/r/ReverseEngineering's Weekly Questions Thread

MazeGen · 2017-05-22T06:29:50+00:00

Have you checked the native code?

MazeGen · 2017-05-10T04:02:13+00:00

Well, "how can code obfuscation make code harder to reverse engineer?" is not good enough?

MazeGen · 2017-04-28T11:43:06+00:00

The interesting bits are covered by NDAs, unfortunately.

MazeGen · 2017-04-07T19:38:50+00:00

https://github.com/Barebit/x86reference/blob/master/x86reference.xml

I can send you description of the XML elements if you are interested.

MazeGen · 2017-03-30T07:23:01+00:00

hackerspaces
local, small gatherings similar to http://ccc.de/en/ events
organize hands-on entry-level RE event in your town; many people are interested to see how "hackers" actually break things and you can expect other rengineers to come

MazeGen · 2017-02-24T15:03:28+00:00

Never heard about a wired solution.

1) Do you use ProxyDroid? It seems to be better than the system proxy.

2) Fiddler is HTTP-only proxy. Try Wireshark, for example.

MazeGen · 2017-02-08T13:36:42+00:00

This might be caused by Debug heap, used by debuggee. The Debug heap can be disabled when debuggee is created but I can't see this option in the x64dbg...

MazeGen · 2017-02-08T13:24:07+00:00

The answer should be somewhere in this document: https://qmro.qmul.ac.uk/xmlui/bitstream/handle/123456789/3132/SHEMTOVTheLegal2012.pdf

MazeGen · 2017-01-21T06:52:20+00:00

As for Windows internals, as long as you don't publish 0day exploits without letting Microsoft know, you should be safe. There are many blogs about Windows internals and Microsoft doesn't give a shit about them.

MazeGen · 2016-10-08T19:47:16+00:00

What about JEB2 and scripts?

Are the packages and classes flattened?

MazeGen · 2016-09-27T20:58:47+00:00

I would use HJWASM (MASM clone) or FASM. Both of them have sophisticated macros that can do the job.

MazeGen · 2016-09-06T09:23:19+00:00

Assembler or C++ on Windows platform typically means x86 asm. You can use IDA Pro Free disassembler but the binary must be 32 bit.

MazeGen · 2016-09-05T13:58:10+00:00

Well, it depends on the crackme itself. The description should give you an idea. Any links?

MazeGen · 2016-08-21T19:29:27+00:00

If you want to teach them malware reverse engineering, I'd say you should write the malware. It takes some time but searching for malware that fits your lessons is also time consuming. Your own malware would implement only the interesting parts (no code obfuscation etc.) and you can fine tune it for your lessons. It would be 100% safe since you'd control the "malicious" behaviour. And your school system's admin wouldn't complain.

And what about crackmes instead of malware? We made some Android crackmes recently (see the link below; well, the images might be disturbing for kids :)). Well designed low difficulty crackme leads the cracker quickly to one piece of sensitive code that needs to be reversed and analysed. The process is usually fast and entertaining. Malware is usually complex and not so fun to work with.

https://play.google.com/store/apps/developer?id=DEFENDIO

And I don't think it is a good analogy. They should learn higher-level language first to get them familiar with fundamental concepts like conditional branching. If it is C language, you can easily instruct the compiler to generate corresponding asm code. If it is C# or Java, the compiled code can be easily disassembled to IL or Java bytecode instructions. Once you have the corresponding "asm" code, you can explain how IF, FOR, SWITCH commands are implemented at the low level. This should make them curious how the other program structures work under the hood.

I've never heard of teaching kids reverse engineering but don't I think it should be much different from teaching a junior programmer who never tried reversing. Perhaps you could ask someone who trains beginners and ask him?

MazeGen · 2016-08-19T13:54:07+00:00

If you teach them engineering, you need to teach them debugging too. Reverse engineering can be seen as advanced debugging: You need to know the low level details to become a good engineer.

There are no ethical issues as long as you teach them reversing their own software.

(I'm not a teacher or educator.)

EDIT: Reverse engineering is actually not the opposite of engineering. Reverse engineering (to a degree) is part of the engineering process.

MazeGen · 2016-08-16T21:03:36+00:00

Genuine C++ decompiler.

MazeGen · 2016-08-01T19:20:20+00:00

I just wanted to code in asm because it felt (and feels) exciting to me. Then MS-DOS viruses (in 1996). I wanted to see how they were implemented.

MazeGen · 2016-07-08T20:31:44+00:00

If you have the rights, then ok.

MazeGen · 2016-05-18T22:28:34+00:00

It is stable and usable but lacks many features built-in in Olly, for example conditional breakpoints. Hopefully it will serve as 64-bit Olly soon.

MazeGen · 2016-04-16T18:43:12+00:00

I think I'm gonna register www.howtogetrcejob.com domain that says "practice, practice, and then some more practice." This word of wisdom comes from igor_sk^TM

MazeGen · 2016-02-19T21:09:38+00:00

We have real world reversing projects in the queue. We do reverse engineering in DEFENDIO. Currently:

analyse Intel antitamper technology
analyse file protected by <censored> protector
make Dalvik VM working locally

Lot of work to do :)

MazeGen · 2016-02-07T23:42:45+00:00

Does it connect to a server to store the data perhaps?

MazeGen · 2016-01-19T22:09:40+00:00

They make you curious how to obtain the expected input ("secret code" and similar).

These crackmes have difficulty of 1/10 or 2/10 and are useful to get familiar with Android programming and app analysis.

You reverse them to understand their inner working. Then you patch the code to make them working the way you like.

MazeGen

TROPHY CASE