SlideShare ist ein Scribd-Unternehmen logo

Hacking with Reverse Engineering and Defense against it

Prakashchand Suthar
Prakashchand Suthar
BildungTechnologie
1 von 34
Downloaden Sie, um offline zu lesen
Reverse  Code  Engineering   Reverser  view  to  application  security  
Speaker  Info     Krishs  Patil   Hold  master  degree  in  computer  application   Computer  programmer   Reverser   And  hobbyist  security  researcher  
Outline   —  Introduction   —  Reversing  Process   —  Tools  and  Techniques   —  Reversing  in  different  context  (Practice)   —  Lab  demonstration   —  Defeating  Reverse  Engineering   —  Resources  
Introduction   —   “Reverse  engineering  is  the  process  of  extracting  the   knowledge  or  design  blueprints  from  anything  man-­‐ made”.     —  It  is  usually  conducted  to  obtain  missing  knowledge,   ideas  and  design  philosophy  when  such  information  is   unavailable.   —  In  computer  science,  It  is  the  process  of  dis-­‐ assembling  or  de-­‐compiling  the  binary  code  of   computer  program  for  various  purpose.   —  Requires  skills  and  understanding  of  computer  and   software  development  
Introduction  Cont…      Why  reverse  engineering…    different  people  do  it  for  different  purpose  …        But,  Specifically  in  the  field  of  Cyber  Security…      …  If  you  want  to  be  serious  security  researcher,  you   must  posses  skills  of  reverse  code  engineering.  
Reversing  Process    Defining  scope  of  reversing…   —  System  Reverse  Engineering   —  Code  Reverse  Engineering   —  Data  Reverse  Engineering   —  Protocol  Reverse  Engineering      
Reversing  Process  Cont…      Setting  up  environment…     —  Setup  Isolated  environment  (VMware,  Virtual  Box)   —  System  monitoring  (SysInternal  Tools)   —  Static  Analysis   —  Dynamic  Analysis    (Debugging/Tracing)  
Reversing  Process  Cont…      Disassembling  Vs  Decompiling…     —  Native  Code  –  Directly  perform  operations  on  CPU      (Compiled  with  C,C++,Delphi)   —  Intermediate  Code  –  Interpreter  drives  it  to  perform   operations  on  CPU    (Java  byte  code,  MSIL)  
Reversing  Process  Cont…      Program  structure…      Higher  level  perspective  …   —  Modules   —  Data   —  Control  flow        Lower  level  perspective  …   —  Just  assembly  language!!!  
Reversing  Process  Cont…        So  what  I  need  to  know  prior  reversing  binary  code  ...               Just  a  computer  and  brain  J  would  be  enough  but  …         …  mastering  it    might  take  time  if  you  don’t  know  about       —  Computer  architecture     —   Programming  in  Assembly  Language  and  C,C++   —  Operating  System-­‐Platform  and  HEX  numbering        
Assembly  Language   —  Lowest  level  in  software     —  Platform  specific  (IA-­‐32,    IA-­‐64,AMD)   —  Machine  code  (OpCode)  ó  Assembly  commands   —  Assembler  converts  assembly  program  into  machine   code  that  is  executable  by  CPU   —  Dis-­‐assembler  is  the  program  that  coverts  machine   code  into  textual  presentation  of  assembly   commands   —  Mastering  reversing  without  knowing  assembly  is   almost  impossible.  
Assembly  Language  
Assembly  Language    Registers   —  Internal  memory  in  processor   —  IA-­‐32  has  eight  generic  registers   (EAX,EBX,ECX,EDX,ESI,EDI,EBP  and  ESP)   —  Floating  point  and  debug  registers   —  Special  register  –  EFLAGS  for  flag  management    flags   —  OF,  SF,  ZF,  AF,  PF,  CF    
Assembly  Language    Basic  Instructions   —  MOV    -­‐  data  copying   —  LEA  –  address  loading  (POINTER)   —  ADD,  SUB,  MUL,  DIV,  IMUL,  IDIV  –  arithmetic   —  CMP,  TEST  –  comparison   —  CALL  ,  RET  –  function  call  and  Return   —  J**    -­‐  conditional  branching   —  PUSH/POP    -­‐  stack  management   —  NOP  –  do  nothing    
System  Calls   —  Used  as  interface  between  application  and  operating   system.   —  System  calls  ask  OS  to  perform  specific  task   —  Most  operating  system  are  written  in  “C”  language,  so   providing  SYSTEM  Calls  as  “C”  api’s        -­‐  NIX  system  calls  –  unistd.h      -­‐  WINDOWS  system  calls    -­‐  windows.h   —  Studying  OS  platform  and  system  calls  is  necessary   part  of  reverse  engineering  
PE  –  Portable  Executable  file  
Tools  and  Techniques   —  Various  tools  helps  in  reverse-­‐engineering  the  binary   code/program.   —  Compiler  is  the  tool  used  to  convert  high  level  language   like  C,C++  into  machine  code.   —  Assembler  is  the  tool  used  to  convert  pseudo-­‐code  written   specific  to  processor  into  machine  code.   —  At  reverse  Dis-­‐Assembler  and  De-­‐Compilers  help  us  in   reversing  the  process,  recovering  the  high  level  code  from   machine  code.   —  Debuggers  are  the  tools  used  to  debug  live  running   program.   —  Virtual  machines  might  help  in  providing  protective/ isolated  environment  for  analysis.  
Tools  and  Techniques  Cont…    Broad  category  of  tools  are  divided  into  two  category.   q Static  Analysis  Tools              -­‐Tools  helps  us  to  analysis  program  without  even   running  it.                -­‐  Tools  includes  Dis-­‐assembler  and  De-­‐Compilers   q Dynamic  Analysis  Tools   -­‐  Tools  in  this  category  helps  us  dive  deep  into   program  by  analyzing  it  while  running  it.            -­‐  Tools  includes  Debuggers,  Loaders  and  System   Monitoring  tools  
Tools  and  Techniques  Cont…   —  Compilers            (VC  compiler,  GCC  compiler  suite,  .NET  framework)   —  Assemblers          (MASM,  NASM,  TASM,  FASM)   —  Dis-­‐assemblers  and  Debuggers          (IDAPro,  OllyDbg,  Immunity  Debugger,  WinDbg)   —  Hypervisors          (VMWare  Workstation/Player,  VirtualBox,QUEMU)   —  System  monitoring  withSysInternals  tools   —  Hex  Editors  and  Other  system  utilities  
Tools  and  Techniques  Cont…  
Tools  and  Techniques  Cont…  
Tools  and  Techniques  Cont…  
Tools  and  Techniques  Cont…  
RCE  in  various  context   Time  to  understand  field  work!!!   —  Cracking  (Illegal/Un-­‐Ethical)   —  Malware  analysis   —  Vulnerability  analysis  (exploit  development)   —  Clean  house  RE  (Chinese  Wall)   —  Recovering  lost  source  code  (legacy)   —  Investigating  and  solving  faults  cause  in  released   software.  (Microsoft  global  escalation  support  team)  
Cool  Huh  …     Lets  play  around  some  practical  reversing  lab  exercise       Lets  see  some  cool  stuff  J  
Lab  –  Cracking  for  serial.   —  This  is  for  purely  demonstration  and  educational   purpose  only.     —  Anything  you  do  to  obtain  or  provide  fake  registration   key  for  software  is  considered  cracking  and  a  serious   offense.   —  In  lab  we  are  going  to  study  and  recover  serial  key  and   defeat  registration  mechanism  by  various  ways.  
Defeating  RE   —  Lot  of  research  has  been  done,  many  ways  to  make  it   harden  for  reversing  process.              …  But  no  solution  is  100%  perfect  and  secure.    
Defeating  RE  Cont…          Software  armoring              Obfuscation              “  deliberate  act  of  creating  obfuscated  code,  i.e.   source  or  machine  code  that  is  difficult  for  human  to   understand”  -­‐-­‐  Wikipedia    
Defeating  RE  Cont…    Some  techniques  for  anti-­‐analysis  …       —  Packers    (Compression)   —  Protectors  (Encryption)     —   Anti-­‐Debugging   —  Garbage  Code  and  Code  Permutation   —  Anti-­‐Assembly   —  Hypervisor/Emulator  detection  
Defeating  RE  Cont…  
Defeating  RE  Cont…          Advanced  technologies…   —  Mutation   —  Code  Virtualization  
Resources   —  REVERSING  –  secrets  of  reverse  engineering  (By   Eldad  Eilam)   —  Microsoft  windows  internals  (By  Mark  Russinovich   and  David  Solomon)   —  Reverseme.de  –  cool  reverseme.exe  collections   —  InfoSec  Institute  Resources.  –  cool  articles  on  security     —  NtDebugging  blog  (Microsoft  global  escalation   support  team)    -­‐  fine  gain  exposure  in  windows  insides   —  And  finally  some  good  book  on  x86  assembly  tut  and   reference.  
Questions???   Still  there  anything  struggling  in  your  mind.    
Thank  you!!!   Hope  you  enjoyed  it.  

Empfohlen

Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Malware forensics
Malware forensicsMalware forensics
Malware forensicsSameera Amjad
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 

Empfohlen

Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Malware forensics
Malware forensicsMalware forensics
Malware forensicsSameera Amjad
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final pptAjay AJ
 
AES KEY EXPANSION .pptx
AES KEY EXPANSION .pptxAES KEY EXPANSION .pptx
AES KEY EXPANSION .pptxAhmudulHassan
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Brute force attack
Brute force attackBrute force attack
Brute force attackJamil Ali Ahmed
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivNOAH Advisors
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Rootkit
RootkitRootkit
Rootkittech2click
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPTSweta Leena Panda
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptxVSAM Technologies India Private Limited
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse EngineeringGopinath Chintala
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringSyed Zillay Ali
 

Weitere ähnliche Inhalte

Was ist angesagt?

02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final pptAjay AJ
 
AES KEY EXPANSION .pptx
AES KEY EXPANSION .pptxAES KEY EXPANSION .pptx
AES KEY EXPANSION .pptxAhmudulHassan
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivNOAH Advisors
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 

Was ist angesagt? (20)

02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final ppt
 
AES KEY EXPANSION .pptx
AES KEY EXPANSION .pptxAES KEY EXPANSION .pptx
AES KEY EXPANSION .pptx
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Rootkit
RootkitRootkit
Rootkit
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 

Andere mochten auch

Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse EngineeringGopinath Chintala
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringananya0122
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its applicationmapqrs
 
WARE: a tool for the Reverse Engineering of Web Applications
WARE: a tool for the Reverse Engineering of Web Applications WARE: a tool for the Reverse Engineering of Web Applications
WARE: a tool for the Reverse Engineering of Web Applications Porfirio Tramontana
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringdspokale25
 
Software maintenance Unit5
Software maintenance Unit5Software maintenance Unit5
Software maintenance Unit5Mohammad Faizan
 
Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineeringParminder Singh
 
Mi 291 chapter 3 (reverse engineering)(1)
Mi 291 chapter 3 (reverse engineering)(1)Mi 291 chapter 3 (reverse engineering)(1)
Mi 291 chapter 3 (reverse engineering)(1)varun teja G.V.V
 

Andere mochten auch (12)

Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse Engineering
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its application
 
3D scanning and Reverse Engineering
3D scanning and Reverse Engineering3D scanning and Reverse Engineering
3D scanning and Reverse Engineering
 
WARE: a tool for the Reverse Engineering of Web Applications
WARE: a tool for the Reverse Engineering of Web Applications WARE: a tool for the Reverse Engineering of Web Applications
WARE: a tool for the Reverse Engineering of Web Applications
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Software maintenance Unit5
Software maintenance Unit5Software maintenance Unit5
Software maintenance Unit5
 
Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
 
Mi 291 chapter 3 (reverse engineering)(1)
Mi 291 chapter 3 (reverse engineering)(1)Mi 291 chapter 3 (reverse engineering)(1)
Mi 291 chapter 3 (reverse engineering)(1)
 

Ähnlich wie Hacking with Reverse Engineering and Defense against it

Reverse code engineering
Reverse code engineeringReverse code engineering
Reverse code engineeringKrishs Patil
 
Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse EngineeringNull Bhubaneswar
 
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...CODE BLUE
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitDimitry Snezhkov
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Embedded systems tools & peripherals
Embedded systems tools & peripheralsEmbedded systems tools & peripherals
Embedded systems tools & peripheralsimtiazalijoono
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidVlatko Kosturjak
 
VB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkVB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkAmr Thabet
 
Unmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/InvokeUnmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/InvokeDmitri Nesteruk
 
Development workflow
Development workflowDevelopment workflow
Development workflowSigsiu.NET
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and TechniquesBala Subra
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsDefconRussia
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
Compilers programmingembedded
Compilers programmingembeddedCompilers programmingembedded
Compilers programmingembeddedManish Pandey
 

Ähnlich wie Hacking with Reverse Engineering and Defense against it (20)

Reverse code engineering
Reverse code engineeringReverse code engineering
Reverse code engineering
 
Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse Engineering
 
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Embedded systems tools & peripherals
Embedded systems tools & peripheralsEmbedded systems tools & peripherals
Embedded systems tools & peripherals
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to Android
 
Vxcon 2016
Vxcon 2016Vxcon 2016
Vxcon 2016
 
VB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkVB2013 - Security Research and Development Framework
VB2013 - Security Research and Development Framework
 
System software
System softwareSystem software
System software
 
Unmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/InvokeUnmanaged Parallelization via P/Invoke
Unmanaged Parallelization via P/Invoke
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
 
Development workflow
Development workflowDevelopment workflow
Development workflow
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
Oleksyk applied-anti-forensics
Oleksyk applied-anti-forensicsOleksyk applied-anti-forensics
Oleksyk applied-anti-forensics
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
Compilers programmingembedded
Compilers programmingembeddedCompilers programmingembedded
Compilers programmingembedded
 

Kürzlich hochgeladen

A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 

Kürzlich hochgeladen (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Hacking with Reverse Engineering and Defense against it

  • 1. Reverse  Code  Engineering   Reverser  view  to  application  security  
  • 2. Speaker  Info     Krishs  Patil   Hold  master  degree  in  computer  application   Computer  programmer   Reverser   And  hobbyist  security  researcher  
  • 3. Outline   —  Introduction   —  Reversing  Process   —  Tools  and  Techniques   —  Reversing  in  different  context  (Practice)   —  Lab  demonstration   —  Defeating  Reverse  Engineering   —  Resources  
  • 4. Introduction   —   “Reverse  engineering  is  the  process  of  extracting  the   knowledge  or  design  blueprints  from  anything  man-­‐ made”.     —  It  is  usually  conducted  to  obtain  missing  knowledge,   ideas  and  design  philosophy  when  such  information  is   unavailable.   —  In  computer  science,  It  is  the  process  of  dis-­‐ assembling  or  de-­‐compiling  the  binary  code  of   computer  program  for  various  purpose.   —  Requires  skills  and  understanding  of  computer  and   software  development  
  • 5. Introduction  Cont…      Why  reverse  engineering…    different  people  do  it  for  different  purpose  …        But,  Specifically  in  the  field  of  Cyber  Security…      …  If  you  want  to  be  serious  security  researcher,  you   must  posses  skills  of  reverse  code  engineering.  
  • 6. Reversing  Process    Defining  scope  of  reversing…   —  System  Reverse  Engineering   —  Code  Reverse  Engineering   —  Data  Reverse  Engineering   —  Protocol  Reverse  Engineering      
  • 7. Reversing  Process  Cont…      Setting  up  environment…     —  Setup  Isolated  environment  (VMware,  Virtual  Box)   —  System  monitoring  (SysInternal  Tools)   —  Static  Analysis   —  Dynamic  Analysis    (Debugging/Tracing)  
  • 8. Reversing  Process  Cont…      Disassembling  Vs  Decompiling…     —  Native  Code  –  Directly  perform  operations  on  CPU      (Compiled  with  C,C++,Delphi)   —  Intermediate  Code  –  Interpreter  drives  it  to  perform   operations  on  CPU    (Java  byte  code,  MSIL)  
  • 9. Reversing  Process  Cont…      Program  structure…      Higher  level  perspective  …   —  Modules   —  Data   —  Control  flow        Lower  level  perspective  …   —  Just  assembly  language!!!  
  • 10. Reversing  Process  Cont…        So  what  I  need  to  know  prior  reversing  binary  code  ...               Just  a  computer  and  brain  J  would  be  enough  but  …         …  mastering  it    might  take  time  if  you  don’t  know  about       —  Computer  architecture     —   Programming  in  Assembly  Language  and  C,C++   —  Operating  System-­‐Platform  and  HEX  numbering        
  • 11. Assembly  Language   —  Lowest  level  in  software     —  Platform  specific  (IA-­‐32,    IA-­‐64,AMD)   —  Machine  code  (OpCode)  ó  Assembly  commands   —  Assembler  converts  assembly  program  into  machine   code  that  is  executable  by  CPU   —  Dis-­‐assembler  is  the  program  that  coverts  machine   code  into  textual  presentation  of  assembly   commands   —  Mastering  reversing  without  knowing  assembly  is   almost  impossible.  
  • 13. Assembly  Language    Registers   —  Internal  memory  in  processor   —  IA-­‐32  has  eight  generic  registers   (EAX,EBX,ECX,EDX,ESI,EDI,EBP  and  ESP)   —  Floating  point  and  debug  registers   —  Special  register  –  EFLAGS  for  flag  management    flags   —  OF,  SF,  ZF,  AF,  PF,  CF    
  • 14. Assembly  Language    Basic  Instructions   —  MOV    -­‐  data  copying   —  LEA  –  address  loading  (POINTER)   —  ADD,  SUB,  MUL,  DIV,  IMUL,  IDIV  –  arithmetic   —  CMP,  TEST  –  comparison   —  CALL  ,  RET  –  function  call  and  Return   —  J**    -­‐  conditional  branching   —  PUSH/POP    -­‐  stack  management   —  NOP  –  do  nothing    
  • 15. System  Calls   —  Used  as  interface  between  application  and  operating   system.   —  System  calls  ask  OS  to  perform  specific  task   —  Most  operating  system  are  written  in  “C”  language,  so   providing  SYSTEM  Calls  as  “C”  api’s        -­‐  NIX  system  calls  –  unistd.h      -­‐  WINDOWS  system  calls    -­‐  windows.h   —  Studying  OS  platform  and  system  calls  is  necessary   part  of  reverse  engineering  
  • 16. PE  –  Portable  Executable  file  
  • 17. Tools  and  Techniques   —  Various  tools  helps  in  reverse-­‐engineering  the  binary   code/program.   —  Compiler  is  the  tool  used  to  convert  high  level  language   like  C,C++  into  machine  code.   —  Assembler  is  the  tool  used  to  convert  pseudo-­‐code  written   specific  to  processor  into  machine  code.   —  At  reverse  Dis-­‐Assembler  and  De-­‐Compilers  help  us  in   reversing  the  process,  recovering  the  high  level  code  from   machine  code.   —  Debuggers  are  the  tools  used  to  debug  live  running   program.   —  Virtual  machines  might  help  in  providing  protective/ isolated  environment  for  analysis.  
  • 18. Tools  and  Techniques  Cont…    Broad  category  of  tools  are  divided  into  two  category.   q Static  Analysis  Tools              -­‐Tools  helps  us  to  analysis  program  without  even   running  it.                -­‐  Tools  includes  Dis-­‐assembler  and  De-­‐Compilers   q Dynamic  Analysis  Tools   -­‐  Tools  in  this  category  helps  us  dive  deep  into   program  by  analyzing  it  while  running  it.            -­‐  Tools  includes  Debuggers,  Loaders  and  System   Monitoring  tools  
  • 19. Tools  and  Techniques  Cont…   —  Compilers            (VC  compiler,  GCC  compiler  suite,  .NET  framework)   —  Assemblers          (MASM,  NASM,  TASM,  FASM)   —  Dis-­‐assemblers  and  Debuggers          (IDAPro,  OllyDbg,  Immunity  Debugger,  WinDbg)   —  Hypervisors          (VMWare  Workstation/Player,  VirtualBox,QUEMU)   —  System  monitoring  withSysInternals  tools   —  Hex  Editors  and  Other  system  utilities  
  • 20. Tools  and  Techniques  Cont…  
  • 21. Tools  and  Techniques  Cont…  
  • 22. Tools  and  Techniques  Cont…  
  • 23. Tools  and  Techniques  Cont…  
  • 24. RCE  in  various  context   Time  to  understand  field  work!!!   —  Cracking  (Illegal/Un-­‐Ethical)   —  Malware  analysis   —  Vulnerability  analysis  (exploit  development)   —  Clean  house  RE  (Chinese  Wall)   —  Recovering  lost  source  code  (legacy)   —  Investigating  and  solving  faults  cause  in  released   software.  (Microsoft  global  escalation  support  team)  
  • 25. Cool  Huh  …     Lets  play  around  some  practical  reversing  lab  exercise       Lets  see  some  cool  stuff  J  
  • 26. Lab  –  Cracking  for  serial.   —  This  is  for  purely  demonstration  and  educational   purpose  only.     —  Anything  you  do  to  obtain  or  provide  fake  registration   key  for  software  is  considered  cracking  and  a  serious   offense.   —  In  lab  we  are  going  to  study  and  recover  serial  key  and   defeat  registration  mechanism  by  various  ways.  
  • 27. Defeating  RE   —  Lot  of  research  has  been  done,  many  ways  to  make  it   harden  for  reversing  process.              …  But  no  solution  is  100%  perfect  and  secure.    
  • 28. Defeating  RE  Cont…          Software  armoring              Obfuscation              “  deliberate  act  of  creating  obfuscated  code,  i.e.   source  or  machine  code  that  is  difficult  for  human  to   understand”  -­‐-­‐  Wikipedia    
  • 29. Defeating  RE  Cont…    Some  techniques  for  anti-­‐analysis  …       —  Packers    (Compression)   —  Protectors  (Encryption)     —   Anti-­‐Debugging   —  Garbage  Code  and  Code  Permutation   —  Anti-­‐Assembly   —  Hypervisor/Emulator  detection  
  • 31. Defeating  RE  Cont…          Advanced  technologies…   —  Mutation   —  Code  Virtualization  
  • 32. Resources   —  REVERSING  –  secrets  of  reverse  engineering  (By   Eldad  Eilam)   —  Microsoft  windows  internals  (By  Mark  Russinovich   and  David  Solomon)   —  Reverseme.de  –  cool  reverseme.exe  collections   —  InfoSec  Institute  Resources.  –  cool  articles  on  security     —  NtDebugging  blog  (Microsoft  global  escalation   support  team)    -­‐  fine  gain  exposure  in  windows  insides   —  And  finally  some  good  book  on  x86  assembly  tut  and   reference.  
  • 33. Questions???   Still  there  anything  struggling  in  your  mind.    
  • 34. Thank  you!!!   Hope  you  enjoyed  it.