
Open Source Automated Documentation in a Development Environmentnealemorison
 
Polyglot Architecture: A Rational Approach to Software Design
Polyglot Architecture: A Rational Approach to Software DesignPolyglot Architecture: A Rational Approach to Software Design
Polyglot Architecture: A Rational Approach to Software Designkompalg
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the GatewaysOnur Alanbel
 
Intro to Redis
Intro to RedisIntro to Redis
Intro to RedisJeff Alstadt
 
これからのPerlプロダクトのかたち(YAPC::Asia 2013)
これからのPerlプロダクトのかたち(YAPC::Asia 2013)これからのPerlプロダクトのかたち(YAPC::Asia 2013)
これからのPerlプロダクトのかたち(YAPC::Asia 2013)goccy
 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017OpenEBS
 
Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)packetloop
 
Server Tips
Server TipsServer Tips
Server Tipsliqingfang126
 
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tipsDEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tipsFelipe Prado
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptorsn|u - The Open Security Community
 
ANN-Lecture2-Python Startup.pptx
ANN-Lecture2-Python Startup.pptxANN-Lecture2-Python Startup.pptx
ANN-Lecture2-Python Startup.pptxShahzadAhmadJoiya3
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisTO THE NEW | Technology
 
Bypassing DEP using ROP
Bypassing DEP using ROPBypassing DEP using ROP
Bypassing DEP using ROPJapneet Singh
 
Polarbear recent windows 0day
Polarbear recent windows 0dayPolarbear recent windows 0day
Polarbear recent windows 0dayJapneet Singh
 

More Related Content

Similar to Reverse engineering

Smashing the stack with Hydra
Smashing the stack with HydraSmashing the stack with Hydra
Smashing the stack with Hydrapratap21
 
Demystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampDemystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampAndré Baptista
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Positive Hack Days
 
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Sam Bowne
 
Current status of PSR - Phpblt1
Current status of PSR - Phpblt1Current status of PSR - Phpblt1
Current status of PSR - Phpblt1Yui Sakamoto
 
Open Source Automated Documentation in a Development Environment
Open Source Automated Documentation in a Development EnvironmentOpen Source Automated Documentation in a Development Environment
Open Source Automated Documentation in a Development Environmentnealemorison
 
Polyglot Architecture: A Rational Approach to Software Design
Polyglot Architecture: A Rational Approach to Software DesignPolyglot Architecture: A Rational Approach to Software Design
Polyglot Architecture: A Rational Approach to Software Designkompalg
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the GatewaysOnur Alanbel
 
これからのPerlプロダクトのかたち(YAPC::Asia 2013)
これからのPerlプロダクトのかたち(YAPC::Asia 2013)これからのPerlプロダクトのかたち(YAPC::Asia 2013)
これからのPerlプロダクトのかたち(YAPC::Asia 2013)goccy
 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017OpenEBS
 
Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)packetloop
 
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tipsDEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tipsFelipe Prado
 
ANN-Lecture2-Python Startup.pptx
ANN-Lecture2-Python Startup.pptxANN-Lecture2-Python Startup.pptx
ANN-Lecture2-Python Startup.pptxShahzadAhmadJoiya3
 

Similar to Reverse engineering (20)

Smashing the stack with Hydra
Smashing the stack with HydraSmashing the stack with Hydra
Smashing the stack with Hydra
 
Demystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampDemystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels Camp
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Shellcode mastering
Shellcode masteringShellcode mastering
Shellcode mastering
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.
 
sylabus
sylabussylabus
sylabus
 
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Practical Malware Analysis Ch13
Practical Malware Analysis Ch13
 
Current status of PSR - Phpblt1
Current status of PSR - Phpblt1Current status of PSR - Phpblt1
Current status of PSR - Phpblt1
 
Open Source Automated Documentation in a Development Environment
Open Source Automated Documentation in a Development EnvironmentOpen Source Automated Documentation in a Development Environment
Open Source Automated Documentation in a Development Environment
 
Polyglot Architecture: A Rational Approach to Software Design
Polyglot Architecture: A Rational Approach to Software DesignPolyglot Architecture: A Rational Approach to Software Design
Polyglot Architecture: A Rational Approach to Software Design
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the Gateways
 
Intro to Redis
Intro to RedisIntro to Redis
Intro to Redis
 
これからのPerlプロダクトのかたち(YAPC::Asia 2013)
これからのPerlプロダクトのかたち(YAPC::Asia 2013)これからのPerlプロダクトのかたち(YAPC::Asia 2013)
これからのPerlプロダクトのかたち(YAPC::Asia 2013)
 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
 
Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)
 
Server Tips
Server TipsServer Tips
Server Tips
 
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tipsDEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
DEF CON 27 - DIMITRY SNEZHKOV - zombie ant farm practical tips
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
ANN-Lecture2-Python Startup.pptx
ANN-Lecture2-Python Startup.pptxANN-Lecture2-Python Startup.pptx
ANN-Lecture2-Python Startup.pptx
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 

More from Japneet Singh

Bypassing DEP using ROP
Bypassing DEP using ROPBypassing DEP using ROP
Bypassing DEP using ROPJapneet Singh
 
Polarbear recent windows 0day
Polarbear recent windows 0dayPolarbear recent windows 0day
Polarbear recent windows 0dayJapneet Singh
 
Code signing and trust
Code signing and trustCode signing and trust
Code signing and trustJapneet Singh
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerJapneet Singh
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine LearningJapneet Singh
 
Exploiting the windows kernel
Exploiting the windows kernelExploiting the windows kernel
Exploiting the windows kernelJapneet Singh
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threatsJapneet Singh
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJapneet Singh
 

More from Japneet Singh (8)

Bypassing DEP using ROP
Bypassing DEP using ROPBypassing DEP using ROP
Bypassing DEP using ROP
 
Polarbear recent windows 0day
Polarbear recent windows 0dayPolarbear recent windows 0day
Polarbear recent windows 0day
 
Code signing and trust
Code signing and trustCode signing and trust
Code signing and trust
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
 
Exploiting the windows kernel
Exploiting the windows kernelExploiting the windows kernel
Exploiting the windows kernel
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 

Recently uploaded

HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdfKamal Acharya
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxpritamlangde
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Servicemeghakumariji156
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesChandrakantDivate1
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdfKamal Acharya
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Basic Electronics for diploma students as per technical education Kerala Syll...
Basic Electronics for diploma students as per technical education Kerala Syll...Basic Electronics for diploma students as per technical education Kerala Syll...
Basic Electronics for diploma students as per technical education Kerala Syll...ppkakm
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using PipesLinux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using PipesRashidFaridChishti
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationBhangaleSonal
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 

Recently uploaded (20)

HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptx
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Basic Electronics for diploma students as per technical education Kerala Syll...
Basic Electronics for diploma students as per technical education Kerala Syll...Basic Electronics for diploma students as per technical education Kerala Syll...
Basic Electronics for diploma students as per technical education Kerala Syll...
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using PipesLinux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 

Reverse engineering

  • 1. Finding secrets using Reverse engineering By Japneet Singh
  • 2. Why reverse engineer? • Security researchers use it to • Understand and defend against malware • Find vulnerabilities as part of pen testing • Malware authors use it to • Find bypasses in security software • Find vulnerabilities to abuse • IP theft
  • 3. x64 General purpose register set Accumulator Base Counter Data Stack Base pointer Source Index Destination Index Stack Pointer Auxiliary
  • 4. x64 Calling convention • First 4 arguments in registers, rest on the stack void func(arg1, arg2, arg3, arg4, arg5, …) RCX RDX R8 R9 Stack
  • 5. Few instructions • Arithmetic – ADD, SUB, IMUL, DIV, INC, DEC • Stack – PUSH, POP • Memory – MOV, LEA • Branching – JMP, JZ, JNZ, JGE, JLE, … • Functions – CALL • Logical – XOR, AND, OR, NOT
  • 6. IDA • Popular RE tool for binaries • Supports many different binary formats and CPU architectures • Quite user friendly • Expensive license! • Alternatives • Binary Ninja • Ghidra
  • 7. Warming up! • Lab 1 – Hello world • Lab 2 – Simple arithmetic • Lab 3 – Branching • Lab 4 – Loops
  • 8. Fun! • Lab 5 – Secret passcode • Lab 6 – Another secret passcode • Lab 7 – Binary patching
  • 9. FLIRT signatures • Used to find what part of code belongs to known libraries • Very important role!
  • 10. Q & A