Reverse Engineering Basics

Просмотров 338 тыс.

% 5 334

Ian Guile is giving a presentation on the basics of reverse engineering windows applications, including an introduction into assembly.
ZIP folder containing files and tools:
drive.google.com/open?id=0B4OxnLwCHCy6bXpDdUdLME1wamM&authuser=0

Развлечения

Опубликовано:

14 май 2015

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 166

@x32gx 3 года назад

Holy sh..! I'm doing my first reverse engineering ctf now (on HTB), and after watching this, on the 48th minute mark, I finally understood how to get the password! The JMP trick is brilliant. So easy. Thank you for a brilliant explanation! Gonna keep watching.

@PC-ie2ow 5 лет назад

Thank you for posting this. Very insightful!

@gametimewitharyan6665 3 года назад

Amazing Seminar, Loved The Presentation

@SmashGuru007 3 года назад

*Audience:* What's a DWORD? *Presenter:* Punches in "7BD6 D7C2" into calculator. "There you go. _That_ is a DWORD! Everyone got that? Cool!" 🤣

@ayein9351 4 года назад

Thank you this course is awsome to learn in just 2h

@ReversingHub 4 года назад

great work man, really liked it. subscribed for more, keep it going!

@misolaemmanueljrd.6685 4 года назад

Very Nice Tutorial! Or Presentation. Thanks!

@anthonymarquez2542 3 года назад

I just want to say thanks for this video.

@unevalkamlesh387 4 года назад

Thanks for making this stuff

@challengepoker 8 лет назад

Where is app3 ? Its not in the zip folder

@user-lt7wm1hw3r 3 года назад

19:25 Introduction to assembly.

@supremeeditz814 6 лет назад

I learned this yesterday...I understand it a little....Hope after this video i know a little more

@kynfali3857 6 лет назад

so what the result??? do u find it benefit u. if not i wont watch it

@iceflake7853 7 лет назад

I can't see the jump line at all. What have I done wrong? The spacing between the dot and the hex opcode (where the jump line is supposed to exist) is also a bit smaller than the one showed in the video and I don't find any arrow to increase its size.

@shortforchange 6 лет назад

"I'm not scared of failing; I'm fucking lazy" - Me.

@markyrocks69 4 года назад

This is awesome

@dylandylan4807 6 лет назад

If I get protector as Armadillo(6.X-9,X), does it mean the software is packed with Armadillo?

@arzoo_singh 3 года назад

Awesome !!!

@purekillah 4 года назад

Fun fact, instead of changing the logic from the jump instructions you can also alter the zero flag. It would have also been helpful to teach them how to unpack within the debugger.

@SharonMessage 4 года назад

Nice

@danibilel3415 4 года назад

can somebody explain to me what did he use detect it easy for in the 7th app ? i don't quite get what he did

@kdavid9228 7 лет назад

Hi, could you add a link to neo editor? I've just tried to search in google, but I only found not official sites with this editor. They can be with malware.

@quicktutorials7662 2 года назад

Thank you!

@lasmiansitumorang81 6 лет назад

Hi Sir. Can extend expire date of dongle emulator image with your tools?

@iNINO38 7 лет назад

thanx man.

@edoardobarolo4680 6 лет назад

I use a different technique that works any time. I insert a tag word "EDOARDO!" on the registration and than I pause the program and I search it into memory. When I found that I put an hard breakpoint (memory break W/R) to that area, so i ca go directly to the code that handles the string. Its easy with those little "crackme" but In a big commercial program is a different matter. There is obfuscatrion, anti debugger code etc etc

@yawnz9195 4 года назад

could u help me cracking a program

@makprodplus9808 4 года назад

hi, how decompile app and rerun in android studio , is there any links ?

@pullupskrt 5 лет назад

Is dumping a csgo cheat possible with IDA? I don’t have the DLL but I am trying to get it from the cheat loader and dnspy is not doing the trick.

@docskinner7107 7 лет назад

Im not going to get too shook up over this guy being a newby, sure there were a few faux pauxs but i found the demos useful.

@pdhrubapadasingha4947 3 года назад

Believing my password policy l entered different passwords within few days but l think hacker rejected my passwords.by their reverse engeneering process. Sometimes l forget my password due to trying of hard password. If reverse engeneering process make my password non active they can do destroyed my previous android micromaxQ382 with heavy virus by their reverse engeneering process. They also killed my small phone also. I request to CIA investigation process to execute my android with proper window connection l have no experience to connect window which can listening my own password only. I think their mashine to violet my password. Also they made my sim invalid with.the hacking purposes.

@pdhrubapadasingha4947 3 года назад

I am too poor to give money to international CIA investigation but l have a small property of faith to jeshu religion l have a cirtificate of catholic under mizo missionary this my only property. I want to connect phone pay but hacker did not accept my lP address. Sometimes they asked my bank account details. I believed them giving my bank details in their reverse engendered process my headen cv code is open in words l know they are hacking

@ahmedaghadi8281 2 года назад

@@pdhrubapadasingha4947 go and complain in cyber crime.

@iamavataraang 7 лет назад

How do you know which type of software/method shown to reverse engineer to use?

@funtari7 4 года назад

Good question!

@message2test 7 лет назад

cool!

@bleemy 5 лет назад

If i have a demo program that gives 10 uses and also limits what the program outputs what would I do to expand this restriction? PM me for the application name if you can help me out please

@Anon-tj7qb 8 лет назад

Nibbles are quite useful when dealing with aslr entropy :)

@bobvines00 3 года назад

Why does the ZIP folder of files and tools contain four (4) files infected with malware/viruses according to Symantec Endpoint Protection?

@davidyanceyjr 8 лет назад

This is dated information but remains relevant for introducing beginners to reversing.

@kralalrulz 8 лет назад

+davidyanceyjr what about it is dated?

@davidyanceyjr 8 лет назад

+kralalrulz It's 32 bit x86 assembly, there's no obfuscated code. Reversing a real world application - even 32 bit legacy code - obfuscation is prevalent. I didn't say it was irrelevant just dated. I did enjoy the video.

@davidyanceyjr 8 лет назад

+Thomas Jefferson Incorrect dear sir. Calculus 1 will be relevant for eternity. 32 bit binary will be irrelevant in the next few years and 64 in less than 20 most likely.

@RaPiiDHUNT3R1 8 лет назад

Imposter!

@avi1212avi 7 лет назад

+davidyanceyjr That's some nice info, is obfuscation make things significantly harder? what else is outdated? :)

@Robber7 7 лет назад

You can see the password on app 6 if you just look at the strings in the functions that was called, I saw it instantly. If you read the first letter of every string it says the password :P

@lennysmileyface 5 лет назад

How do you get malware from your own software exactly...?

@powerchimp 3 года назад

the answer is late, but if you still want to know then the answer would be: Dirty code.

@uwuster 4 года назад

Yeah, I've followed a bunch of programming tutorials and I run Linux and they seem to work okay except for *insert thing works for the original poster * doesn't work for me and I get 1-2 syntax errors and find solutions for the syntax then boom the program works.

@peesicle 3 года назад

linux is da bomb

@snudge763 3 года назад

how to remove anti debugger within the program?

@sinistergeek 4 года назад

Thank's for such a helpful video...Now i am lil bit more confident...Still n00b tho.

@hoodedwarrior8956 5 лет назад

well I didn't look much since I only wanted to get a glimpse and this probably isn't it but really now.. who would hardcode a password into an app? :)

@ikickss 5 лет назад

There used to be some database related books("master sql in 24 hours" those sort) that had example of embbed pswd. And liveoverflow showed an actual example of it. I tell ya... there are lots of idiots programmers out there brewing future disasters.

@theninjascouttf2541 7 лет назад

ahhhhh the hex editor way isnt working for me, ive changed the password and i still couldn't click on Submit (it didnt said "password is incorrect" it didnt let me clicked on it!) what should i do?

@obed3113 4 года назад

just press TAB till you focus on the "submit" button and then press spacebar ;)

@BossBear01 7 лет назад

hey lost of fun, for once i could follow what was done.

@bullymaguire7503 5 лет назад

yea maybe one day ı can join skidrow thanks for help

@TalsonHacks 3 года назад

@no shows You're wasting your time, go to Google. Google's your best friend.

@TalsonHacks 3 года назад

@no shows Go learn the basics of reverse engineering, then try cracking. github.com/mytechnotalent/Reverse-Engineering That's a complete course for you to start RE.

@TalsonHacks 3 года назад

@no shows Yes, like when we say hacking is pentesting.

@TalsonHacks 3 года назад

@no shows no

@pythonner3644 3 года назад

Wtf is with this dude

@1Maestr00o3 4 года назад

why i can't press submit button in app2? it gets blocked when i pass the cursor over it

@Bash_Is_Bae 4 года назад

try using the "tab" key

@zakariatalukdar2552 5 месяцев назад

This is so so good. It feels like reincartion of my cyber security career. Thank you so much. And Mate can you please upload the tools and files again? It's a 404 error

@watchlistsclips3196 3 года назад

Are you still alive?? If you are add more videos. Expecting a lot from you

@mokranlechat 4 года назад

hi Dear, would you help to recover our PIN code on deapsea 7320 Generator?? it should be 4 decimal digits. for no limit trials. the code is recorded into hardware memory of the device. thanks alot.

@invorokner282 2 года назад

write a script that goes through it and brute force it, easier

@archersterling4044 7 лет назад

What program is he using for the initial analysis ?

@grftaNitro 7 лет назад

Immunity Debugger

@gandy9407 5 лет назад

well it wont let download the files...

@FreakinKatGaming 5 лет назад

Try DL in admin mod -_-

@MulleDK19 6 лет назад

Only watched the app6 part. And your solution of just patching the program is rarely valid in these challenges. But that shit was so easy anyway. First of all, those strings are not "encoded". They're simply an array of letters that the app uses to construct messages to print. It's just picking out letters from it when printing stuff. The array might as well have been a-z. The password you have to enter is not stored anywhere. Nor is it any one password but is any 6 letter string matching a certain pattern. All possible passwords can be brute-forced easily, within a couple of minutes. It must be 6 characters, must consist of only lower case letters where each letter means a=1,b=2,c=3, etc. Adding the value of the letters, they must sum 44, and must have a product of 16,200. Valid passwords include: atiefc, daoofc, eitfca, fetica, fydccc, ioleba, jolcca, lreeca, releca, tifeca, yfdccc. There are a total of 2640 possible passwords.

@shubyy5149 6 лет назад

Hence the fucking name 'Reverse Engineering Basics'

@kermitdafrog8 5 лет назад

When I tried to install immunity it complains it can't find python27.dll

@kermitdafrog8 5 лет назад

I finally got it to work by downloading the installer from their website and not from the link in this video. For some reason it didn't want to install python right or something.

@_____666______ Год назад

need tutorial about virtual protect/alloc

@AniruddhaGA 4 года назад

I can't find string comparing in password can anyone help me how to bypass password

@igaps5798 4 года назад

replace jne to jmp might help

@HandyFox333 2 года назад

Is there a video on the topic that's not over 20 minutes?

@ellanwambugu4987 3 года назад

hey a noob here ..but i love your videos.. im trynna download but the drive wont lemme .any idea how to download without it being flagged as malicious??

@ellanwambugu4987 3 года назад

Nvm i got it

@tomdot3980 3 года назад

Czy jest możliwe złamanie programu który wymaga usb klucza podczas uruchamiania się????

@invorokner282 2 года назад

it's not a program inside the operating system, if i understood you right, it happens during the initialization stage at the bios. maybe if you cleared CMOS/BIOS your problem will go away.

@lolypopboy777 8 лет назад

app3 is missing!

@sijiasijia1854 6 лет назад

怎么没人做中文的

@1a4s4l7 5 лет назад

can you change the mnemonics on any exectuable program? e.g. jne to jmp

@MattZelda 5 лет назад

JNE is not the same as JMP JNE means Jump If Not Equal Where as JMP literally means just jump.

@compilationsmania451 4 года назад

@@MattZelda he knows that. He's asking whether you can change one into the other.

@MattZelda 4 года назад

@@compilationsmania451 Why would you want to? They're completely different instructions.

@compilationsmania451 4 года назад

@@MattZelda i guess what he wants to ask is whether there is a way to change particular statements in machine codes of executable programs to make it do something you want.

@MattZelda 4 года назад

@@compilationsmania451 In that case, yes. You can patch an executable.

@ersensylmz 3 года назад

hi my friend how can i reach you

@CurrentlyObsessively 5 лет назад

Can you add a link to this DIE software? unless that's an acronym -_- Edit: Nvm, it's called Detect it easy... add that to the slide...

@anthonymarquez2542 3 года назад

btw it is described in the first few mins of the presentation as detect it easy

@fightflowwithcomedy3300 3 года назад

sir plz upload more

@WilliamLangbehn 7 лет назад

sure sounds like samy giving the speech

@user-oh4ky7rv5i 4 года назад

William Langbehn yeah lol

@yawnz9195 4 года назад

I cant seem to crack a program i am trying to can you do it for me ?

@jamarallen08 7 лет назад

Anybody get a Trojan hit on App 7?

@jamarallen08 7 лет назад

HatOfTricks nah. My AVG flagged it and was wondering if it was a false positive

@ChristopherGray00 6 лет назад

AVG is known for false detections

@ko.pi.pe. 6 лет назад

He stressed to use a VM. Why didn't you? Did you think that advice didn't apply to you?

@barkeeper7887 4 года назад

Christopher Gray i used avg for 3 months and it Always detected either trusted programs or my own ones... avg is trash It never detected any real threats I uninstalled avg and got malwarebytes and it detected like 5 PUPs and like 70 registry keys and a crypto Trojan and shit AVG is basically adware

@thesecret111 7 лет назад

Please the app3.exe is missing!!!

@thesecret111 7 лет назад

I had to stop the tutorial, until APP3 IS MISSING!! Anyway thanks for the video I would like to finish it.

@lefteriseleftheriades7381 Год назад

The steganography challenge was disappointingly unrealistic.

@plekkchand 7 лет назад

please expand your acronyms.

@-football571 3 года назад

I would like to get in touch with you about a project if you can provide me your email

@mIsPtr 4 года назад

*Resolution : 720p50fps* *Video : 10 fps*

@TalsonHacks 3 года назад

Since it’s a good content; I’m not complaining xD

@investorslive1347 6 лет назад

Only watch this if you're serious about cracking software and willing to spend a LOT of time learning and searching. First off, most programs worth owning are packed with a packer that obfuscates certain sections of code and it's a bitch to deal with this problem because the packers are constantly changing. Secondly, most of the auto unpackers are not updated, nor are packer identifiers such as PEiD or DIE described in this tute. So you have to unpack manually and create your own tools- another pain in the ass. This is always a cat and mouse game between reverser and programmer. Back in the 1990's there were rarely packed programs and cracking was easy. Now it's not worth it and spending hours living your life inside a debugger.

@michailchalkiadakis96 3 года назад

i cracked the first app using notepad....

@dannyv9561 6 лет назад

at time 1h 19m 59s. look at the first character in each string. it tells you the password. the first character of each string is "password: !GOOD!!the password is: round1WOGNG !!!!" so much for not decoding that. lol

@MulleDK19 6 лет назад

The strings have absolutely nothing to do with the password you have to actually enter. The strings are a simple dictionary to print "password:" "GOOD!!" and "WOGNG !!!!" to the screen.

@sent4dc 8 лет назад

Haha. Debugging by dummies. Sorry, meant to say, "Debugging for dummies." Although it's quite entertaining to see him fumble all over the assembler code. Is there more videos like this?

@wornguys147 7 лет назад

Nope there aren't new videos from Layer 8

@Yalimadad110 7 лет назад

hi bro can u help me

@leetspak 3 года назад

hello 31337

@anonymous1177 7 лет назад

No offense, but this is a tutorial by someone who has been mesing with assembly for 3 months only. And you see that

@ianguile7214 7 лет назад

You are completely right. At the time I hadn't been doing it for very long, and was just getting into it, but I had a few friends who asked me to do a tutorial, as they had never done any reversing before.

@tperniciaro 7 лет назад

Thats why its called "Basics"

@TheDavidlloydjones 7 лет назад

Thomas, (but Ian too), Big logical error: no-nothings can comment on a polished finished proposition, but to teach basics -- the foundations of a subject -- you need to be an expert. It may be called "basics," Thomas, but you look like you're trying to make excuses for ignorances, something totally different. If you're just starting out, Ian, I suggest you stick to ten-minute videos about things you know really, really well -- not an hour and a half videos about something you don't have a command of. I'm outta here. Good luck -- but no, don't waste my time, thank you.

@CnCBonkers 7 лет назад

I watched some of this because I'm looking for a decent reverse engineering tutorial for one of my buddies, and I agree with David Lloyd-Jones. For example, at 47:05, the tutor should have changed it to *JMP* , which basically means 'JuMP to where we want to go no matter what', which would have been the correct way to do it. But instead he used *JNZ/JNE* which basically means 'jump to where we want to go *_unless_* we actually enter the *_correct_* password' :D , which is a little confusing, especially for beginners. The proper method should be taught right from the start. I haven't watched the rest of it, but I'm guessing there are other... maybe not mistakes but... incorrect methods. *EDIT - I just noticed that this was uploaded a couple of years ago so I'm guessing that the tutor is an expert now :D

@TheDavidlloydjones 7 лет назад

Fireworks, You're probably right. Ian, can you come back now? Maybe redo it on the basis of what you've learned in the past couple of years? And good luck to the both a' yaz in whatever you're up to. -dlj.

@cherifaly6757 6 лет назад

It took me 2mins to learn how to crack any software, I guess I am a genius.. Lol

@EmilParkour 6 лет назад

I call bullshit. You don't even know what obfuscated code is if you think it takes 2 mins.

@cherifaly6757 4 года назад

@@EmilParkour I guess you are slow then.. I obfuscate codes in less than 1min, I unpack themida and vmp in less than 5mins,so don't fuck with me.. Lol

@TheDavidlloydjones 7 лет назад

568 people have put up with your first minute of empty air: that's ten hours of people's time you've just wasted. Maybe spare us all your rehearsal and just put the actual program up on RU-vid? Later: it turns out Ian really is just rehearsing, at the expense of us, his audience. Nobody has the right to do that. You should take this video down, and replace it with something worthwhile once you know what you're doing. I wish you well, you're obviously bright and capable. Come back when you're ready, OK?