728x90 AdSpace

  • Latest News

    Powered by Blogger.
    Wednesday 18 December 2013

    Reverse Engineering


    What do I learn first?

    —>>path 1:

    1 ) visit 
    http://video.reverse-engineering.net/ to view some reversing videos that train you in the RCE basis.
    2 ) check 
    http://www.crackmes.de/ to find some visual solution submitted for crackmes.
    3 ) Try to repeat the shown steps, and reproduce them with other crackmes. This will bring you quickly to practice.
    4 ) Learn ‘on-demand’ what you need to know over the time by using linked resources about languages, apis, forum etc. you can find in this section.

    —>> path 2:

    1 ) read 
    http://www.cplusplus.com/doc/tutorial/ up to “Compound Data Types:” included
    2 ) read 
    http://www.winprog.org/tutorial/ up to “Graphics Device Interface” included (use the Win32 help file -below- to understand Win32 functions better)
    3 ) Now you know the Win32 basis, select an Assembler Ebook/tutorial and start learning a bit of assembler -the more, the better.
    4 ) Take Olly -below-, go to 
    http://www.crackmes.de/ and select some crackme level 1
    5 ) read the solution of 2-4 solved crackmes of level 1!!
    6 ) select a solved crackme lvl1 and try to solve it. If you have problems, read the solution and TRY TO DO the steps of the solver.
    7 ) goto 6 until you solve lvl1 crackmes very easily
    8 ) Increase level difficulty by 1, goto 5!

    1. Full Newbie Tutorials
    2. Challenges and Tutorials at *any* level
    3. Tutorials, Papers, Documentation, Books (all Free)
    4. Learning Programming Languages (ASM etc.)
    5. Debuggers/Disassemblers
    6. Tools of Our Trade
    7. Linux Related
    8. Suggested Books (not free)
    9. Advanced Reversing Papers/Material
    10. Hacking over the Net…
    ————————

    1. Full Tutorials
    ————————

    Course for Newbies
    http://www.freewebs.com/fdemunck/newbieproject1.rar

    Very Assembler Basis, SICE Usage, Basic Techniques. A very good set of tutorials from LoRd HrUn. Also explains what is the ‘stuff’ you see when you open a debugger for the first time… (link is missing for now, to be restored)

    Lessons for Newbies
    http://evilteach.8k.com/ : a collection of 4 lessons with material that explain you what mean the things you see when you start reversing a program.

    2. Challenges and Tutorials at *any* level:
    ————————

    Challenges for Crackers, at any Level
    http://crackmes.de/ ; you can find many legal crackmes(=stuff you can legally crack) here to test your skills
    Being sorted by difficult grade -most of them offers one or more TUTORIAL for their solution-, it is also the biggest tutorial collection available today.

    3. Tutorials, Papers, Documentation, Books (Free)
    ————————

    (note: material for learning languages is in the appropriate section!)

    Win32 API Help File
    http://www.borland.com/devsupport/borlan...52HLP1.ZIP ; here you can download the Win32 help file for the external link with Olly.
    Do not even THINK to do without this. API reference is essential, so take it if you haven’t it yet.

    Win32 Basis
    http://www.winprog.org/tutorial/index.html ; here you learn the true basis of Win32 API programming, in C. Just read it ALL. The more you know about Windows, the better you understand what’s happen when reversing code.

    Introduction to Cryptography (full free ebook)
    http://www.cacr.math.uwaterloo.ca/hac/ The “Handbook of Applied Cryptography”, a cool free e-book on cryptography. Excellent as a quick reference.

    Introduction to Cryptography (full course)
    http://www.cs.washington.edu/education/c...p590/06wi/ ; a whole course that introduces to cryptography and ciphers, with all the materials and assignments online!! A very good starting point for cryptos.

    Introduction to Cryptography (Tutorials)
    http://www.antilles.k12.vi.us/math/cryptotut/home.htm ; a set of easy tutorials on ciphers. Highly recommended.

    Cryptography Tutorials (ECC)
    http://www.certicom.com/index.php?actio … cc_tut_1_0 ; a very nice link on Elliptic Curve -worth to read about.

    Inject code, General Reversing Introduction Tutorial/Document
    http://www.codeproject.com/useritems/inject2exe.asp ; this article contains clean references to the basic tools (ResHacker, Debuggers, Disassemblers) and exaplian also how to inject code into an executable.

    SEH Paper/Tutorial/Document
    http://www.jorgon.freeserve.co.uk/Except/Except.htm ; a paper that tells you what you need to know on SEH and Trap Flag tricks

    PE Format, AntiDebug, AntiDump, Iczelion Assembler Tutorials/Papers/Documents
    http://www.migeel.sk/anticrack/showpage....=downloads ;This page contains few zipped papers that can be useful.

    Art of Disassembly E-BOOK
    http://aod.reverse-engineering.net/

    Article on PE Header at Code-Breakers Journal (CBJ)
    http://www.secure-software-engineering.c...view/&id=60 ; contains a very detailed and easy explanation of all the PE sections (IAT -Import Address Table, EAT -Export Address Table, Sections, Directories, Resources etc.) how alter them and what they are. From beginners to experts.

    PE Header Reference
    this text contains a description of the PE Header which is good to keep as a quick reference. For learning the PE header structure and fields, I suggest the above CBJ article.
    http://webster.cs.ucr.edu/Page_TechDocs/pe.txt

    Quick Assembler Reference
    a quick reference to pentium ASM instructions. Just click the initial letter, and select the ASM mnemonic. Very handy (especially if you download the whole site into your HD )
    http://faydoc.tripod.com/cpu/index_v.htm

    Quick Guide to Network Programming
    a quick tutorial for learning the basis of network programming, without spending too much time.
    http://beej.us/guide/bgnet/output/htmlsingle/bgnet.html

    Adding Sections to PE, RVAs and Import table, loaders/patcher code
    http://www.sunshine2k.de/Articles.htm ; this site contains some small, very basic articles on PE, Import table, Basic DLL Injection and loader’s coding.

    4. Learning Languages (ASM etc.):
    ————————

    Learning Assembler Language E-BOOK (A)
    hxxp://webster.cs.ucr.edu/ ; the HLA Assembler home page. An excellent, free EBOOK for learning Assembler, “The Art of Assembly Language”, with HLA compiler and many tools. The site has a Linux section.

    Learning Assembler Language E-BOOK (B)
    http://www.drpaulcarter.com/pcasm/ ; this site contains an *excellent* free EBOOK that teaches Assembler language from scratch. Translated in various languages. Pretty good. If you are not interested in HLA, this is a valid alternative.

    Learning Assembler Language E-BOOK ©
    http://savannah.nongnu.org/projects/pgubook/ ; a good free ebook that teaches Assembler from scratch, explaining even what a “word” is. “Small” drawback: AT&T Assembler syntax .

    Learning C++ Language
    http://www.cplusplus.com/doc/tutorial/ ; this tutorial gives you the basis of C++ language, for starting coding your keygen’s, and helping you reversing C++ stuff.

    Rapid Application Development with MASM/HLA
    hxxp://www.radasm.com/ ; a R.A.D. IDE for the MASM/HLA assembler (and the links to masm32 Compiler and related stuff). Note: the Masm32 compiler contains the famous Iczelion’s tutorials on Assembler language in the “X:\masm32\icztutes” folder.

    Freeware C++/Pascal
    http://www.bloodshed.net/ ; If you need a free compiler for writing your keygens, you can find there a C++ or a Pascal one. The C++ core is the GNUCPP.

    Freeware Borland C++ 5.5
    hxxp://www.winprog.org/tutorial/bcpp.html ; this page gives all the needed links to download BC++5, with a bit of explanation.

    12 lessons on Assembler and RosASM
    http://rosasm.org/ ; RosASM Assembler contains 12 lessons on basic assembly, written with a “generic syntax” so that the beginner could, later, switch, with as few problems as possible, to the Assembler he will finally choose.

    5. Debuggers/Disassemblers:
    ————————
    (note: Ring0 means you can use it for debugging Kernel Drivers, and generally it is tougher to use than Ring3 debuggers)

    OLLY
    http://ollydbg.de/ ; the home of the most used Ring-3 Debugger, OllyDebug. A must have.
    (ps: you can find a link to the Win32 help file below)

    SYSER
    http://www.sysersoft.com/ ; Syser is an excellent, visual Ring0 (and Ring3) debugger. It is not yet very stable but, if it works for you, it’s very cool.

    WinDBG
    http://invalid.invalid/whdc/devtoo...fault.mspx

    Home of WinDBG debugger (Ring0 too). Seen the site, I don’t think I need to add much more…

    IDA
    http://www.datarescue.com/ ; IDA home. IDA is an Interactive DeAssember, used to perform a static analisys of the assembler code.
    (IDA 4.3 free: 
    http://www.downloadjunction.com/product/...re/69070/)

    PVDASM
    http://pvdasm.reverse-engineering.net/ ; PVDasm is a very interesting Disassembler project, made by Ben and supported in this Board. It also allows you to export code directly MASM syntax format.

    OLLY Plugins
    http://woodmann.net/ollystuph/index.php ; The “Stuph” page contains many useful OllyDebug Plugins.

    Shadow’s OLLY
    hxxp://navig8.to/Shadow/ ; a modded Olly… a charged bazooka …usage: when needed.

    6. Tools of Our Trade:
    ————————

    FILEMON, REGMON
    hxxp://www.sysinternals.com/FileAndDiskUtilities.html This is the home of the Marc guru and of our first, must-have TOTs. A very interesting site to visit, from time to time. And a source of useful tools.

    LordPE
    hxxp://www.softpedia.com/get/Programming/File-Editors/LordPE.shtml This tool enables you to explore and alter PE Header. You can modify/add sections, directories, IAT, and more. It is also a Dumper Server, in case you need.

    7. Linux Related:
    ————————
    Well, the HLA home site listed above, for Assembly on Linux.

    ASSEMBLER E-BOOK
    http://savannah.nongnu.org/projects/pgubook/ ; a good free ebook that teaches Assembler from scratch, explaining even what a “word” is. “Small” drawback: AT&T Assembler syntax .

    NASM Assembler
    hxxp://nasm.sourceforge.net/ ; a free assembler for Linux. On SourceForge, so you can work TO it, if you wish.

    GNU Debugger
    hxxp://www.gnu.org/software/gdb/gdb.html/ ; the GNU project debugger. It can run on both Linux&Windows, and support remote debugging.

    8. Suggested Books (not free)
    ————————

    Reversing: Secrets of Reverse Engineering
    http://www.amazon.com/gp/product/0764574...oding=UTF8 ; a good book for learning the basis of reversing engineering. Probably one of the best to start with. Worth its money.

    Rootkits : Subverting the Windows Kernel
    http://www.amazon.com/gp/offer-listing/0...oding=UTF8 ; an ADVANCED book, not a reading for a newbie -at all. Consider it when you wish to go a true ‘step ahead’ in reversing. Many techniques you otherwise learn ‘the hard way’ (sigh!) are clearly explained and shown there, a must-have. Worth its money.

    9. Advanced Reversing Papers/Material
    ————————

    Reversing an Application -Analysis Example
    http://www.honeynet.org/scans/scan33/nico/ ; an excellent discussion on reversing and anti-reversing techniques, from PE header to anti-debugging and virtual machines.

    Disassembler and other tools
    hxxp://www.cybertech.net/~sh0ksh0k/projects/ ; a set of utilities that covers DLL injection on live/suspended, tracer, c parser (why not using yacc?) port redirector etc.

    PE Import Table structure and Redirection
    hxxp://www.codeproject.com/useritems/inject2it.asp ; this article contains images and explanation of what the Import Table is, and how it can be redirected.

    10. Hacking over the Net…
    ————————

    Introduction to Hacking
    hxxp://www.pulltheplug.org/wargames/vortex/ ; a wargame made for newbies to teach (anti-)hacking and C programming. Will teach you how manage basic exploitation techniques (and yes, tells you what an exploit is).

    ————————
    Also, I suggest to google for the “programmers tools”, the org one
    Last edited by Maximus on 07-26-2007 08:29 AM, edited 65 times in total.

    Import Table Rebuilding
    ————————
    hxxp://www.yates2k.net/rebuild.txt
    hxxp://sandsprite.com/CodeStuff/Underst … ports.html

    Code Injection
    —————-
    hxxp://biw.rult.at/tuts/dlladdfunc.htm
    hxxp://www.woodmann.com/fravia/lazcalc.htm
    http://www.freewebs.com/fdemunck/newbieproject1.rar

    Online x86 Disassembler
    ———————————-
    PVPHP – Online Disassembler – PVPHP Is the First ever seen x86 Online
    Disassembler, which is capable of disassembling a PE based executable files.

    I think the official vendor manual can be a good source of information too. Especially the volumes on system programming.
    IA-32 Intel® Architecture Software Developer’s Manuals
    AMD64 Architecture Tech Docs

    ARM Documentation
    AVR Documentation
    SH4/5 SuperH Documentation

    Article on PE Header at Code-Breakers Journal (CBJ)
    contains a very detailed and easy explanation of all the PE sections (IAT -Import Address Table, EAT -Export Address Table, Sections, Directories, Resources etc.) how alter them and what they are. From beginners to experts.
    http://www.codebreakers-journal.com/view...t=abstract ;

    Network Programming using win32asm
    http://www.madwizard.org/programming/tutorials/netasm/

    This is a basic website for hacking, starting with the basic
    http://www.hackthissite.org/
    http://www.scientific-hacking.com/

    *Use google here to find file repositories. If you can’t figure that out find a new hobby/profession.

    ReWrit’s AIO Cracking CD.part1 ******* (48,8 mb)
    ReWrit’s AIO Cracking CD.part2 ******* (48,8 mb)
    ReWrit’s AIO Cracking CD.part3 ******* (5 mb)

    Tool List:

    few crackmes (from 
    http://www.crackmes.de/)
    BVReFormer
    Net Reflector
    CrypTool
    OllyDbg 1.10 & Plugins
    W32Dasm 8.93 – Patched
    PEiD 0.93 + Plugins
    RDG Packer Detector v0.5.6 Beta – English
    ImpRec 1.6 – Fixed by MaRKuS_TH-DJM/SnD
    Revirgin 1.5 – Fixed
    LordPE De Luxe B
    FSG 2.0
    MEW 11 1.2 SE
    UPX 1.25 & GUI
    SLVc0deProtector 0.61
    ARM Protector v0.3
    WinUpack v0.31 Beta
    dUP 2
    CodeFusion 3.0
    Universal Patcher Pro v2.0
    Universal Patcher v1.7
    Universal Loader Creator v1.2
    aPatch v1.07
    PMaker v1.2.0.0
    Tola’s Patch Engine v2.03b
    ABEL Loader v2.31
    Yoda’s Process Patcher
    Registry Patch Creator
    ScAEvoLa’s PatchEngine v1.33
    Dogbert’s Genuine Patching Engine v1.41
    Graphical-PatchMaker v1.4
    The aPE v0.0.7 BETA
    Liquid2
    PELG v0.3
    PrincessSandy v1.0
    Biew v5.6.2
    Hiew v7.10
    WinHex v12.5
    DeDe 3.50.04
    VB ’Decompiler’ Lite v0.4
    Flasm
    ACProtect – ACStripper
    ASPack – ASPackDie
    ASProtect > Stripper 2.07 Final & Stripper 2.11 RC2
    DBPE > UnDBPE
    FSG 1.33 > Pumqara’s Dumper
    FSG 2.00 > UnFSG
    MEW > UnMEW
    PeCompact 1.x > UnPecomp
    PEncrypt > UnPEncrypt
    PeSpin 0.3 > DeSpinner 0.3
    tELock 0.98-1.0 > UntELock
    EXEStealth > UnStealth
    Xtreme-Protector / Themida > XprotStripper v1.1
    Morphine Killer 1.1 by SuperCracker/SND
    ASPR Dumper v0.1
    Armadillo Process Detach v1.1
    Armadillo Dumper v1.0
    Armadillo Nanomite Fixer
    Armadillo Distance Decryptor aka Jump Table Fixer
    ArmTools (Translated!)
    ArmInline v0.1
    Quick Unpack v1.0b3
    Procdump v1.6.2
    TMG Ripper Studio 0.02
    FileMon v7 (Patched)
    RegMon v7 (Patched)
    RSATool 2
    DAMN HashCalc
    EVACleaner 2.7
    Process Explorer
    Resource Hacker
    PUPE 2002
    PointH Locator
    ASPR CRC Locator 1.2
    PE Tools 1.5 RC5
    API Address Finder
    Jump to Hex Convertor
    PE GeNeRaToR 1.2.1
    Quick File Viewer v1.0.1
    PE Insight 0.3b
    Crypto Searcher
    PE Editor v1.7
    bkslash’s Inline Patcher
    Stud_PE v2.1
    Injecta v0.2
    PE Rebuilder v0.96b
    PE Optimizer v1.4
    ToPo v1.2
    NFO Builder 2000 v1.02
    NFO File Maker v1.6
    TMG NFOmakeR v1.0
    hCalc
    http://www.woodmann.com/collaborative/to...ification)
    http://www.orkspace.net/secdocs/ and spend some time there.
    • Blogger Comments
    • Facebook Comments

    0 comments:

    Post a Comment

    Item Reviewed: Reverse Engineering Rating: 5 Reviewed By: Sandgun Cypher
    Scroll to Top