Selected: reverse engineering links


    Hello!


    Today we would like to share our list of materials on reverse engineering (RE). This list is very extensive, because our research department is primarily engaged in the tasks of RE. In our opinion, a selection of materials on the topic is good for starting, while it can be relevant for a long time.


    For five years now we have been sending this list of links, resources, books to people who would like to get into our research department, but do not yet go through the level of knowledge or just begin their journey in the field of information security. Naturally, this list, like most materials / selections, will need updating and updating after some time.


    Fun fact: we were shown how some companies send out our list of materials on their own, but only in a very old edition. And after this publication, they will finally be able to use its updated version with a clear conscience;)


    So, let's move on to the list of materials!


    1. Topics
      a. Reverse
      b. Search for vulnerabilities (fuzzing)
      c. Exploitation of vulnerabilities
      d. Malware analysis
    2. Tools
      a. IDA Pro
      b. Radare2
      c. WinDBG (Ollydbg / Immunity Debugger / x64dbg)
      d. Gdb
      e. DBI
      f. SMT
      g. Python for automation
      h. BAF (Binary Analysis Frameworks)
    3. Architecture
      a. x86-x86_64
      b. ARM
    4. OS
      a. Windows
      b. Linux
      c. Mac OS (OSX) / iOS
      d. Android
    5. File Formats
      a. PE
      b. ELF
      c. Mach-o
    6. Programming
      a. C / C ++
      b. Assembler
    7. Practice
      a. War games



    1. Themes


    In this section, we will consider the main areas of RE application. Let's start directly with the reverse development process itself, move on to search for vulnerabilities and exploit development, and, of course, get to the analysis of malware.


    1.a reverse engineering



    1.b Vulnerability Scan



    1.c Examples of exploitation of vulnerabilities found



    1.d Malware Analysis



    2. Required tools


    Below are the popular tools used with RE.


    2.a IDA Pro



    2.b Radare2



    2.c WinDBG (Ollydbg / Immunity Debugger / x64dbg)


    Without knowledge of the principles of the debugger and the ability to use it, you can not do too. Below we will consider debuggers for Windows, and in the next paragraph we will pay attention to the famous GDB. So, let's go:



    2.d gdb



    2.e DBI


    Programmable debugging is today an integral approach in the arsenal of any reverser. And DBI is one of the tools. More details:



    2.f SMT


    What is an SMT solver? In short, an SMT solver is a program that can solve logical formulas.


    The main idea of ​​using SMT in the field of software security is to translate a program code or algorithm into a logical formula, and then use the SMT solver to check one or another property of this code.


    In other words, SMT provides a mathematical apparatus for semantic code analysis.
    SMT-solvers have long been used in our field. They have proven themselves well for the following tasks:


    • search for bugs (static analysis / fuzzing);
    • deobfuscation;
    • home cryptanalysis;
    • symbolic performance (as a "engine");
    • there are also some successes in the field of automatic exploit generation (for example, ROP generation).

    During this time, SMT has lost its halo of mystery, more or less working tools for “ordinary” people have appeared.


    Below are the sources that will help you dive into the topic:



    2.g Python for automation


    Today without knowledge of the basics of the Python language it will be very difficult, because this programming language is considered the most popular tool for automating various tasks in the field of information security (and not only). In addition, it is used in various utilities (for example, all the above utilities allow you to supplement the functionality with the help of this PL):



    2.h BAF (Binary Analysis Frameworks)


    For a little more advanced, we recommend that you pay attention to whole frameworks, which in their composition use the previously mentioned mechanisms and analysis tools to solve more complex problems. So here they are:



    Some interesting frameworks / tools:



    3. Architecture


    We will consider only a few popular architectures. At the end of the article in the section with additional materials you will find information on many others (MIPS, PowerPC, etc.).


    3.a x86-x86_64



    3.b ARM



    4. OS


    Knowledge of the operating principles of popular Operating Systems.


    4.a Windows



    4.b Linux



    4.c Mac OS (OSX) / iOS



    4.d Android


    • " Android Hacker's Handbook " is probably the most popular Android security book;
    • " Android Internals :: Power User's View " is a book about the internal mechanisms of this OS. Due to recent leaks, the material appeared in the public domain, as the author writes on his site and provides the opportunity to download the previous version.

    5. Executable file formats


    This section provides links explaining the details of popular executable file formats.


    5.a PE



    5.b ELF



    5.c Mach-O



    The famous researcher corkami makes very useful and interesting "posters" with a diagram of various file formats, including those mentioned above. We recommend using them as a cheat sheet. And the Kaitai Sctruct utility will help with the analysis.


    6. Programming


    One of our acquaintances once said that a good reverse is 80% good programmer. The ability to program and an understanding of what is being done and why is simplifying the process of researching someone else's program. Therefore, without programming in reverse, nowhere. And of course, automation of a routine task, as you probably already understood, is a very useful thing;)


    6.a C / C ++



    6.b ASM



    7. Practice


    This section provides links to virtual machines and online resources that allow you to practice.


    7.a War Games


    • SmashTheStack Wargaming Network - This network with several wargame is supported by volunteers and is available online. We recommend starting with it;
    • BinTut - local wargame;
    • Reversing Workshop - master class on solving tasks from the annual competition "The Flare On Challenge" for 2016;
    • Exploit-Challenges - a selection of vulnerable ARM binary files;
    • ARM Reverse Engineering Exercises - the original repository "disappeared", but one of the forks was found on the open spaces of github;
    • CTF Time - here you can find out the schedule of future CTF events and read the decisions of the past.

    And finally, a few links with a lot of materials on the above topics:



    Also popular now: