Spicy Reverse Engineering


Spicy Reverse Engineering

In this episode of Hak5 Matt shows us how to map our networks with Spiceworks, an open source infrastructure mapping tool. Chris Gerling breaks down reverse engineering, Shannon talks about OpenDNS, and Christine has a Windows utility for everyone running multiple monitors.

Note about the production: This episode was plagued by the cabling mistake that made episode 4x01 dark and fuzzy. On a brighter note I'm happy to say episodes 4x03 and on look sharp and prettier.

Matt reviews SpiceWorks, a full featured open source infrastructure mapping suite. Grab a copy at spiceworks.com or check out Matt's full review at MattLestock.com.

Chris Gerling dives into Reverse Engineering basics

In part 1 of Reverse Engineering I go over some basic theory and demo some tools associated with the Crackme scene of reverse engineering. This is not hardcore reverse engineering that will get you on the RELOADED team, but it's a nice peek into things.

Tools of the trade (there are MANY MANY more):

WINDASM (W32DASM): I cannot link you to anything official as it's no longer obtainable from the original vendor, so you'll have to google for it. Be wary of any copy you download, virus scan it, and run it in a VM or on an isolated machine first. No guarantees.

IDA Pro: Industry standard. Extremely useful for almost any kind of file. We demo the older free version for lack of $500.

OllyDbg: Debugger similar to IDA Pro

PEiD: Detects packers, cryptors, and compilers.

.NET Reflector: Typically used for disassembling .NET applications.

Big Endian is akin to SONAR being sent as SON AR

Little Endian is akin to SONAR being sent as AR SON

Registers = Variables

32 bit = e

16 bit = different size, ax, bx, cx, dx, di, si, sp, bp

8 bit: al, ah, bl, bh, cl, ch, dl, dh. l means lower 8 bits of 16 bit reg, h means higher

Flags = boolean values, 1 or 0. Zero flag can get 0 or non zero (1) values.

The idea is to debug and disassemble to find out exactly how a program works, thereby enabling you to modify characteristics of that program to suit your needs.

In Part 2 we finish these notes and actually show you how to navigate through code.

Shannon talks about OpenDNS, a more secure and featureful alternative to your ISP provided DNS available at OpenDNS.com

Christine's software pick this week is Calibrize, a nifty tool for simple color calibration.>