![Page 1: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/1.jpg)
Reverser view to application security
Reverse Code Engineering
![Page 2: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/2.jpg)
Speaker Info Krishs Patil Hold master degree in computer application Computer programmer Reverser And hobbyist security researcher
![Page 3: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/3.jpg)
Outline � Introduction � Reversing Process � Tools and Techniques � Reversing in different context (Practice) � Lab demonstration � Defeating Reverse Engineering � Resources
![Page 4: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/4.jpg)
Introduction � “Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-‐made”.
� It is usually conducted to obtain missing knowledge, ideas and design philosophy when such information is unavailable.
� In computer science, It is the process of dis-‐assembling or de-‐compiling the binary code of computer program for various purpose.
� Requires skills and understanding of computer and software development
![Page 5: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/5.jpg)
Introduction Cont… Why reverse engineering…
different people do it for different purpose … But, Specifically in the field of Cyber Security…
… If you want to be serious security researcher, you must posses skills of reverse code engineering.
![Page 6: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/6.jpg)
Reversing Process Defining scope of reversing…
� System Reverse Engineering � Code Reverse Engineering � Data Reverse Engineering � Protocol Reverse Engineering
![Page 7: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/7.jpg)
Reversing Process Cont… Setting up environment… � Setup Isolated environment (VMware, Virtual Box) � System monitoring (SysInternal Tools) � Static Analysis � Dynamic Analysis (Debugging/Tracing)
![Page 8: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/8.jpg)
Reversing Process Cont… Disassembling Vs Decompiling… � Native Code – Directly perform operations on CPU (Compiled with C,C++,Delphi)
� Intermediate Code – Interpreter drives it to perform operations on CPU (Java byte code, MSIL)
![Page 9: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/9.jpg)
Reversing Process Cont… Program structure… Higher level perspective … � Modules � Data � Control flow Lower level perspective … � Just assembly language!!!
![Page 10: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/10.jpg)
Reversing Process Cont… So what I need to know prior reversing binary code ... Just a computer and brain J would be enough but … … mastering it might take time if you don’t know about � Computer architecture � Programming in Assembly Language and C,C++ � Operating System-‐Platform and HEX numbering
![Page 11: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/11.jpg)
Assembly Language � Lowest level in software � Platform specific (IA-‐32, IA-‐64,AMD) � Machine code (OpCode) ó Assembly commands � Assembler converts assembly program into machine code that is executable by CPU
� Dis-‐assembler is the program that coverts machine code into textual presentation of assembly commands
� Mastering reversing without knowing assembly is almost impossible.
![Page 12: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/12.jpg)
Assembly Language
![Page 13: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/13.jpg)
Assembly Language Registers
� Internal memory in processor � IA-‐32 has eight generic registers (EAX,EBX,ECX,EDX,ESI,EDI,EBP and ESP)
� Floating point and debug registers � Special register – EFLAGS for flag management
flags � OF, SF, ZF, AF, PF, CF
![Page 14: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/14.jpg)
Assembly Language Basic Instructions
� MOV -‐ data copying � LEA – address loading (POINTER) � ADD, SUB, MUL, DIV, IMUL, IDIV – arithmetic � CMP, TEST – comparison � CALL , RET – function call and Return � J** -‐ conditional branching � PUSH/POP -‐ stack management � NOP – do nothing
![Page 15: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/15.jpg)
System Calls � Used as interface between application and operating system.
� System calls ask OS to perform specific task � Most operating system are written in “C” language, so providing SYSTEM Calls as “C” api’s -‐ NIX system calls – unistd.h
-‐ WINDOWS system calls -‐ windows.h � Studying OS platform and system calls is necessary part of reverse engineering
![Page 16: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/16.jpg)
PE – Portable Executable file
![Page 17: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/17.jpg)
Tools and Techniques � Various tools helps in reverse-‐engineering the binary code/program.
� Compiler is the tool used to convert high level language like C,C++ into machine code.
� Assembler is the tool used to convert pseudo-‐code written specific to processor into machine code.
� At reverse Dis-‐Assembler and De-‐Compilers help us in reversing the process, recovering the high level code from machine code.
� Debuggers are the tools used to debug live running program.
� Virtual machines might help in providing protective/isolated environment for analysis.
![Page 18: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/18.jpg)
Tools and Techniques Cont… Broad category of tools are divided into two category. q Static Analysis Tools -‐Tools helps us to analysis program without even running it.
-‐ Tools includes Dis-‐assembler and De-‐Compilers q Dynamic Analysis Tools -‐ Tools in this category helps us dive deep into program by analyzing it while running it.
-‐ Tools includes Debuggers, Loaders and System Monitoring tools
![Page 19: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/19.jpg)
Tools and Techniques Cont… � Compilers (VC compiler, GCC compiler suite, .NET framework) � Assemblers (MASM, NASM, TASM, FASM) � Dis-‐assemblers and Debuggers (IDAPro, OllyDbg, Immunity Debugger, WinDbg) � Hypervisors (VMWare Workstation/Player, VirtualBox,QUEMU) � System monitoring withSysInternals tools � Hex Editors and Other system utilities
![Page 20: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/20.jpg)
Tools and Techniques Cont…
![Page 21: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/21.jpg)
Tools and Techniques Cont…
![Page 22: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/22.jpg)
Tools and Techniques Cont…
![Page 23: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/23.jpg)
Tools and Techniques Cont…
![Page 24: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/24.jpg)
RCE in various context Time to understand field work!!! � Cracking (Illegal/Un-‐Ethical) � Malware analysis � Vulnerability analysis (exploit development) � Clean house RE (Chinese Wall) � Recovering lost source code (legacy) � Investigating and solving faults cause in released software. (Microsoft global escalation support team)
![Page 25: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/25.jpg)
Cool Huh … Lets play around some practical reversing lab exercise Lets see some cool stuff J
![Page 26: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/26.jpg)
Lab – Cracking for serial. � This is for purely demonstration and educational purpose only.
� Anything you do to obtain or provide fake registration key for software is considered cracking and a serious offense.
� In lab we are going to study and recover serial key and defeat registration mechanism by various ways.
![Page 27: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/27.jpg)
Defeating RE � Lot of research has been done, many ways to make it harden for reversing process.
… But no solution is 100% perfect and secure.
![Page 28: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/28.jpg)
Defeating RE Cont… Software armoring Obfuscation “ deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for human to understand” -‐-‐ Wikipedia
![Page 29: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/29.jpg)
Defeating RE Cont… Some techniques for anti-‐analysis … � Packers (Compression) � Protectors (Encryption) � Anti-‐Debugging � Garbage Code and Code Permutation � Anti-‐Assembly � Hypervisor/Emulator detection
![Page 30: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/30.jpg)
Defeating RE Cont…
![Page 31: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/31.jpg)
Defeating RE Cont… Advanced technologies…
� Mutation � Code Virtualization
![Page 32: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/32.jpg)
Resources � REVERSING – secrets of reverse engineering (By Eldad Eilam)
� Microsoft windows internals (By Mark Russinovich and David Solomon)
� Reverseme.de – cool reverseme.exe collections � InfoSec Institute Resources. – cool articles on security � NtDebugging blog (Microsoft global escalation support team) -‐ fine gain exposure in windows insides
� And finally some good book on x86 assembly tut and reference.
![Page 33: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/33.jpg)
Questions??? Still there anything struggling in your mind.
![Page 34: Hacking with Reverse Engineering and Defense against it](https://reader034.vdocuments.site/reader034/viewer/2022042614/5598373f1a28ab41628b4572/html5/thumbnails/34.jpg)
Hope you enjoyed it.
Thank you!!!