Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

PDF file analysis


PDF files have evolved to run specific actions and allow for the execution of JavaScript. For PDF analysis, what we can do is extract event information and analyze what the JavaScript will do. We can use Didier Stevens' PDF Tools to help us analyze PDFs. This toolset runs using Python, so we will again need that installed. PDF Tools can be downloaded from https://blog.didierstevens.com/programs/pdf-tools/. If you go to the site, you will get a description about each tool in the package.

Let's try using the tool with https://github.com/PacktPublishing/Mastering-Reverse-Engineering/blob/master/ch13/demo_01.pdf. Using pdfid.py, execute the following line:

python pdfid.py demo_01.pdf

The following screenshot shows the result of pdfid on demo_01.pdf:

Here, we can see that there is JavaScript code embedded to it. Let's now try the pdf-parser.py file so that we can extract more information. Some elements in the PDF file can be compressed and will not be readable. The pdf-parser tool...