Reverse Engineering: It was all a dream.
I used to install programs on my windows XP machine and do stuff like editing pictures with photoshop, creating annoying music with FL studio, and edit CounterStrike videos with Sony Vegas.
Those are for the pros, and I was no pro. They required a valid license key, and that was one of the most annoying things ever back then.
I am sure you know what I mean. We all have been there.
I had no knowledge about computer security, so I just download the first keygen I find on the internet and use it.
Some of them worked successfully, but most of them did compromise my machine successfully ( the stupidity I had back then was too damn high)
But one thing I used to be curious about is how those keygens creators manage to get those keys. Did they buy these keys and give them to the public for free?
Then how and why?
I started to become more curious about computer security, software, and technology. My English skills were poor as it’s not my native language, not even the second. Arabic content about computer science was poor also.
As I started to become more familiar with the English language, one day I found an article that talks about becoming an ethical hacker and that was the first time I saw the term “Reverse Engineering”
I was already familiar with some terms such as networking, Linux, BackTrack…etc. I read what’s in there about reverse engineering and didn’t understand a thing.
After a few years, I decided to go hard about my career as a penetration tester.
I put a list of the things that I should learn, and the last one was reverse engineering because I knew it will require time and effort to learn that ( I was stupid about that too ).
As I am playing CTFs and solving Hackthebox machines, I always felt stupid for leaving reverse and binary challenges not solved, I felt like a coward, not like a hacker.
So many points were wasted, and so many CTFs were lost.
But three weeks ago, I decided to take the courage and challenge myself to learn it.
Trust me, Three weeks ago since writing this post, I knew nothing about reversing, now I can say that I’ve mastered the very basics of reverse engineering a program.
I am no pro, maybe an amateur.
But, I learned how to reverse a simple program in C, read codes in Assembly, and solve some reversing challenges from Pico2018 CTFs.
Things that I used to think is impossible.
I used to open a program with Ollygdb and wonder what those numbers and letters mean.
Now I know what they mean, I know what is a register, the stack, eax, esp, ebp, debug, decompile, CMP, pseudo-code…etc
Oh what I great feeling when those things start to make sense to you.
I want you to feel that too.
If you are a beginner and you want to learn about Reverse Engineering, then keep reading, I wrote this article for you. I included what I think everything you will need to get started with Reverse Engineering ( RE ).
Let’s get started.
First, I will give you the definition that helped me understand what Reverse Engineering is:
Reverse engineering is the process of discovering the technological principles of a human-made device, object or system through analysis of its structure, function, and operations.
One of my non-technical friends asked me what I was doing and then I decided to explain to him What is RE.
I said think of it like this: You are given a tasty cack and then asked to expose every ingredient that has been used to make it. He asked, “ how?” I said you can keep tasting it and you see how it reflects on your tasting mechanism. Sugar? Salt? Flour? Eggs? Aah! you name it.
In this case, the cack is the program and your tasting mechanism is the CPU and Memory.
He said “Aaah!” and walked away.
I don’t care if he did understand or not but I do care about making you understand.
What do we use RE for?
Well! We use reverse engineering to discover vulnerabilities in software, devices, and analyze Malware and ransomware. That’s all that you need to know for now.
And I think you are here because you want to learn about one of the two above. Am I right?
What do we need to learn reverse?
Ah! Okay! As a beginner, you need to be familiar with some programming languages including C, Assembly, Python. And here are some resources where to learn them:
C
Assembly
Wait! What is assembly first?
It’s a low-level programming language. It’s called low-level because it interacts directly with machine code (010101011101) but it’s more human-readable.
Yes, it’s complicated compared to C or Python. But humans can still read its codes. here’s an example:
asm0:
push ebp
mov ebp,esp
mov eax,DWORD PTR [ebp+0x8]
mov ebx,DWORD PTR [ebp+0xc]
mov eax,ebx
mov esp,ebp
pop ebp
ret
Don’t worry if you didn’t understand the code above, keep reading, you will know what those letters mean.
Also, we use something called Assembler to convert code like the above one to machine code. Nasm is a well-known assembler. find it here.
We use a Disassembler to reverse engineer a program and see its code in Assembly.
However, here are some good resources to learn Assembly:
Assembly Language Programming Tutorial
Introduction to Assembly Language Programming
That’s it.
Python
FreecodeCamp Python
And this is my favorite book about python
Automate the Boring Stuff with Python
Basically, just type the name of the programming language you want to learn and go ahead.
It’s all about you and how serious about learning.
RE is based on three main things, which are Memory, Processor, and the Registers.
The Random Access Memory ( RAM ) cannot stand alone without the central processing unit (CPU) and the latest cannot do much without RAM.
The CPU executes instructions and read data that is stored temporarily in RAM. However, RAM has a bunch of addresses ( stuff like 0x0000424, 0x0000643F) ) where these data and instructions are stored. Each time the CPU executes one, The instruction Pointer, which is stored in the EIP register, is incremented.
The registers?
Simply put, the registers are parts of the processor that’s used to accept; store, and transfer data and instructions that are being used immediately by the CPU.
ECX, ESI, EDI, EBP, ESP some of them can be devided to further 8-bits or 16-bits registers ( AX, AL, AH…etc)
Registers are the fastest way for the system to manipulate the data.
In Assembly, we refer to data by its size and not types like char, string, float…etc. These types are:
Bytes 8-bits
Word 16-bits
Double Word 32-bits
Quad Word 64-bits
Now comes data movement. Instructions operate on the values that come from the registers or the memory. MOV is the easiest one to explain.
mov esp, 0x0003 is equal to esp = 3
Other instructions examples are:
ADD = add two numbers together
CMP = compare two numbers
IN = input information from a Service e,g Keyboard
JMP = JUMP to address IF a condition is met ( it has a lot of variants )
Trust me, there a lot of them and they are easy to understand. I even couldn’t believe that I did understand them in one day.
But hey! Practice Practice Practice.
Now comes the tools, and here are the tools I’ve used in the past three weeks:
gdb — GNU debugger you can find it in your Linux distro. You can also add the PEDA python to it to make it more useful.
Radare2 — Advanced command-line hexadecimal editor, disassembler and debugger
Ghidra — A software reverse engineering (SRE) suite of tools developed by NSA’s
I also used other commands such as File, Strings, objdump.
Now comes RE courses:
Book: Practical Reverse Engineering
CTF: John Hammon CSAW reverse engineering Write-ups
Just start with these ones and I am sure you will get ahead with understanding what reverse engineering is all about.
If you stay consistent about your studies, trust me you will be able to crack codes by yourself.
I’ve done it in three weeks and maybe you can do it in less.
Just make sure to write down notes and dig deeper about the things you don’t understand.
And PLEASE, if you didn’t understand a particular concept, give yourself time. Go do something else to clear your head and come back later, but don’t skip it.
That was how I did it
And I want you to do it.
Now, if you liked what you read, and if you love penetration testing, I invite you to subscribe to my email list, I won’t bother you with useless emails. Indeed I will send you thoughts and crafts about Penetration testing and computer security, things you will benefit from.
