Friday, February 26, 2010

Basics of Reversing (Reverse Engineering)

If you aren't into challenges, have never looked at a Rubik's cube as anything but a colorful plastic square, suck at math, are regularly infuriated by computers, and have zero patience, you can stop reading now, there is nothing for you here beyond this sentence. For the rest of you, read on...

Every now and then I come across a topic I am simultaneously unfamiliar and fascinated with. Recently this as been reversing (and yes I'm talking about reverse engineering software, not taking apart your cable box to try and figure out how to get more channels you cheapskate). I have had my share of brushes with reverse engineering, and most of us probably have without knowing it. Anyone who has been exposed to a 'cracked' version of a program, run an anti malware application, got a computer virus, used a key generator, watched a 'backed up' DVD, or used a patch to modify the way a program runs (like removing a nag screen or something similar) has been blessed with the byproduct of reverse engineering software.

In short, reversing is looking at the files that make up a program, and using tools to peek inside, prod around, and find ways to tweak the files and make the system behave the way you want it to. The amount of changes you can make to a binary application are obviously limited and it can be very complex, time consuming and challenging, but the end result is unbelievably rewarding.

Of course I'm not condoning pirating software or violating any applications terms of use agreement, but these sorts of intense puzzles are far more entertaining than sudoku or a Rubik's cube, and can yield some pretty cool results while strengthening your general understanding of exactly how applications work at the ground level. For example, reversing is a powerful tool used to thwart malware and is one of the ways anti spyware/malware applications are able to remove those nasties from an infected system. Awwww, thanks reverse engineering! It is also very useful to developers who want to make their application more secure, after all you have to know how people break into them in order to protect against it (like that movie where Martin Laurence is a thief who becomes a cop and ends up finding out he's pretty good at catching thieves... yea kind of like that).

The thing I've really found interesting is how many new areas studying this topic really opens up. It forces you to delve into assembly language for example, and understand the transmission of network packets at a very different level. Diving into these subjects introduces tools and techniques that are applicable to so many troubleshooting tasks that it can really improve your capabilities as a tech person in virtually any area of expertise.

To get your feet wet, I would recommend searching youtube for videos on ollydbg, IDA pro, (both disassemblers), DeObfuscation, unpacking, and revers engineering in general. Also get familiar with hex editors and what they can be used for, decompilers like flasm and sothink for flash decompilation, etc. etc. etc.

Here are a couple links to sites with lots of different tools you can play with:
RCE's tool library

And here is a list of some other apps that I've been toying with as of late:
XVI32, Hex Workshop, PEid, .NET Reflector, OllyDBG, IDA Pro

more reversing resources:
RCE Messageboard - be sure to check out the FAQ, tons of great information on there.
Lena's tutorial series - An excellent set of 40 tutorials including demo files, videos, documentation and even the freeware apps you'll need to get started. Highly recommended.

Bottom line is, if you're not familiar with any of these things, that's ok, you've just got a lot of toying around to do. If you want to try cracking a very simple application, check out - they keep a repository of older versions of all types of popular software that is much less complex and easier to crack than then more heavily protected modern applications (of course this is a sweeping generalization and not universally applicable).

And of course what would a blog post be without a couple little videos to show you what the hell I'm talking about:

Happy reversing =)