Spicy Reverse Engineering
In this episode of Hak5 Matt shows us how to map our networks with Spiceworks, an open source infrastructure mapping tool. Chris Gerling breaks down reverse engineering, Shannon talks about OpenDNS, and Christine has a Windows utility for everyone running multiple monitors.
Note about the production: This episode was plagued by the cabling mistake that made episode 4x01 dark and fuzzy. On a brighter note I'm happy to say episodes 4x03 and on look sharp and prettier.
Chris Gerling dives into Reverse Engineering basics
In part 1 of Reverse Engineering I go over some basic theory and demo some tools associated with the Crackme scene of reverse engineering. This is not hardcore reverse engineering that will get you on the RELOADED team, but it's a nice peek into things.
Tools of the trade (there are MANY MANY more):
WINDASM (W32DASM): I cannot link you to anything official as it's no longer obtainable from the original vendor, so you'll have to google for it. Be wary of any copy you download, virus scan it, and run it in a VM or on an isolated machine first. No guarantees.
IDA Pro: Industry standard. Extremely useful for almost any kind of file. We demo the older free version for lack of $500.
OllyDbg: Debugger similar to IDA Pro
PEiD: Detects packers, cryptors, and compilers.
.NET Reflector: Typically used for disassembling .NET applications.
Big Endian is akin to SONAR being sent as SON AR
Little Endian is akin to SONAR being sent as AR SON
Registers = Variables
32 bit = e
16 bit = different size, ax, bx, cx, dx, di, si, sp, bp
8 bit: al, ah, bl, bh, cl, ch, dl, dh. l means lower 8 bits of 16 bit reg, h means higher
Flags = boolean values, 1 or 0. Zero flag can get 0 or non zero (1) values.
The idea is to debug and disassemble to find out exactly how a program works, thereby enabling you to modify characteristics of that program to suit your needs.
In Part 2 we finish these notes and actually show you how to navigate through code.