Reverse engineering. Story. My
Hello,
This time the article will not be technical (although it will come across some technical terms / moments), but rather an autobiographical, if I may say so. This article is about how Icome to such a lifeI came in reverse engineering, what I read, what I was interested in, where I applied, etc. And, for some reason, I am sure that my story will have many differences from yours. Go...
Start
It all started back in childhood. I think, like many guys (and maybe girls), I was always interested to know how everything works, why it works, why it doesn't work, etc.
At first, I began to disassemble all the cars on batteries that I had (even those that my brother had). Of course, it was not always possible to collect, but, the interest was above. Then I found some old radio-tape recorder from my father in the closet, and dismantled it too. There were also Tamagotchi . But there I could not understand anything at all: the microcircuit, the “ drop ” and the screen. Although yes, the screen I disassembled into layers.
Of course, for all the uncollected, I got a hat.
Sega mega drive
My father bought it for my birthday: an ordinary pirate, because there was no license, plus a cartridge Contra: Hard Corps
"." I am sure that the moment of purchase of the set-top box for many children of the 90s has not been forgotten so far (romhakers and retro-chameras - hello!), Namely for me it has become also the key one in the future. But first things first.
Time passed, I grew up. The school has always been interested in computer science and physics (more chemistry). Assembler there, of course, was not taught, but programming in an algorithmic environment " ИнтАл
" (Belarusian development for schools) is very much the same. And, for me, it was a shock when I went to the regional computer science competition, and all but me had blue windows for Turbo Pascal , and I had white windows Интал
. But, then I took the honorable third place.
11th grade
( author's note: the same computer, only much later)
In the fall of 2005, they bought me a computer. From the first days I started playing games. Schooling subsided, but kept at a normal level for the gymnasium. And after half a year to play tired. Then the crucial moment happened!
Negeimer
It was then, in 2006, as it seems to me, that a cutting boom began. A bunch of sites with cracks, keygens, patches. Everyone tried to repack the installer in such a way (to Vinda's hi builds) so that the downloader didn’t have to do anything extra: it was installed and running, though sometimes adding something from itself.
And I was like that. True, the “ pills ” itself did not, but only found them, drew a NFO
shot, repackaged the installer (most often it was Inno Setup
), and then you know.
Translator
So, then for some reason I did not like that not all the programs were translated into Russian, and I wanted to fix it. He pumped up various resource editors, such as Resource Hacker
, began to open all the exe
and dll
-files of programs that he found in Program Files
, and looked at which string resources could be translated. I translated, packaged into the installer .lng
or .RUS
file, and laid out (I did not recognize how these rus files worked). But it went on until I came across packed and protected files.
cracklab.ru
Now exelab.ru
. It was there that I learned that executable files are packaged (and sometimes protected), as well as how to deal with it. And, as the authors often mentioned in their articles such things as " assembler ", " disassembling ", " Kalashnikov mailing ", I had to go into the materiel.
I downloaded a couple of " cracks " for experiments (programs specially written to reverse them, while learning how to hackand protection). I tried it - I really liked it! Everything turned out the first time, to which I was incredibly happy.
As a result, simple defenses were shot once or twice with the help of patching (from the word patch - patch), but with those that are more complicated (I decided to try erotic checkers and giveaway ) somehow it became hard, and I stopped, deciding to return to translations.
Romhacking
Sometimes playing in Segou , I came across cartridges in Russian, on the title screens of the games of which there were such inscriptions as " Translation GroupSHEDEVR
", " TranslationNEW-GAME.RU
". Whether I did not know the developers, or I did not know any third-party organizations, but they clearly had access to some manuscripts, ancient texts of the Sumerians, which told how to translate the games into Russian. And I wanted to master this knowledge.
So I discovered the " Masterpiece " forum .
They had articles, there were programs - everything you need to make your favorite game also " your favorite game in Russian. " True, the articles were only for NES
( Nintendo Entertainment System , or in a popular way: Dandy , Syubor ). But still cool! And I plunged into new and fascinating topics: Romhacking and emulation of retro consoles on PC.
In short, romhacking is any change in the image or file of a game, for whatever purpose: translation, correction of code, graphics.
It was a very entertaining process: you sit, redraw the squares of the game font pixel by pixel, translate and paste the PokePerevod
text with the help of the translation program , and see what happened. True, no you assembler, only hardcore! But it was already a bar through which very few could jump (judging by the number of Masterpieces active on the forum).
I'am a teacher
Having made some transfers "to the table", and some to the people, I returned to the executable files of Windows . A little more knowledgeable in assembly language, I realized that there was too much " secret " knowledge in me now, and I have something to tell from my experience, I have something to share, and what has not yet been described in the existing articles. I wanted to transfer knowledge to the same newcomers as I was myself (apparently, the fact that my mother is a teacher).
Having taken the first available program that required a license (and almost all the articles that teach cracking began), I decided to investigate it, at the same time telling me what I was doing. Then it will not seem that the program was taken specially for the old version, studied long ago, broken, but it turns out on the contrary such a fresh and relevant lesson, with screenshots and almost no absolute addresses, to somehow keep the article relevant at the time of reading by someone in the future.
Having received positive reviews, I wrote again and again, realizing that there is demand.
Instruments
When writing of each article I have tried to use only the freshest and convenient program at that time: Olly Debugger
a plug-in PEiD
, PE Explorer
and a bunch of others. No SoftICE
, HIEW
and DEBUG.COM
most of the authors are accustomed to use, although in the modern world it was a pain to use them.
However, at that time I never used it IDA Pro
. It seemed to me difficult, incomprehensible, it was very difficult to debug, and the simplest things of the type FS[0x30]
and LastError
, as in Olly Debugger
, it was very difficult to recognize.
And in the university are taught to reverse?
If in a nutshell, in Belarus, with this tight, and, as far as I know, in Russia and Ukraine, too. Why? Yes, because the specialists of this profession are usually needed in one and a half of the organization, and usually one and a half people. Actually, there are not so many teachers.
Yes, assembly language is, of course, taught, even in some colleges. Only a student, looking at the written assembler listing, can hardly even realize that all these registers, operands, opcodes are at least somehow connected with information protection, exploits, cracks, keygens, patches, malware, antivirus, firmware, etc.
For example, in Belarus, I know only two or three places where reverse engineers are required. In Russia, of course, the situation is better, but there are also few specialists.
First job
I decided to go to work as a virus analyst at one of these firms, realizing that, in fact, there was no place to go anymore.
Reverse malware, rivet signatures, learn how malware works, write decryptors for ransomware (if it turns out), improve the kernel along the way.
In principle, the work is not bad, but only after a while I realized that not everyone is closer to watching how malware uses some vulnerabilities, but to find them myself, to be first in this, helping to protect the information world with the reports sent to the developers.
Other assembler
Once I found out that in addition to the assembler code Intel
(16, 32, 64 bit), there is another, seemingly completely different from what you know. It happened at that moment when I got to transfer my favorite game - " Thunder Force III
", in which my brother played better than me.
The resources in it were compressed by some unknown packer, since I could not find the font in any tiled editor ( it is in such programs that the game letters are most often redrawn, which are displayed on the screen ).
Therefore, I began to google, having stumbled upon the work of one Frenchman, who had just disassembled the game compression algorithm. I contacted this person, asking how he studied the principle of operation of the compression algorithm, to which he threw me my first IDB
file (this is a database file IDA Pro
), in which many points of the game code were parsed, which impressed me a lot!
So I plunged into the wilds IDA Pro
and assembler Motorola 68000
, from which I have not got out (and I don’t want) until now.
PS Thunder Force III
I never translated, but wrote a level editor for it.
Sony Playstation
Yes, the next was "the first ployka ." She also had another assembler - MIPS
with other registers, opcodes, addresses. And on this console, there were still games with compressed resources that needed localization.
Reverse thinking and first keygen
Do you know what then became a real test for me? Having on hand only assembler code listing which unpacks something, to write to it the packer. Here it was necessary to develop the opposite thinking, which was practically not required during the patching of the “ cracks ”, and the cure of programs from greed.
I tried to go from the reverse, understanding what should be at the output, at the input, and which bytes of compressed data are responsible for what to do the same.
Having written many more utilities for a heap of games for unpacking and packing data, I realized that I was ready to write my first keygen, since already learned to think from the opposite.
I don’t remember what kind of program it was, but keygen was a success, and I could always get the correct serial number from the username. What also told in the article.
Keygen Article
But writing an article about keygen was hard. Heavier than writing keygens. Since It’s pretty hard to convey the principle of reverse thinking in the article. Like everything that comes with experience.
Crack team
At first, if you, like me, came to the reverse by self-taught, you reverse one, for yourself (or the people, this is how it goes). And it suits you. But, then you come across some release of the crack team (these are the ones that lay out the hacked software with cracks and keygens), and decide to join them. There you can compare your strengths with other people, and at the same time gain experience from them.
Gathering courage, write a letter asking to join. Send the job in the form of keygenmi. You decide it, after which they give you access to the chat team.
In fact, not all of them are reversers. Someone is an artist, someone can get paid software, someone has computing power (the ability to factor any public key RSA-512
in two days, for 2013, if it was necessary to remove the licensed protection). In general, the advantages are obvious. But you still choose the software for the release yourself, most often. And you don't get money for releases. True.
Then what is the profit, you ask? In releasing before the other team ( FFF
, CoRE
and many others). Very well this theme was revealed in the web-series " Scene (Scene) ".
Problems with law?
Yes, for the distribution of cracks and keygens all the same there is a chance to thunder (especially if the program is popular and costs a lot of money). At any time, a test purchase may occur: you will write an uncle who wants to " hack Adobe
/ 1C Бухгалтерия
how many will wake up " (the real story). But the guys want to survive, especially if there is no work, but you want to use the “ skill ”, no matter where. And they start going to extremes ...
... baryzhat broken software, hack into the program for money.
And, at that moment, when there is a desire to live honestly, the cracker is going to get a job, his past is being dug up there, and - “ Sorry, but your past did not play in your favor! ”. Although, from my position, a person with such experience should be taken with arms and legs, because, firstly, you give a person the opportunity to improve, and, secondly, direct his knowledge in the right direction. Among my acquaintances there are indeed examples of successful employment in the antivirus area, where a friend at the office said that he had hacked programs to order.
Fairly earned license key
Yes, and it happens. Even a cracker. There were articles about how to get a key from a developer. And I tried to do that. Did not help.
In those years I was just studying the " blind " press, and was looking for adequate programs for this. Shahidzhanyan blew his brain " Соло на клавиатуре
", so I began to look for alternatives. Stumbled upon Typing Reflex
. She was paid, but very good.
Then I translated the program into Belarusian, and sent the language file to the author. For which he received in response a license key in his name! My first license key.
What's next?
Having played enough in a pirate, you gradually come to the fact that you have a job, the salary is stable, you are doing your favorite work, which means it is time to tie up with bad things.
From the options where to go: anti-virus companies, industrial security (reverse firmware, industrial protocols, search for vulnerabilities), special departments of some large companies, such Sony
as where you want to investigate the security of your own products, well, or becomestrong and independent reverse engineer and make money on bugbacks, speak at conferences, etc.
There are also reverse engineers, hardwarders (those that iron reversal), but I know little about them. Although the topic is very interesting. I'm more on the program part.
Nirvana
Looking at different kinds of platforms, assembly code ( Intel
, ARM
, PowerPC
, M68K
, 6502
, MIPS
, 65c816
, Blackfin
, IA64
and some more, I do not remember), come to the conclusion that the principle of all assemblers almost the same (well, except that Itaniuma), and start to look on these endless listings in a different way: first of all you find teams of jumps, move
-commands, returning from a function, from which side source
, from which side dest
, and further on depending on the circumstances. So you reach Nirvana ...