Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.

Related Content you might be interested in

Current Title:

Small book image
Mastering Reverse Engineering
Reginald Wong
Oct, 2018 | 436 pages
Small book image
Mastering Assembly Programming
Alexey Lyashko
Sep, 2017 | 290 pages
Small book image
Mastering Malware Analysis
Alexey Kleymenov | Amr Thabet
Sep, 2022 | 572 pages
Small book image
Learning Malware Analysis
Monnappa K A
Jun, 2018 | 510 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Preparing to Reverse
Preparing to Reverse
Reverse engineering
Technical requirements
Reverse engineering as a process
Tools
Malware handling
Basic analysis lab setup
Samples
Summary
2
Identification and Extraction of Hidden Components
Identification and Extraction of Hidden Components
Technical requirements
The operating system environment
Typical malware behavior
Tools
Summary
Further reading
3
The Low-Level Language
The Low-Level Language
Technical requirements
Binary numbers
x86
Basic instructions
Tools – builder and debugger
Hello World
After Hello
Summary
Further reading
4
Static and Dynamic Reversing
Static and Dynamic Reversing
Assessment and static analysis
Dynamic analysis
Try it yourself
Summary
References
5
Tools of the Trade
Tools of the Trade
Analysis environments
Information gathering tools
Disassemblers
Debuggers
Decompilers
Network tools
Editing tools
Attack tools
Automation tools
Software forensic tools
Automated dynamic analysis
Online service sites
Summary
6
RE in Linux Platforms
RE in Linux Platforms
Setup
Linux executable – hello world
Network traffic analysis
Summary
Further reading
7
RE for Windows Platforms
RE for Windows Platforms
Technical requirements
Hello World
What is the password?
Summary
Further reading
8
Sandboxing - Virtualization as a Component for RE
Sandboxing - Virtualization as a Component for RE
Emulation
Analysis in unfamiliar environments
Summary
Further Reading
9
Binary Obfuscation Techniques
Binary Obfuscation Techniques
Data assembly on the stack
Encrypted data identification
Assembly of data in other memory regions
Decrypting with x86dbg
Other obfuscation techniques
Summary
10
Packing and Encryption
Packing and Encryption
A quick review on how native executables are loaded by the OS
Packers, crypters, obfuscators, protectors and SFX
Unpacking
Dumping processes from memory
How about an executable in its unpacked state?
Other file-types
Summary
11
Anti-analysis Tricks
Anti-analysis Tricks
Anti-debugging tricks
Anti-VM tricks
Anti-emulation tricks
Anti-dumping tricks
Summary
12
Practical Reverse Engineering of a Windows Executable
Practical Reverse Engineering of a Windows Executable
Things to prepare
Initial static analysis
Debugging
Summary
Further Reading
13
Reversing Various File Types
Reversing Various File Types
Analysis of HTML scripts
MS Office macro analysis
PDF file analysis
SWF file analysis
Summary
Further reading
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Network traffic analysis

This time, we'll work on a program that receives a network connection and sends back some data. We will be using the file available at https://github.com/PacktPublishing/Mastering-Reverse-Engineering/raw/master/ch6/server. Once you have it downloaded, execute it from the Terminal as follows:

The program is a server program that waits for connections to port 9999. To test this out, open a browser, then use the IP address of the machine where the server is running, plus the port. For example, use 127.0.0.1:9999 if you're trying this from your own machine. You might see something like the following output:

To understand network traffic, we need to capture some network packets by using tools such as tcpdumptcpdump is usually pre-installed in Linux distributions. Open another Terminal and use the following command:

sudo tcpdump -i lo 'port 9999'  -w captured.pcap

Here's a brief explanation of the parameters used:

-i lo uses the loopback network interface. We have used it...

Previous Section
End of Section 4
Next Section