728x90 AdSpace

Latest News

Wednesday, 18 December 2013

Reverse Engineering


What do I learn first?

—>>path 1:

1 ) visit 
http://video.reverse-engineering.net/ to view some reversing videos that train you in the RCE basis.
2 ) check 
http://www.crackmes.de/ to find some visual solution submitted for crackmes.
3 ) Try to repeat the shown steps, and reproduce them with other crackmes. This will bring you quickly to practice.
4 ) Learn ‘on-demand’ what you need to know over the time by using linked resources about languages, apis, forum etc. you can find in this section.

—>> path 2:

1 ) read 
http://www.cplusplus.com/doc/tutorial/ up to “Compound Data Types:” included
2 ) read 
http://www.winprog.org/tutorial/ up to “Graphics Device Interface” included (use the Win32 help file -below- to understand Win32 functions better)
3 ) Now you know the Win32 basis, select an Assembler Ebook/tutorial and start learning a bit of assembler -the more, the better.
4 ) Take Olly -below-, go to 
http://www.crackmes.de/ and select some crackme level 1
5 ) read the solution of 2-4 solved crackmes of level 1!!
6 ) select a solved crackme lvl1 and try to solve it. If you have problems, read the solution and TRY TO DO the steps of the solver.
7 ) goto 6 until you solve lvl1 crackmes very easily
8 ) Increase level difficulty by 1, goto 5!

1. Full Newbie Tutorials
2. Challenges and Tutorials at *any* level
3. Tutorials, Papers, Documentation, Books (all Free)
4. Learning Programming Languages (ASM etc.)
5. Debuggers/Disassemblers
6. Tools of Our Trade
7. Linux Related
8. Suggested Books (not free)
9. Advanced Reversing Papers/Material
10. Hacking over the Net…
————————

1. Full Tutorials
————————

Course for Newbies
http://www.freewebs.com/fdemunck/newbieproject1.rar

Very Assembler Basis, SICE Usage, Basic Techniques. A very good set of tutorials from LoRd HrUn. Also explains what is the ‘stuff’ you see when you open a debugger for the first time… (link is missing for now, to be restored)

Lessons for Newbies
http://evilteach.8k.com/ : a collection of 4 lessons with material that explain you what mean the things you see when you start reversing a program.

2. Challenges and Tutorials at *any* level:
————————

Challenges for Crackers, at any Level
http://crackmes.de/ ; you can find many legal crackmes(=stuff you can legally crack) here to test your skills
Being sorted by difficult grade -most of them offers one or more TUTORIAL for their solution-, it is also the biggest tutorial collection available today.

3. Tutorials, Papers, Documentation, Books (Free)
————————

(note: material for learning languages is in the appropriate section!)

Win32 API Help File
http://www.borland.com/devsupport/borlan...52HLP1.ZIP ; here you can download the Win32 help file for the external link with Olly.
Do not even THINK to do without this. API reference is essential, so take it if you haven’t it yet.

Win32 Basis
http://www.winprog.org/tutorial/index.html ; here you learn the true basis of Win32 API programming, in C. Just read it ALL. The more you know about Windows, the better you understand what’s happen when reversing code.

Introduction to Cryptography (full free ebook)
http://www.cacr.math.uwaterloo.ca/hac/ The “Handbook of Applied Cryptography”, a cool free e-book on cryptography. Excellent as a quick reference.

Introduction to Cryptography (full course)
http://www.cs.washington.edu/education/c...p590/06wi/ ; a whole course that introduces to cryptography and ciphers, with all the materials and assignments online!! A very good starting point for cryptos.

Introduction to Cryptography (Tutorials)
http://www.antilles.k12.vi.us/math/cryptotut/home.htm ; a set of easy tutorials on ciphers. Highly recommended.

Cryptography Tutorials (ECC)
http://www.certicom.com/index.php?actio … cc_tut_1_0 ; a very nice link on Elliptic Curve -worth to read about.

Inject code, General Reversing Introduction Tutorial/Document
http://www.codeproject.com/useritems/inject2exe.asp ; this article contains clean references to the basic tools (ResHacker, Debuggers, Disassemblers) and exaplian also how to inject code into an executable.

SEH Paper/Tutorial/Document
http://www.jorgon.freeserve.co.uk/Except/Except.htm ; a paper that tells you what you need to know on SEH and Trap Flag tricks

PE Format, AntiDebug, AntiDump, Iczelion Assembler Tutorials/Papers/Documents
http://www.migeel.sk/anticrack/showpage....=downloads ;This page contains few zipped papers that can be useful.

Art of Disassembly E-BOOK
http://aod.reverse-engineering.net/

Article on PE Header at Code-Breakers Journal (CBJ)
http://www.secure-software-engineering.c...view/&id=60 ; contains a very detailed and easy explanation of all the PE sections (IAT -Import Address Table, EAT -Export Address Table, Sections, Directories, Resources etc.) how alter them and what they are. From beginners to experts.

PE Header Reference
this text contains a description of the PE Header which is good to keep as a quick reference. For learning the PE header structure and fields, I suggest the above CBJ article.
http://webster.cs.ucr.edu/Page_TechDocs/pe.txt

Quick Assembler Reference
a quick reference to pentium ASM instructions. Just click the initial letter, and select the ASM mnemonic. Very handy (especially if you download the whole site into your HD )
http://faydoc.tripod.com/cpu/index_v.htm

Quick Guide to Network Programming
a quick tutorial for learning the basis of network programming, without spending too much time.
http://beej.us/guide/bgnet/output/htmlsingle/bgnet.html

Adding Sections to PE, RVAs and Import table, loaders/patcher code
http://www.sunshine2k.de/Articles.htm ; this site contains some small, very basic articles on PE, Import table, Basic DLL Injection and loader’s coding.

4. Learning Languages (ASM etc.):
————————

Learning Assembler Language E-BOOK (A)
hxxp://webster.cs.ucr.edu/ ; the HLA Assembler home page. An excellent, free EBOOK for learning Assembler, “The Art of Assembly Language”, with HLA compiler and many tools. The site has a Linux section.

Learning Assembler Language E-BOOK (B)
http://www.drpaulcarter.com/pcasm/ ; this site contains an *excellent* free EBOOK that teaches Assembler language from scratch. Translated in various languages. Pretty good. If you are not interested in HLA, this is a valid alternative.

Learning Assembler Language E-BOOK ©
http://savannah.nongnu.org/projects/pgubook/ ; a good free ebook that teaches Assembler from scratch, explaining even what a “word” is. “Small” drawback: AT&T Assembler syntax .

Learning C++ Language
http://www.cplusplus.com/doc/tutorial/ ; this tutorial gives you the basis of C++ language, for starting coding your keygen’s, and helping you reversing C++ stuff.

Rapid Application Development with MASM/HLA
hxxp://www.radasm.com/ ; a R.A.D. IDE for the MASM/HLA assembler (and the links to masm32 Compiler and related stuff). Note: the Masm32 compiler contains the famous Iczelion’s tutorials on Assembler language in the “X:\masm32\icztutes” folder.

Freeware C++/Pascal
http://www.bloodshed.net/ ; If you need a free compiler for writing your keygens, you can find there a C++ or a Pascal one. The C++ core is the GNUCPP.

Freeware Borland C++ 5.5
hxxp://www.winprog.org/tutorial/bcpp.html ; this page gives all the needed links to download BC++5, with a bit of explanation.

12 lessons on Assembler and RosASM
http://rosasm.org/ ; RosASM Assembler contains 12 lessons on basic assembly, written with a “generic syntax” so that the beginner could, later, switch, with as few problems as possible, to the Assembler he will finally choose.

5. Debuggers/Disassemblers:
————————
(note: Ring0 means you can use it for debugging Kernel Drivers, and generally it is tougher to use than Ring3 debuggers)

OLLY
http://ollydbg.de/ ; the home of the most used Ring-3 Debugger, OllyDebug. A must have.
(ps: you can find a link to the Win32 help file below)

SYSER
http://www.sysersoft.com/ ; Syser is an excellent, visual Ring0 (and Ring3) debugger. It is not yet very stable but, if it works for you, it’s very cool.

WinDBG
http://invalid.invalid/whdc/devtoo...fault.mspx

Home of WinDBG debugger (Ring0 too). Seen the site, I don’t think I need to add much more…

IDA
http://www.datarescue.com/ ; IDA home. IDA is an Interactive DeAssember, used to perform a static analisys of the assembler code.
(IDA 4.3 free: 
http://www.downloadjunction.com/product/...re/69070/)

PVDASM
http://pvdasm.reverse-engineering.net/ ; PVDasm is a very interesting Disassembler project, made by Ben and supported in this Board. It also allows you to export code directly MASM syntax format.

OLLY Plugins
http://woodmann.net/ollystuph/index.php ; The “Stuph” page contains many useful OllyDebug Plugins.

Shadow’s OLLY
hxxp://navig8.to/Shadow/ ; a modded Olly… a charged bazooka …usage: when needed.

6. Tools of Our Trade:
————————

FILEMON, REGMON
hxxp://www.sysinternals.com/FileAndDiskUtilities.html This is the home of the Marc guru and of our first, must-have TOTs. A very interesting site to visit, from time to time. And a source of useful tools.

LordPE
hxxp://www.softpedia.com/get/Programming/File-Editors/LordPE.shtml This tool enables you to explore and alter PE Header. You can modify/add sections, directories, IAT, and more. It is also a Dumper Server, in case you need.

7. Linux Related:
————————
Well, the HLA home site listed above, for Assembly on Linux.

ASSEMBLER E-BOOK
http://savannah.nongnu.org/projects/pgubook/ ; a good free ebook that teaches Assembler from scratch, explaining even what a “word” is. “Small” drawback: AT&T Assembler syntax .

NASM Assembler
hxxp://nasm.sourceforge.net/ ; a free assembler for Linux. On SourceForge, so you can work TO it, if you wish.

GNU Debugger
hxxp://www.gnu.org/software/gdb/gdb.html/ ; the GNU project debugger. It can run on both Linux&Windows, and support remote debugging.

8. Suggested Books (not free)
————————

Reversing: Secrets of Reverse Engineering
http://www.amazon.com/gp/product/0764574...oding=UTF8 ; a good book for learning the basis of reversing engineering. Probably one of the best to start with. Worth its money.

Rootkits : Subverting the Windows Kernel
http://www.amazon.com/gp/offer-listing/0...oding=UTF8 ; an ADVANCED book, not a reading for a newbie -at all. Consider it when you wish to go a true ‘step ahead’ in reversing. Many techniques you otherwise learn ‘the hard way’ (sigh!) are clearly explained and shown there, a must-have. Worth its money.

9. Advanced Reversing Papers/Material
————————

Reversing an Application -Analysis Example
http://www.honeynet.org/scans/scan33/nico/ ; an excellent discussion on reversing and anti-reversing techniques, from PE header to anti-debugging and virtual machines.

Disassembler and other tools
hxxp://www.cybertech.net/~sh0ksh0k/projects/ ; a set of utilities that covers DLL injection on live/suspended, tracer, c parser (why not using yacc?) port redirector etc.

PE Import Table structure and Redirection
hxxp://www.codeproject.com/useritems/inject2it.asp ; this article contains images and explanation of what the Import Table is, and how it can be redirected.

10. Hacking over the Net…
————————

Introduction to Hacking
hxxp://www.pulltheplug.org/wargames/vortex/ ; a wargame made for newbies to teach (anti-)hacking and C programming. Will teach you how manage basic exploitation techniques (and yes, tells you what an exploit is).

————————
Also, I suggest to google for the “programmers tools”, the org one
Last edited by Maximus on 07-26-2007 08:29 AM, edited 65 times in total.

Import Table Rebuilding
————————
hxxp://www.yates2k.net/rebuild.txt
hxxp://sandsprite.com/CodeStuff/Underst … ports.html

Code Injection
—————-
hxxp://biw.rult.at/tuts/dlladdfunc.htm
hxxp://www.woodmann.com/fravia/lazcalc.htm
http://www.freewebs.com/fdemunck/newbieproject1.rar

Online x86 Disassembler
———————————-
PVPHP – Online Disassembler – PVPHP Is the First ever seen x86 Online
Disassembler, which is capable of disassembling a PE based executable files.

I think the official vendor manual can be a good source of information too. Especially the volumes on system programming.
IA-32 Intel® Architecture Software Developer’s Manuals
AMD64 Architecture Tech Docs

ARM Documentation
AVR Documentation
SH4/5 SuperH Documentation

Article on PE Header at Code-Breakers Journal (CBJ)
contains a very detailed and easy explanation of all the PE sections (IAT -Import Address Table, EAT -Export Address Table, Sections, Directories, Resources etc.) how alter them and what they are. From beginners to experts.
http://www.codebreakers-journal.com/view...t=abstract ;

Network Programming using win32asm
http://www.madwizard.org/programming/tutorials/netasm/

This is a basic website for hacking, starting with the basic
http://www.hackthissite.org/
http://www.scientific-hacking.com/

*Use google here to find file repositories. If you can’t figure that out find a new hobby/profession.

ReWrit’s AIO Cracking CD.part1 ******* (48,8 mb)
ReWrit’s AIO Cracking CD.part2 ******* (48,8 mb)
ReWrit’s AIO Cracking CD.part3 ******* (5 mb)

Tool List:

few crackmes (from 
http://www.crackmes.de/)
BVReFormer
Net Reflector
CrypTool
OllyDbg 1.10 & Plugins
W32Dasm 8.93 – Patched
PEiD 0.93 + Plugins
RDG Packer Detector v0.5.6 Beta – English
ImpRec 1.6 – Fixed by MaRKuS_TH-DJM/SnD
Revirgin 1.5 – Fixed
LordPE De Luxe B
FSG 2.0
MEW 11 1.2 SE
UPX 1.25 & GUI
SLVc0deProtector 0.61
ARM Protector v0.3
WinUpack v0.31 Beta
dUP 2
CodeFusion 3.0
Universal Patcher Pro v2.0
Universal Patcher v1.7
Universal Loader Creator v1.2
aPatch v1.07
PMaker v1.2.0.0
Tola’s Patch Engine v2.03b
ABEL Loader v2.31
Yoda’s Process Patcher
Registry Patch Creator
ScAEvoLa’s PatchEngine v1.33
Dogbert’s Genuine Patching Engine v1.41
Graphical-PatchMaker v1.4
The aPE v0.0.7 BETA
Liquid2
PELG v0.3
PrincessSandy v1.0
Biew v5.6.2
Hiew v7.10
WinHex v12.5
DeDe 3.50.04
VB ’Decompiler’ Lite v0.4
Flasm
ACProtect – ACStripper
ASPack – ASPackDie
ASProtect > Stripper 2.07 Final & Stripper 2.11 RC2
DBPE > UnDBPE
FSG 1.33 > Pumqara’s Dumper
FSG 2.00 > UnFSG
MEW > UnMEW
PeCompact 1.x > UnPecomp
PEncrypt > UnPEncrypt
PeSpin 0.3 > DeSpinner 0.3
tELock 0.98-1.0 > UntELock
EXEStealth > UnStealth
Xtreme-Protector / Themida > XprotStripper v1.1
Morphine Killer 1.1 by SuperCracker/SND
ASPR Dumper v0.1
Armadillo Process Detach v1.1
Armadillo Dumper v1.0
Armadillo Nanomite Fixer
Armadillo Distance Decryptor aka Jump Table Fixer
ArmTools (Translated!)
ArmInline v0.1
Quick Unpack v1.0b3
Procdump v1.6.2
TMG Ripper Studio 0.02
FileMon v7 (Patched)
RegMon v7 (Patched)
RSATool 2
DAMN HashCalc
EVACleaner 2.7
Process Explorer
Resource Hacker
PUPE 2002
PointH Locator
ASPR CRC Locator 1.2
PE Tools 1.5 RC5
API Address Finder
Jump to Hex Convertor
PE GeNeRaToR 1.2.1
Quick File Viewer v1.0.1
PE Insight 0.3b
Crypto Searcher
PE Editor v1.7
bkslash’s Inline Patcher
Stud_PE v2.1
Injecta v0.2
PE Rebuilder v0.96b
PE Optimizer v1.4
ToPo v1.2
NFO Builder 2000 v1.02
NFO File Maker v1.6
TMG NFOmakeR v1.0
hCalc
http://www.woodmann.com/collaborative/to...ification)
http://www.orkspace.net/secdocs/ and spend some time there.
no image
  • Blogger Comments
  • Facebook Comments

0 comments:

Post a Comment

Top