The document discusses reverse engineering techniques for bug hunting and exploit development. It covers analyzing software, hardware, applications, operating systems and firmware through static and dynamic reverse engineering. Static techniques include disassembling and analyzing binary code while dynamic techniques involve emulating or debugging running programs. The document also discusses fuzzing techniques, common bug classes, challenges like obfuscated code, and tools like LLVM and LibFuzzer that can be used for reverse engineering and fuzzing. The overall goal of reverse engineering discussed is to develop exploits by finding and analyzing bugs, whether to develop without source code, bypass restrictions, or for malware analysis and curiosity.

1. Bug Hunting
Through
Reverse Engineering
d.monkey @ echo.or.id

2. Reverse Engineering

3. Reverse Engineering

4. Reverse Engineering
-ETOOBIG

5. Software
Hardware
Computer

6. Software
Hardware
Computer
Application
Operating System
Firmware
HW

7. Software
Hardware
Computer
Application
Operating System
Firmware
HW

8. Application
Computer
Virtual Machines
Native Application

9. Virtual Machines
Computer Applications
Native Application

10. Virtual Machines
Applications
Native Application
Bytecode ISA Opcode

11. Virtual Machines
Application based Virtual Machines
Java Applications
Python
PHP
Javascript

12. Native Applications
Native Applications
C / C++
Golang
Rust
Ocaml

13. Native Applications
Native Applications
C / C++
Golang
Rust
Ocaml

14. Native Apps
C / C++ Source Code
Compiler
Native Apps

15. The Reason
• Development With No Access To Source Code
• Bypass Restrictions
• Malware Analysis
• Bug Hunting & Exploit Development
• Self-Satistification of curiosity.

16. Another Reason

17. Another Reason

18. The Reason
• Development With No Access To Source Code
• Bypass Restrictions
• Malware Analysis
• Bug Hunting & Exploit Development
• Self-Satistification of curiosity.

19. Exploit Development
Fuzzing
Analyze
Exploitations

20. Fuzzing
Generate Testcase
Feed Input to
Program
Crash
Repeat

21. Reversing and Fuzzing
• RE is hard if the target is too complex.
• RE is hard if such obfuscations implemented in
the target
• Fuzzing sometimes it just works, but without RE
it’s just a plain bugs with no prior knownledge to
exploit.

22. Reversing Nightmare
• Software Obfuscations
• Packer / Self Modifying Code
• Code Flattening, Subtitutions, Dead Code
Insertions, Etc.
• Self Virtual Machines

23. Reversing Nightmare

24. Reversing Nightmare

25. Reversing Nightmare

26. Reversing Nightmare

27. Reversing Nightmare
• Software Obfuscations
• Packer / Self Modifying Code
• Code Flattening, Subtitutions, Dead Code
Insertions, Etc.
• Self Virtual Machines

28. Bug Classes
• Memory Corruptions
• Race Conditions
• Weak Cryptographic
• Implementation / Architectural Flaw

29. Reverse Engineering Native Apps
• Static Analysis
• Dynamic Analysis

30. Static Analysis
Native Apps
Disassemble
Analyze

31. Static Analysis
• Pros
• Good for analyzing a small apps / specific
functions
• Best to find implementation flaw a bad features
• Cons
• If the apps is to big it’s hard to find bugs
• Hard to analyze if such obfuscations applied

32. Tool for Static Analysis

33. Dynamic Analysis
Native Apps
Emulate / Debugger
Analyze

34. Dynamic Analysis
• Pros
• Good for analyzing obfuscated apps.
• Good for analyzing complex apps.
• Cons
• Need to run apps so for some big apps is quite
computations heavy.

35. Native Apps
C / C++ Source Code
Compiler
Native Apps

36. LLVM

37. Native Apps
C / C++ Source Code
Compiler
Native Apps
Backend
Frontend
PASS

38. LLVM

39. LLVM IR

40. Fuzzing

41. Fuzzing with LibFuzzer
C / C++ Source Code
Compiler
Native Apps
Backend
Frontend LibFuzzer
LLVM PASS

42. Fuzzing with LibFuzzer
Native Apps
Compiler
Native Apps
Backend
Frontend LibFuzzer
Disassembler
Bitcode Translations

43. DEMO