Reverse engineering 101

From VoidWarranties - Hackerspace Antwerp, Belgium
(Difference between revisions)
Jump to: navigation, search
 
(3 intermediate revisions by 3 users not shown)
Line 9: Line 9:
 
|Cost=brain transplantation if IQ LTE 90
 
|Cost=brain transplantation if IQ LTE 90
 
|Logo=Halloween witches 60.gif
 
|Logo=Halloween witches 60.gif
|Presenters=Yvanj,
+
|Presenters=,
 
}}
 
}}
 
{{AgendaPoints
 
{{AgendaPoints
Line 17: Line 17:
 
# Gluing the things together
 
# Gluing the things together
 
}}
 
}}
 
+
{{MeetingNotes}}
 
=Objective=
 
=Objective=
 
Learning some basic reverse engineering tasks. Concrete the following will be (attempted) to be teached:
 
Learning some basic reverse engineering tasks. Concrete the following will be (attempted) to be teached:
Line 44: Line 44:
  
 
* OLLYDBG. [http://www.ollydbg.de/] Version 1.10 will be used.
 
* OLLYDBG. [http://www.ollydbg.de/] Version 1.10 will be used.
* IDA Pro evaluation version. [http://www.hex-rays.com/idapro/] '''DO NOT USE A PIRATED VERSION'''. Use the demo. If you want to explore after the demo expired, use the freeware 5.0 version. In the workshop I will be using version 6.1 Pro (full version), but I will mention differences between the trial and full builds. I will repeat myself: '''DO NOT USE A PIRATED VERSION'''. I will check this at the beginning of the event, and if you have a pirated copy, you are '''NOT''' allowed to attend the event. I know it isn't cheap, but there is a demo/feature limited free version. All you data files are signed with your license (be it a demo or not), and if you exchange data files created by a pirated copy, it will be clearly visible in the file, and we (and Hex-Rays) are serious about piracy. Do '''NOT''' expect anyone on the entire world to share you their copy/license, since every copy sold is a custom build with license/identification data built in, and the data files will contain this too. Do not complain if I point you to the exit if I notice this, it's for your (and my, and the space's) safety.
+
* IDA Pro evaluation version. [http://www.hex-rays.com/idapro/] Use the demo. If you want to explore after the demo expired, use the freeware 5.0 version. In the workshop I will be using version 6.1 Pro (full version), but I will mention differences between the trial and full builds.
  
 
==Documentation required==
 
==Documentation required==
  
 
(to be completed)
 
(to be completed)
 +
 +
==Participants skill required==
 +
 +
* Basic understanding of [http://nl.wikipedia.org/wiki/Hexadecimaal Hex]
 +
* Knowledge of one or more programming languages.
 +
{{EventImages}}

Latest revision as of 11:12, 3 August 2013

Note: this article is about a passed event.

Reverse engineering 101
Learn the internals of your programs by stirring the code
Halloween witches 60.gif
From 2011/10/15 02:00:00 PM
to 2011/10/15 07:00:00 PM
Presenters (0):


Type:
Workshop
Category:
Coding
Location:
Den Bunker

Herrystraat 22, Deurne, Belgium

Cost:
brain transplantation if IQ LTE 90


Contents

Agenda points

  1. Teaching basic ASM knowledge (understanding it is faaaaar more easier than writing it)
  2. Understanding the structure of an application in general
  3. Understanding it on the platform of choice (a practical example of the previous)
  4. Gluing the things together

Meeting notes

Join note taking during the meeting: http://piratepad.be/p/VoidWarranties

Objective

Learning some basic reverse engineering tasks. Concrete the following will be (attempted) to be teached:

Requirements

I expect that all participants have the requested software and documentation ready on THEIR machine. The Internet connection of the space is too slow to use if somebody has forgotten to download some tools or documentation. I will be very strict: if will walk through the dependencies and people who do not meet them will not be allowed to attend. We will be short in time already, and we do need a break sometimes to let our brains cool down and process the incomming information.

If I alter this list within 24h before the start of the event, I will provide the changed files/data on USB Flash disk, SD card and optical medium (CD or DVD, whatever fits the data best). I will only provide copies of the changed data, not the full list, so you're still required to have everything mentionned before the deadline.

Hardware requirements

Any recent x86 compatible computer capable of running the mentionned software, storing the requested documentation, and at least 2000MB of storage to store work/data files generated during the event. Debugging info takes a lot of space on your hard drive - take that into account.

As a general rule, I propose the following (if you use a VM, this should be the VM settings, not the host computer specs):

Software requirements

Documentation required

(to be completed)

Participants skill required


Facts about Reverse engineering 101RDF feed
Has CategoryCoding  +
Has Void orgfalse  +
Has costBrain transplantation if IQ LTE 90  +
Has descriptionLearn the internals of your programs by stirring the code
Has end date15 October 2011 19:00:00  +
Has event typeWorkshop  +
Has locationDen Bunker  +
Has presenter amount0  +
Has start date15 October 2011 14:00:00  +
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Content Creation
Belgian Spaces