What is reverse engineering:
Reverse engineering may refer to any of the following: 1. When referring to computer science / programming , reverse engineering means to “break down” the programming code. … Generally speaking, the purpose is to fix errors in the software engineer’s code, or create a program like the one being deconstructed.
Are reverse engineering and decompilation the same ?
Decompilation is just one method of reverse engineering.
From the decompilation description:
Decompiling is the process of analyzing an executable or object code binary and outputting source code in a programming language such as C. The process involves translating a file from a low level of abstraction to a higher level of abstraction.Decompilation is usually carried out using a decompiler. From Wikipedia’s article on reverse engineering:
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.
Software can be reverse engineered and decompiled. A lot of other things (such as hardware, door locks) can be reverse engineered but not decompiled, because their software/firmware is written in low level languages without a higher-level representation, or, more radically, they don’t have any firmware in the first place.
Whenever we begin up reverse engineering Two things will come up in mind :
Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor.
Static program analysis is the analysis of computer software that is performed without actually executing programs.
In other words :
-
The static analysis is usually based on analyzing the program without the need to execute it. It is mostly based on finding patterns, counting memory references, … The Wikipedia page about Static program analysis is, from my point of view, incomplete but still a good read.
-
The dynamic analysis , on the other hand, involves executing the program and requires instrumentation of basic blocks such as loops, functions, … The instrumentation consists of inserting probes at the entry and exit of a basic block which will measure the time according to a certain metric (CPU cycles, time in µs, …). The information gathered after the analysis is usually used to optimize the application by performing loop unrolling with a suitable unroll factor, vectorization if possible (SSE, AVX, Altivec, …), etc.
Ok let’s Jump into resources, Please note that the following collection is collected by various professionals I just summarize it up here. All credits go to original authors.
Assembly Fundamentals
C Fundamentals :
Reverse engineering Fundamentals :
General
Articles
Educational
-
Theorem prover, symbolic execution and practical reverse-engineering
-
Jailbreaks and Pirate Tractors: Reverse Engineering Do’s and Don’ts
Timelines
Videos
-
The Best Campfire Tales that Reverse Engineers Tell — Travis Goodspeed with Sergey Bratus
-
Jailbreaks and Pirate Tractors: Reverse Engineering Do’s and Don’ts
-
Introduction to Reversing and Pwning — David Weinman — BsidesLV ProvingGrounds17
Things that are interesting/don’t fit elsewhere
Things that Don’t fit elsewhere
Comparison Tools
References
General Research/Stuff
Tools
Binary Visualization Tools
-
visual analysis of binary files
General
De/Obfuscators/Unpackers
ELF/Related Tools
Emulators
Packers
PE32/Related Tools
OLE
-
python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.
Searching Through Binaries
Static Analysis Tools
OS X
Linux
Windows
Debuggers
Debuggers
All platforms
-
GDB Addons
-
PEDA — Python Exploit Development Assistance for GDB
-
Linux
Hypervisor-based debugger
Debugging Writeups/Papers
Decompilers & Disassemblers
-
fREedom is a primitive attempt to provide an IDA Pro independent means of extracting disassembly information from executables for use with binnavi (https://github.com/google/binnavi).
Java
-
Java Decompiler Gui for Procyon
-
Blackhat — 2010 JavaSnoop: How to hack anything written in Java
.NET
IDA specific Stuff
IDA Extensions
IDA Plugins
-
Ponce r
IDA Tutorials/Help
-
How to Identify Virtual Table Functions with IDA Pro and the VTBL Plugin
-
IDAPython The Wonder Woman of Embedded Device Reversing Maddie Stone — Derbycon7
File Formats
Flash Player
Frameworks
-
Radare2 — unix-like reverse engineering framework and commandline tools ](http://www.radare.org/y/?p=features)
-
Reverse engineering embedded software using Radare2 — Talk/Tutorial
-
BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
Programming Language Specifics/Libraries
Programming Language Specific Stuff/Useful/Related Libraries
GO
Python
Decompiler
-
A native Python cross-version Decompiler and Fragment Decompiler. The successor to decompyle, uncompyle, and uncompyle2.
-
C++ python bytecode disassembler and decompiler
-
This project aims to create a comprehensive decompiler for CPython bytecode (likely works with PyPy as well, and any other Python implementation that uses CPython’s bytecode)
- Extract contents of a Windows executable file created by pyinstaller
-
Python 1.0–3.4 bytecode decompiler
Anti-Reverse Engineering Techniques & Countermeasures
Anti-Reverse Engineering Techniques & Countermeasures
Talks
-
Techniques
-
The “Ultimate”Anti-Debugging Reference — Peter Ferrie 2011/4
-
simpliFiRE.AntiRE — An Executable Collection of Anti-Reversing Techniques
-
Detecting debuggers by abusing a bad assumption within Windows
-
Dangers of the Decompiler — A Sampling of Anti-Decompilation Techniques
IDA specific Stuff
IDA Extensions
IDA Plugins
-
[YaCo])(https://github.com/DGA-MI-SSI/YaCo)
IDA Tutorials/Help
-
How to Identify Virtual Table Functions with IDA Pro and the VTBL Plugin
-
IDAPython The Wonder Woman of Embedded Device Reversing Maddie Stone - Derbycon7
File Formats
Flash Player
Frameworks
-
Radare2 - unix-like reverse engineering framework and commandline tools ](http://www.radare.org/y/?p=features)
-
Reverse engineering embedded software using Radare2 - Talk/Tutorial
-
A Qt and C++ GUI for radare2 reverse engineering framework
-
BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
Programming Language Specifics/Libraries
Programming Language Specific Stuff/Useful/Related Libraries
-
Libraries
-
Python
-
Bytecode
-
Gynvael’s Mission 11 (en): Python bytecode reverse-engineering
-
Decompiler
-
Extract contents of a Windows executable file created by pyinstaller
Anti-Reverse Engineering Techniques & Countermeasures
Anti-Reverse Engineering Techniques & Countermeasures
Techniques
-
The “Ultimate”Anti-Debugging Reference - Peter Ferrie 2011/4
-
simpliFiRE.AntiRE - An Executable Collection of Anti-Reversing Technique
-
Detecting debuggers by abusing a bad assumption within Windows
-
Dangers of the Decompiler - A Sampling of Anti-Decompilation Techniques
.NET Related
-
Microsoft.Diagnostics.Runtime.dll (nicknamed “CLR MD”) is a process and crash dump introspection library. This allows you to write tools and debugger plugins which can do thing similar to SOS and PSSCOR.
Writeups
Writeups(Papers/Videos)
Binary & Code Analysis
-
Memalyze: Dynamic Analysis of Memory Access Behavior in Software
-
How to Grow a TREE from CBASS - Interactive Binary Analysis for Security Professionals
Firmware
-
The Empire Strikes Back Apple – how your Mac firmware security is completely broken
-
Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE …)
General
-
Reverse Engineering Flash Memory for Fun and Benefit - BlackHat 2014
-
RE’ing an electron based “secure communications” app
-
The Three Billion Dollar App - Vladimir Wolstencroft -Troopers14
-
Talk about reverse engineering SnapChat and Wickr Messaging apps.
-
A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony
OS X
-
Excellent source of papers from 2003-2013 all with a focus on reversing either iOS or OS X.
Packers
Process Hooking
-
[Software Hooking methods reveiw(2016)]((https://www.blackhat.com/docs/us-16/materials/us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations-wp.pdf)
Protocols
-
Cyber Necromancy - Reverse engineering dead protocols - Defcamp 2014
-
Reverse Engineering of Proprietary Protocols, Tools and Techniques - Rob Savoye - FOSDEM 2009
Satellites
Windows
Wireless
-
Reverse engineering walk through; guy REs alarm system from shelf to replay
-
Part 1:reverse-engineering-a-wireless-burglar-alarm-system-part-1/
-
Part 2:reverse-engineering-a-wireless-burglar-alarm-part-2/)
-
Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
-
SATCOM Terminals Hacking by Air, Sea, and Land — Black Hat USA 2014
Windows
Event Tracing for Windows and Network Monitor
Improving Automated Analysis of Windows x64 Binaries
Microsoft Patch Analysis for Exploitation
-
Reverse engineering walk through; guy REs alarm system from shelf to replay
-
Part 1:reverse-engineering-a-wireless-burglar-alarm-system-part-1/
-
Part 2:reverse-engineering-a-wireless-burglar-alarm-part-2/)
-
Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
Apart From The above Valuable links ,Other Uncategorized would be
-
OpenSecurityTraining.info: Introduction to Reverse Engineering Software
-
The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
-
Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
-
Finding And Exploiting Token Handling Vulnerabilities in the Windows Kernel
-
AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing
-
Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016–4622
-
Abusing Token Privileges For Windows Local Privilege Escalation
-
GhostHook: Bypassing PatchGuard with Processor Trace Based Hooking
-
“Wild” Pool Overflow on Win10 x64 RS2 (CVE-2016–3309 Reloaded)
-
A Technical Survey of 10 Common and Trending Process Injection Techniques
-
Dangers of the Decompiler: A Sampling of Anti-Decompilation Techniques
-
User-Mode Interactions: Guidelines for Kernel-Mode Drivers (Microsoft, 2006)
-
The Apple of Your EFI: Findings from an Emprical Study of EFI Security
-
HexType: Efficient Detection of Type Confusion Errors for C++
-
A Generic Approach to Automatic Deobfuscation of Executable Code
Source: Meduim