presentations/introduction-to-reverse-eng.../reverse_engineering.md

% Introduction to Reverse Engineering
% Stefan Friese
% 02 November, 2023

---

# Topics

* Effective Reverse Engineering
* Reversing with Ghidra

---

## How Do You Reverse

Reverse Engineering demands a lot of knowledge in multiple fields.  

**Some topics are**

* Assembly Language
* ANSI C
* Other Languages
* Syscalls
* Cryptography

---

How do you reverse engineer without knowing little about these topics?

---

## Reversing is Work

Work is a product of power by time.  
`P` is your power to solve an issue.

`W = P x t`

The smarter you tackle work, the less time you need to solve an issue.

---

## Knowledge is a Map

You conventiently drive around the city using the underground.
That's how you get to know the main spots of the city.

<img src="./images/london_underground.jpg" alt="London Underground" width="50%" height="auto">

---

## Knowledge is a Map

Invest some time and explore deeper on foot.
That's how you get to know the back alleys.

<img src="./images/london_by_foot.jpg" alt="London by Foot" width="50%" height="auto">

---

# Ghidra -- an Overview

---

![Main View of Ghidra](./images/Ghidra-Overview.png)

---

## Watch Out for Low Hanging Fruits

---

* Data Segment
* Names of Functions
* Conditions & Comparisons
* Strings: Usernames, Passwords
* URLs, IP & Port Numbers

**Do not try to understand the whole code at once, it will only drive you mad.**

---

### Data Segments

![A look into the read only data segment](./images/data-segments.png)

---

### Name of Functions

![Functions contained in the binary a.k.a. Symbol Tree](./images/symbol-tree.png)

---

### Conditions & Comparisions 

<img src="./images/decompiled-code.png" alt="Input is Compared to a Hard Coded String" width="50%" height="auto">

Input is compared to a hard coded string

---

### Function Graph

<img src="./images/function-graph.png" alt="Take a Look at the Flow Graph of Functions" width="50%" height="auto">

Take a look at the flow graph of functions

---

### Strings

<img src="./images/defined-strings-menu.png" alt="Open the Defined Strings Menu" width="50%" height="auto">

Strings can not only be located in data but also in other code segments, sometimes obfuscated

---

### Strings

![An old friend](./images/defined-strings.png)

---

### Do It Yourselves!

* [Download Ghidra](https://ghidra-sre.org/)
* [Download binaries at crackmes.one](https://crackmes.one)
* [Find more binaries on hackthebox](https://hackthebox.eu)
* [Or Find even more on tryhackme](https://tryhackme.com)
* Download firmware of your favorite IoT appliances
init 2023-11-15 19:52:07 +01:00			`% Introduction to Reverse Engineering`
			`% Stefan Friese`
			`% 02 November, 2023`

			`---`

			`# Topics`

			`* Effective Reverse Engineering`
			`* Reversing with Ghidra`

			`---`

			`## How Do You Reverse`

			`Reverse Engineering demands a lot of knowledge in multiple fields.`

			`Some topics are`

			`* Assembly Language`
			`* ANSI C`
			`* Other Languages`
			`* Syscalls`
			`* Cryptography`

			`---`

			`How do you reverse engineer without knowing little about these topics?`

			`---`

			`## Reversing is Work`

			`Work is a product of power by time.`
			`P` is your power to solve an issue.

			`W = P x t`

			`The smarter you tackle work, the less time you need to solve an issue.`

			`---`

			`## Knowledge is a Map`

			`You conventiently drive around the city using the underground.`
			`That's how you get to know the main spots of the city.`

			`<img src="./images/london_underground.jpg" alt="London Underground" width="50%" height="auto">`

			`---`

			`## Knowledge is a Map`

			`Invest some time and explore deeper on foot.`
			`That's how you get to know the back alleys.`

			`<img src="./images/london_by_foot.jpg" alt="London by Foot" width="50%" height="auto">`

			`---`

			`# Ghidra -- an Overview`

			`---`

			`![Main View of Ghidra](./images/Ghidra-Overview.png)`

			`---`

			`## Watch Out for Low Hanging Fruits`

			`---`

			`* Data Segment`
			`* Names of Functions`
			`* Conditions & Comparisons`
			`* Strings: Usernames, Passwords`
			`* URLs, IP & Port Numbers`

			`Do not try to understand the whole code at once, it will only drive you mad.`

			`---`

			`### Data Segments`

			`![A look into the read only data segment](./images/data-segments.png)`

			`---`

			`### Name of Functions`

			`![Functions contained in the binary a.k.a. Symbol Tree](./images/symbol-tree.png)`

			`---`

			`### Conditions & Comparisions`

			`<img src="./images/decompiled-code.png" alt="Input is Compared to a Hard Coded String" width="50%" height="auto">`

			`Input is compared to a hard coded string`

			`---`

			`### Function Graph`

			`<img src="./images/function-graph.png" alt="Take a Look at the Flow Graph of Functions" width="50%" height="auto">`

			`Take a look at the flow graph of functions`

			`---`

			`### Strings`

			`<img src="./images/defined-strings-menu.png" alt="Open the Defined Strings Menu" width="50%" height="auto">`

			`Strings can not only be located in data but also in other code segments, sometimes obfuscated`

			`---`

			`### Strings`

			`![An old friend](./images/defined-strings.png)`

			`---`

			`### Do It Yourselves!`

			`* [Download Ghidra](https://ghidra-sre.org/)`
			`* [Download binaries at crackmes.one](https://crackmes.one)`
			`* [Find more binaries on hackthebox](https://hackthebox.eu)`
			`* [Or Find even more on tryhackme](https://tryhackme.com)`
			`* Download firmware of your favorite IoT appliances`