reverse code engineering

of 34 /34
Reverser view to application security Reverse Code Engineering

Author: krishs-patil

Post on 21-Jan-2018




0 download

Embed Size (px)


  1. 1. Reverser view to application security Reverse Code Engineering
  2. 2. Speaker Info Krishs Patil Hold master degree in computer application Computer programmer Reverser And hobbyist security researcher
  3. 3. Outline Introduction Reversing Process Tools andTechniques Reversing in different context (Practice) Lab demonstration Defeating Reverse Engineering Resources
  4. 4. Introduction Reverse engineering is the process of extracting the knowledge or design blueprints from anything man- made. It is usually conducted to obtain missing knowledge, ideas and design philosophy when such information is unavailable. In computer science, It is the process of dis- assembling or de-compiling the binary code of computer program for various purpose. Requires skills and understanding of computer and software development
  5. 5. Introduction Cont Why reverse engineering different people do it for different purpose But, Specifically in the field of Cyber Security If you want to be serious security researcher, you must posses skills of reverse code engineering.
  6. 6. Reversing Process Defining scope of reversing System Reverse Engineering Code Reverse Engineering Data Reverse Engineering Protocol Reverse Engineering
  7. 7. Reversing Process Cont Setting up environment Setup Isolated environment (VMware,Virtual Box) System monitoring (SysInternalTools) Static Analysis Dynamic Analysis (Debugging/Tracing)
  8. 8. Reversing Process Cont DisassemblingVs Decompiling Native Code Directly perform operations on CPU (Compiled with C,C++,Delphi) IntermediateCode Interpreter drives it to perform operations on CPU (Java byte code, MSIL)
  9. 9. Reversing Process Cont Program structure Higher level perspective Modules Data Control flow Lower level perspective Just assembly language!!!
  10. 10. Reversing Process Cont So what I need to know prior reversing binary code ... Just a computer and brain would be enough but mastering it might take time if you dont know about Computer architecture Programming in Assembly Language and C,C++ Operating System-Platform and HEX numbering
  11. 11. Assembly Language Lowest level in software Platform specific (IA-32, IA-64,AMD) Machine code (OpCode) Assembly commands Assembler converts assembly program into machine code that is executable by CPU Dis-assembler is the program that coverts machine code into textual presentation of assembly commands Mastering reversing without knowing assembly is almost impossible.
  12. 12. Assembly Language
  13. 13. Assembly Language Registers Internal memory in processor IA-32 has eight generic registers (EAX,EBX,ECX,EDX,ESI,EDI,EBP and ESP) Floating point and debug registers Special register EFLAGS for flag management flags OF, SF, ZF, AF, PF, CF
  14. 14. Assembly Language Basic Instructions MOV - data copying LEA address loading (POINTER) ADD, SUB, MUL, DIV, IMUL, IDIV arithmetic CMP,TEST comparison CALL , RET function call and Return J** - conditional branching PUSH/POP - stack management NOP do nothing
  15. 15. System Calls Used as interface between application and operating system. System calls ask OS to perform specific task Most operating system are written in C language, so providing SYSTEM Calls as C apis - NIX system calls unistd.h -WINDOWS system calls - windows.h Studying OS platform and system calls is necessary part of reverse engineering
  16. 16. PE Portable Executable file
  17. 17. Tools and Techniques Various tools helps in reverse-engineering the binary code/program. Compiler is the tool used to convert high level language like C,C++ into machine code. Assembler is the tool used to convert pseudo-code written specific to processor into machine code. At reverse Dis-Assembler and De-Compilers help us in reversing the process, recovering the high level code from machine code. Debuggers are the tools used to debug live running program. Virtual machines might help in providing protective/isolated environment for analysis.
  18. 18. Tools and Techniques Cont Broad category of tools are divided into two category. Static AnalysisTools -Tools helps us to analysis program without even running it. -Tools includes Dis-assembler and De-Compilers Dynamic AnalysisTools -Tools in this category helps us dive deep into program by analyzing it while running it. -Tools includes Debuggers, Loaders and System Monitoring tools
  19. 19. Tools and Techniques Cont Compilers (VC compiler, GCC compiler suite, .NET framework) Assemblers (MASM, NASM,TASM, FASM) Dis-assemblers and Debuggers (IDAPro, OllyDbg, Immunity Debugger,WinDbg) Hypervisors (VMWareWorkstation/Player,VirtualBox,QUEMU) System monitoring withSysInternals tools Hex Editors and Other system utilities
  20. 20. Tools and Techniques Cont
  21. 21. Tools and Techniques Cont
  22. 22. Tools and Techniques Cont
  23. 23. Tools and Techniques Cont
  24. 24. RCE in various context Time to understand field work!!! Cracking (Illegal/Un-Ethical) Malware analysis Vulnerability analysis (exploit development) Clean house RE (ChineseWall) Recovering lost source code (legacy) Investigating and solving faults cause in released software. (Microsoft global escalation support team)
  25. 25. Cool Huh Lets play around some practical reversing lab exercise Lets see some cool stuff
  26. 26. Lab Cracking for serial. This is for purely demonstration and educational purpose only. Anything you do to obtain or provide fake registration key for software is considered cracking and a serious offense. In lab we are going to study and recover serial key and defeat registration mechanism by various ways.
  27. 27. Defeating RE Lot of research has been done, many ways to make it harden for reversing process. But no solution is 100% perfect and secure.
  28. 28. Defeating RE Cont Software armoring Obfuscation deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for human to understand --Wikipedia
  29. 29. Defeating RE Cont Some techniques for anti-analysis Packers (Compression) Protectors (Encryption) Anti-Debugging Garbage Code and Code Permutation Anti-Assembly Hypervisor/Emulator detection
  30. 30. Defeating RE Cont
  31. 31. Defeating RE Cont Advanced technologies Mutation CodeVirtualization
  32. 32. Resources REVERSING secrets of reverse engineering (By Eldad Eilam) Microsoft windows internals (By Mark Russinovich and David Solomon) cool reverseme.exe collections InfoSec Institute Resources. cool articles on security NtDebugging blog (Microsoft global escalation support team) - fine gain exposure in windows insides And finally some good book on x86 assembly tut and reference.
  33. 33. Questions??? Still there anything struggling in your mind.
  34. 34. Hope you enjoyed it. Thank you!!!