Jump to content
Sign in to follow this  
gigiRoman

RE tools and books

Recommended Posts

03873c2d4bcf0bff9cda7ffeb782620a.jpg
 dukebarman August 15, 2017

Favorites: reverse engineering links

 

99f176fce76e4a2cbc5a480fb3fbae5b.png

 

Hello!

 

Today we would like to share our list of materials on reverse engineering (RE). This list is very extensive, because our research department is primarily concerned with the tasks of RE. In our opinion, the selection of materials on the topic is good for the start, while it may be relevant for a long time.

 

We have been sending this list of links, resources, books for five years to people who would like to get into our research department, but they don’t yet pass by the level of knowledge or just begin their way in the field of information security. Naturally, this list, like most materials / selections, will need updating and updating in some time.

 

Funny fact: we were shown how some companies send out our list of materials from themselves, but only in a very old edition. And after this publication, they will finally be able to use its updated version with a clear conscience;)

 

So, let's go to the list of materials!

  1. Topics
    a. Reverse
    b. Search for vulnerabilities (fuzzing)
    c. Exploiting Vulnerabilities
    d. Malware Analysis
  2. Tools
    a. IDA Pro
    b. Radare2
    c. WinDBG (Ollydbg / Immunity Debugger / x64dbg)
    d. GDB
    e. DBI
    f. SMT
    g. Python to automate
    h. BAF (Binary Analysis Frameworks)
  3. Architecture
    a. x86-x86_64
    b. ARM
  4. OS
    a. Windows
    b. Linux
    c. Mac OS (OSX) / iOS
    d. Android
  5. File Formats
    a. PE
    b. ELF
    c. Mach-o
  6. Programming
    a. C / C ++
    b. Assembler
  7. Practice
    a. War games
 
 

1. Topics

 

In this section, we will look at the main areas of RE application. Let's start directly from the reverse development process itself, move on to finding vulnerabilities and developing exploits, and, of course, let's get to malware analysis.

 

1.a Reverse engineering

   

1.b Vulnerability Scan

   

1.c Examples of exploiting found vulnerabilities

   

1.d Malware Analysis

   

2. Necessary tools

 

Below are the popular tools used in RE.

 

2.a IDA Pro

   

2.b Radare2

   

2.c WinDBG (Ollydbg / Immunity Debugger / x64dbg)

 

Without knowledge of the principles of the debugger and the ability to use it, too, can not do. Below we look at debuggers for Windows OS, and in the next paragraph we will focus on the famous GDB. So, let's go:

   

2.d gdb

   

2.e DBI

 

Programmable debugging is today an indispensable approach in the arsenal of any reverser. And DBI is one of the tools. More details:

   

2.f SMT

 

What is the SMT solver? In short, an SMT solver is a program that can solve logical formulas.

 

The basic idea of using SMT in the field of software security is to translate a program code or algorithm into a logical formula, and then use a SMT solver to test one or another property of this code.

 

In other words, SMT provides a mathematical tool for semantic code analysis. 
SMT solvers have been used in our field for quite some time. They are well established for the following tasks:

 
  • search bugs (static analysis / fuzzing);
  • deobfuscation;
  • "home" cryptanalysis;
  • character execution (as an "engine");
  • There are also some successes in the field of automatic exploit generation (for example, ROP generation).
 

During this time, SMT lost the aura of mystery, more or less working tools for “ordinary” people appeared.

 

Below are sources that will help to plunge into the topic:

   

2.g Python for Automation

 

Today, without basic knowledge of Python, it will be very difficult, because this programming language is considered the most popular means for automating various tasks in the field of information security (and not only). In addition, it is used in various utilities (for example, all the above utilities allow you to complement the functionality with the help of this PL):

   

2.h BAF (Binary Analysis Frameworks)

 

For a bit more advanced, we recommend paying attention to whole frameworks, which in their composition use the previously mentioned mechanisms and analysis tools for solving more complex problems. So, here they are:

   

Some interesting frameworks / tools:

   

3. Architecture

 

We will cover only a few popular architectures.At the end of the article in the section with additional materials you will find information on many others (MIPS, PowerPC, etc.).

 

3.a x86-x86_64

   

3.b ARM

   

4. OS

 

Knowledge of the principles of work of popular Operating Systems.

 

4.a Windows

   

4.b linux

   

4.c Mac OS (OSX) / iOS

   

4.d Android

 
  • Android Hacker's Handbook " - probably the most popular book dedicated to the safety of the Android OS;
  • Android Internals :: Power User's View " - a book that tells about the internal mechanisms of this OS. Due to recent leaks, the material appeared in the public domain, about which the author himself writes on his website and provides an opportunity to download the previous version.
 

5. Executable file formats

 

This section provides links explaining the details of popular executable file formats.

 

5.a PE

   

5.b ELF

   

5.c mach-o

   

The famous researcher corkami makes very useful and interesting "posters" with the scheme of various file formats, including those mentioned above. We recommend using them as a cheat sheet. A utility Kaitai Sctruct will help in the analysis.

 

6. Programming

 

One of our friends once said that a good reverser is 80% a good programmer. The ability to program and understand what is being done and why simplifies the process of researching someone else's program. Therefore, without programming in the reverse nowhere. And of course, the automation of routine tasks, as you probably already understood, is a very useful thing;)

 

6.a C / C ++

   

6.b ASM

   

7. Practice

 

This section provides links to virtual machines and online resources to practice.

 

7.a War Games

 
  • SmashTheStack Wargaming Network - this multi-wargame network is maintained by volunteers and is available online. We recommend starting with it;
  • BinTut - local wargame;
  • Reversing Workshop - a master class on solving tasks from the annual competition "The Flare On Challenge" for 2016;
  • Exploit-Challenges - a selection of vulnerable ARM binary files;
  • ARM Reverse Engineering Exercises - the original repository "disappeared", but one of the forks was found on the github expanses;
  • CTF Time - here you can find out the schedule of future CTF-events and read the solutions of the past.
 

And finally, a few links with a large number of materials on the above topics:

 
+35
37115
+35
38.3k371
03873c2d4bcf0bff9cda7ffeb782620a.jpg
27
Karma
0
Rating
Boris Ryutin @dukebarman

Security researcher

 
13 subscribers
Share publication
 
 
 
 
Language settings
Full version
 
 
2006-2019 © « TM »
  • Thanks 1
  • Upvote 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...