What is that gibberish? It says, It's been a long time again, but reversed. Why reversed? Well to make it short, I have been submersed in reverse engineering the past few weeks. I do a good bit of this at work and it has become my focal point in security these days. I really enjoy it. I wanted to post this because I wanted to provide some beginner steps to anyone that wants to go down this road.
One of the first things I think everyone asks is "yeah but I hate programming, do I need to learn how to program?". I think it is important to understand programming concepts very strongly. Do I think you need to be able to write out a full object oriented application for the masses? No, but you should know solid programming structures such as variables, loops and functions. Now the more you know about programming, I think the easier it will be. I think one also has to have a pretty decent knowledge of Assembly Language programming. Again, you don't need to be writing applications that are enterprise worthy, but knowing how the stack and heap work, knowing push and pop, and the registers such as EAX, EBX etc. Also knowing the comparison functions such as XOR and some of the jump statements such as JMP, JNZ etc.
Your probably saying "I thought you said I don't have to learn programming!". OK, you may need to spend some time getting familar. I would recommend Assembly Language Step-by-step by Jeff Duntemann. I know it's an older book, but to be honest with the exception of 64 bit addressing (which is a big change) there isn't much more new in Assembly. Depending on your higher level programming skills, you may want to grab something like Algorithms in C++ Parts 1-4: Fundamentals, Data Structure, Sorting, Searching.
Next I want to preface what I am about to say with a warning. My giving these links is not in any way shape or form condoning what one does with the information. I'm just saying there are many options available to really learn reversing. Some use it for evil, while others use it for good.
With that out of the way, the best way to learn how to reverse is to, well, reverse stuff :). There are a lot of collections of files out there, that are not bound by copyright, called crackmes. These are little applications that people who know and enjoy reversing provide for others to learn. They are small snippets of applications, normally built by the creator of the crackme tutorial, used to show by example. Starting here is probably not a bad thing. Find as many as you can, trying to follow the tutorials less and less as you go on. Then you might move on to finding sites that have samples of found and known malware. Be careful here, you need to make sure you have an isolated machine when playing with malware. Reversing malware can lead to infection. I personally use VMWare on my Mac and it works great because I can revert back to a clean state after every sample. In my next post, I will give some simple instructions on how to build an analysis machine using VMWare.
I am leaving you with some links to some of the things I mentioned. Remember, I do not condone or hold responsibility for what you do with this information. I can only hope you are going to use it for good.
Binary Auditing Free Training
Reverse Engineering Community Forum
ARTeam crackme examples and tutorials
SANS Reverse Engineering Course
You can also search for crackme tutorials, reverse engineering, or reverse engineering malware on youtube or securitytube
Enjoy!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment