Who let you in here?!

Scott Percival

https://moral.net.au - @moralrecordings

Aims of reverse engineering

  • Gain an understanding of a system's inner workings
  • Extract information
  • Create or improve a new design
  • Make changes or extensions!

Poisonous myths to be stamped out

  • Reverse engineering is a competition
  • In order to start out...
    • you have to know everything about the target!
    • you have to know C!
    • you have to know assembly language!
    • you have to be a genius!
  • It only counts as true reverse engineering if...
    • no-one has ever researched this before
    • it looks sufficiently painful and complex

Categories of technique

  • Black box analysis: probe just the inputs and outputs of a system
  • Dynamic analysis: examine the internals and state of a system while executing
  • Static analysis: examine and annotate the internals of a system at rest

Have at least two of these approaches handy!

Reading mystery data

Bytes

Hex editor

Shameless plug

https://bitbucket.org/moralrecordings/mrcrowbar

Magic numbers

Lookup tables

Raw graphics

Raw audio

Histogram dump

Compression and encryption

Troubleshooting any problem

Debugger

You only need 4 features!

  • Stepping (step over, step into, continue)
  • Breakpoints (add and remove)
  • View state (e.g. variables)
  • View current stack trace

The investigation formula

  • Reproduce the behaviour in a test environment
  • Establish the boundaries of the system
  • Observe for points of interest
  • Find an entry point close to a point of interest
  • Trace through to the exact moment it happens

Understanding any program

Disassembler

Conversion

Second-last slide

  • Every reverse engineering skill has a progression
  • It is normal to start off knowing barely anything
  • Find an area of research that interests you
  • Write up your findings!

Questions

https://moral.net.au - @moralrecordings

P.S. GOOD LUCK!

Reverse Engineering is Good and also For Everyone
@moralrecordings