A Reverse Engineering Workshop for Beginners
Written by Nikos Vaggalis   
Friday, 17 May 2019

A Reverse Engineering workshop for absolute beginners comes from cybercrime researcher Ophir Harpaz. It is available, for free, online.

What do people usually do in their free time ? They watch movies, read a book, go for a walk. Not Ophir, she spends her time reverse engineering binaries!

However, she's not the only one with this interest, therefore she's compiled this magnificent web version of her 2018 Reverse Engineering workshop to share her experience with those of us who share her passion.

So Reverse Engineering in this context is considered to be figuring out what a program does by examining the instructions the program "gives" to the CPU.

The online workshop consists of 3 preparation assignments that cover the basic theoretical material and 5 practical sessions where you disassemble binaries. While the concepts of RE remain the same across platforms, the workshop is about the Windows architecture as well as binary format.

Of course RE involves knowledge of assembly language therefore the very first assignment redirects to a x86 Assembler tutorial by the University of Virginia.You're expected to go through it, but stop at the "Calling Convention" section which is too advanced for the time being. After you do that, then back to the course, where with the fresh knowledge gained, you are expected to solve 3 little riddles, such as:

1. What is foo in the following example? How much space does it occupy in memory?

   .data
   foo DW 1,1,2,3,5

The second assignment starts where we left off at the Calling Conventions section.This, of course, comes hand-in-hand with the Stack, so this section looks at the purposes of the Call Stack, its Structure as well as the stack and frame pointers.

The assignment ends with installing the ultimate cracker's tool, the OllyDbg debugger,which we'll use to get a quick overview of the game Minesweeper's internals.

re-2

At the very end, riddles again. While the answers for every riddle are provided, there's no explanation of how you get to the solution nor the reasoning behind it. That's a minus, nevertheless insight can be found in the users' comments attached to each section's end.

The last assignment in this stage of preparation addresses the following:

  • 32-bit vs. 64-bit Systems
  • Installation of IDA (Disassembler & Debugger)
  • C Recap (optional)

At this point I'd like to highlight Ophir's success in using uncomplicated language to convey a complex subject, hence making it accessible even to mere mortals.

After preparation, we can dive into the 5-session workshop itself.

  • Session #1 - x86 Overview (Slides)

  • Session #2 - Short Intro to IDA (Slides)

  • Session #3 - Playground Exercises

    The Playground session consists of 2 exercises, that is two binaries, Password and Good_Luck, which you download and try to understand using IDA disassembler to discover what they do and what input they expect.

  • Session #4 - Julia

    A more challenging exercise than #3

  • Session #5 - Hacking Minesweeper

    The last part is a guided session to hacking Microsoft's famous Minesweeper game.

If you're on Windows 10 there's no Minesweeper by default, but you can download it from the Windows Store for free.

And that completes the workshop. So if you're looking for a quick, lightweight but rounded introduction to reverse engineering binaries, this is the workshop to attend to.

Although it might sound a bit too old school using Ollydbg and IDA, now that tools like Radare2 or NSA's GHIDRA exist, but what matters most is the theoretical background behind the art of reversing, which this workshop delivers.

re-logo

More Information

Reverse Engineering For Beginners

Related Articles

EU Bug Bounty - Software Security as a Civil Right

Sharpen Your Hacking Skills With CTFLearn

Carnegie Mellon CyLab Challenge: Learn Hacking At School

XSS Hunter For Pentesting

Hacksplaining - Learn Through Hacking

Tactical Pentesting With Burp Suite

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

 

Banner


Angular 8 Adds Default Differential Loading
30/05/2019

The new release of Angular is here, with improvements to the framework, Angular Material, and the CLI designed to improve application startup time on modern browsers. There are also new APIs to let de [ ... ]



Apache Avro Adds ZStandard Support
31/05/2019

Apache Avro 1.9 is available, with an updated JSON reader, smaller size, and support for ZStandard compression.


More News

 

appC

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 17 May 2019 )