stefan
/
presentations
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
presentations/introduction-to-reverse-eng.../reverse_engineering.md

132 lines
2.5 KiB
Markdown
Raw Blame History

% Introduction to Reverse Engineering
% Stefan Friese
% 02 November, 2023
---
# Topics
* Effective Reverse Engineering
* Reversing with Ghidra
---
## How Do You Reverse
Reverse Engineering demands a lot of knowledge in multiple fields.
**Some topics are**
* Assembly Language
* ANSI C
* Other Languages
* Syscalls
* Cryptography
---
How do you reverse engineer without knowing little about these topics?
---
## Reversing is Work
Work is a product of power by time.
`P` is your power to solve an issue.
`W = P x t`
The smarter you tackle work, the less time you need to solve an issue.
---
## Knowledge is a Map
You conventiently drive around the city using the underground.
That's how you get to know the main spots of the city.
<img src="./images/london_underground.jpg" alt="London Underground" width="50%" height="auto">
---
## Knowledge is a Map
Invest some time and explore deeper on foot.
That's how you get to know the back alleys.
<img src="./images/london_by_foot.jpg" alt="London by Foot" width="50%" height="auto">
---
# Ghidra -- an Overview
---
![Main View of Ghidra](./images/Ghidra-Overview.png)
---
## Watch Out for Low Hanging Fruits
---
* Data Segment
* Names of Functions
* Conditions & Comparisons
* Strings: Usernames, Passwords
* URLs, IP & Port Numbers
**Do not try to understand the whole code at once, it will only drive you mad.**
---
### Data Segments
![A look into the read only data segment](./images/data-segments.png)
---
### Name of Functions
![Functions contained in the binary a.k.a. Symbol Tree](./images/symbol-tree.png)
---
### Conditions & Comparisions
<img src="./images/decompiled-code.png" alt="Input is Compared to a Hard Coded String" width="50%" height="auto">
Input is compared to a hard coded string
---
### Function Graph
<img src="./images/function-graph.png" alt="Take a Look at the Flow Graph of Functions" width="50%" height="auto">
Take a look at the flow graph of functions
---
### Strings
<img src="./images/defined-strings-menu.png" alt="Open the Defined Strings Menu" width="50%" height="auto">
Strings can not only be located in data but also in other code segments, sometimes obfuscated
---
### Strings
![An old friend](./images/defined-strings.png)
---
### Do It Yourselves!
* [Download Ghidra](https://ghidra-sre.org/)
* [Download binaries at crackmes.one](https://crackmes.one)
* [Find more binaries on hackthebox](https://hackthebox.eu)
* [Or Find even more on tryhackme](https://tryhackme.com)
* Download firmware of your favorite IoT appliances
Reference in New Issue View Git Blame Copy Permalink