Reverse engineering 101
|Reverse engineering 101|
|Learn the internals of your programs by stirring the code|
| From 2011/10/15 02:00:00 PM |
to 2011/10/15 07:00:00 PM
|brain transplantation if IQ LTE 90|
- Teaching basic ASM knowledge (understanding it is faaaaar more easier than writing it)
- Understanding the structure of an application in general
- Understanding it on the platform of choice (a practical example of the previous)
- Gluing the things together
Learning some basic reverse engineering tasks. Concrete the following will be (attempted) to be teached:
- understanding how a compiler implements control structures such as (but not limited to) IF-statements, FOR-loops, WHILE-loops,...
- understanding how an application is structured
- basic altering practises and how to combat them
I expect that all participants have the requested software and documentation ready on THEIR machine. The Internet connection of the space is too slow to use if somebody has forgotten to download some tools or documentation. I will be very strict: if will walk through the dependencies and people who do not meet them will not be allowed to attend. We will be short in time already, and we do need a break sometimes to let our brains cool down and process the incomming information.
If I alter this list within 24h before the start of the event, I will provide the changed files/data on USB Flash disk, SD card and optical medium (CD or DVD, whatever fits the data best). I will only provide copies of the changed data, not the full list, so you're still required to have everything mentionned before the deadline.
Any recent x86 compatible computer capable of running the mentionned software, storing the requested documentation, and at least 2000MB of storage to store work/data files generated during the event. Debugging info takes a lot of space on your hard drive - take that into account.
As a general rule, I propose the following (if you use a VM, this should be the VM settings, not the host computer specs):
- PIV at 2000Mhz or faster (single core/thread, more is better)
- 1536MB RAM (debugging tools tend to cache data in RAM for fast access, less RAM requires more disk space, and slows the whole process. I shouldn't explain why)
- 5GB of free space after installing documentation/tools mentionned, in addition to the recommended amount of free space required by your OS/Version.
- WINDOWS! WINE can rune some tools, but the combo debugger+wine is not really stable and gives lots of unexpected crashes and issues. Install Windows in a virtual machine if you don't want to reformat, but read the previous point. Any recent version will do, but Windows XP Professional SP3 (x86, no 64bit) is the most appropriate for this situation. If you want to use another version, because you already have that installed or such, you should test all mentionned applications for compatibility and explore the differences in usage between x86 and x86_54 architectures. In normal use this is not important, but this workshop is about internals, and x86 and x86_64 are different internals, though comparable.
- OLLYDBG.  Version 1.10 will be used.
- IDA Pro evaluation version.  Use the demo. If you want to explore after the demo expired, use the freeware 5.0 version. In the workshop I will be using version 6.1 Pro (full version), but I will mention differences between the trial and full builds.
(to be completed)
|Has Category||Coding +|
|Has Void org||false +|
|Has cost||Brain transplantation if IQ LTE 90 +|
|Has description||Learn the internals of your programs by stirring the code|
|Has end date||15 October 2011 19:00:00 +|
|Has event type||Workshop +|
|Has location||Den Bunker +|
|Has presenter||Yvanj +|
|Has presenter amount||1 +|
|Has start date||15 October 2011 14:00:00 +|