|A Reverse Engineering Workshop for Beginners|
|Written by Nikos Vaggalis|
|Friday, 17 May 2019|
A Reverse Engineering workshop for absolute beginners comes from cybercrime researcher Ophir Harpaz. It is available, for free, online.
What do people usually do in their free time ? They watch movies, read a book, go for a walk. Not Ophir, she spends her time reverse engineering binaries!
However, she's not the only one with this interest, therefore she's compiled this magnificent web version of her 2018 Reverse Engineering workshop to share her experience with those of us who share her passion.
So Reverse Engineering in this context is considered to be figuring out what a program does by examining the instructions the program "gives" to the CPU.
The online workshop consists of 3 preparation assignments that cover the basic theoretical material and 5 practical sessions where you disassemble binaries. While the concepts of RE remain the same across platforms, the workshop is about the Windows architecture as well as binary format.
Of course RE involves knowledge of assembly language therefore the very first assignment redirects to a x86 Assembler tutorial by the University of Virginia.You're expected to go through it, but stop at the "Calling Convention" section which is too advanced for the time being. After you do that, then back to the course, where with the fresh knowledge gained, you are expected to solve 3 little riddles, such as:
1. What is foo in the following example? How much space does it occupy in memory?
The second assignment starts where we left off at the Calling Conventions section.This, of course, comes hand-in-hand with the Stack, so this section looks at the purposes of the Call Stack, its Structure as well as the stack and frame pointers.
The assignment ends with installing the ultimate cracker's tool, the OllyDbg debugger,which we'll use to get a quick overview of the game Minesweeper's internals.
At the very end, riddles again. While the answers for every riddle are provided, there's no explanation of how you get to the solution nor the reasoning behind it. That's a minus, nevertheless insight can be found in the users' comments attached to each section's end.
The last assignment in this stage of preparation addresses the following:
At this point I'd like to highlight Ophir's success in using uncomplicated language to convey a complex subject, hence making it accessible even to mere mortals.
After preparation, we can dive into the 5-session workshop itself.
If you're on Windows 10 there's no Minesweeper by default, but you can download it from the Windows Store for free.
And that completes the workshop. So if you're looking for a quick, lightweight but rounded introduction to reverse engineering binaries, this is the workshop to attend to.
Although it might sound a bit too old school using Ollydbg and IDA, now that tools like Radare2 or NSA's GHIDRA exist, but what matters most is the theoretical background behind the art of reversing, which this workshop delivers.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Friday, 17 May 2019 )|