Friday, November 13, 2009

Practical Toolkit for Reverse Engineering

Many people has been involved in Reversing Engineering area for years. It is still considered attractive for many hackers and crackers to breakthrough and discover unknown possibilities exist to reverse the system objectives. Today in our article we will represent some of the core practical explanations on reverse engineering tactics.

Reverse Engineering is basically described as a way to generate high-level architectural view of piece of software from the given source. Several applications involved within RE scope are vulnerability analysis, malware analysis and breaking copy-protection schemes. One can start learning the basics of RE either through 'crack-me' approach or the real-life approach (take the real-world problem, break it and attack it).


Tools of The Trade

1. Debuggers
WinDbg - Rich features, Extensive C++ support, Poor interface.
Visual Studio Debugger - Not suitable for reversing, Good interface for development.
OllyDbg - Excellent interface, easy to use, wide range of plugins.
Immunity Debugger - Extends OllyDbg features, supports Python interpreter, command-line support with windbg commands, wide range of plugins.
GDb - Standard debugger for *NIX systems, not a complete RE debugger.

2. Disassemblers
Objdump - The standard tool for disassembley in Linux.
IDA Pro - Supports various binaries and architectures, Enhance Visualization, Advanced features.

3. System Monitoring Tools
Sysinternals Suite - Process Exlorer, RegMon, FileMon, TCPView

4. Binary Differential Tool
BinDiff

5. Decompilers
Hex-Rays

6. Reverse Engineering Frameworks
PaiMei
ERESI

7. Dedicated Exploitation/Reverse Engineering Environment
DVL (Damn Vulnerable Linux)


Cutting Edge Steps on Advanced Reverse Engineering

-Automation is one of the major tasks in advancing the RE process.
-Most of the tools are scriptable, extensible and programmable.
-Defeating a new anti-debugging solutions
-Develop new RE environment, such as, Virtualization and Sandboxing.
-Joining one on another tool can make a powerful toolset for RE.