Reverse Engineering

Reverse engineering is an occasional topic on 4chan, and there is an interest in turning this into a general: /reg/.

Archive: [1]

Links

Getting Started

• https://github.com/tylerha97/awesome-reversing
• https://opensecuritytraining.info/
• https://www.coursera.org/learn/malware-analysis-and-assembly
• https://malwareunicorn.org/workshops/re101.html#0
• https://exploitreversing.com/2021/12/03/malware-analysis-series-mas-article-1/
• https://github.com/onethawt/reverseengineering-reading-list
• https://jhalon.github.io/reverse-engineering-protocols/

Reverse Engineering Suites

These generally include and integrate tools for both static analysis (disassembler, decompiler) and dynamic analysis (debugger).

• IDA Pro (latest cracked version is 8.3)
• Ghidra, a free alternative to IDA released by the NSA(!). Its debugger can be buggy and frustrating, but the package as a whole is competitive.
• https://binary.ninja/
• https://github.com/radareorg/radare2 or its fork https://rizin.re/ (you might find this comparison helpful)
• https://cutter.re/ (a GUI for Rizin)

Other Dynamic Analysis Tools

• https://cheatengine.org (essentially babby's first debugger, aimed at cheating in games- but experienced reversers will sometimes reach for its its memory search features)
• https://x64dbg.com/ (an excellent free debugger. Works just as well for 32-bit binaries, despite the name)
• https://ollydbg.de (once a very popular tool, but its 64-bit version was never finished)
• https://github.com/hugsy/gef (extra features for GDB)
• https://learn.microsoft.com/en-us/sysinternals/downloads/procmon (examine file access, registry usage, sub-processes started, and more)
• https://github.com/CobaltFusion/DebugViewPP (look for any debug messages printed with OutputDebugStringA et al)

Hex Editors

• https://imhex.werwolv.net/
• https://mh-nexus.de/en/hxd/

Other Tools

• https://remnux.org/ (not a tool in itself, but a handy collection of them for Linux)
• https://github.com/mandiant/flare-vm (easily prepare a Windows VM for RE use)
• https://github.com/hasherezade/pe-bear (poke around in EXE and DLL files)
• CEF Explorer (ditto)
• https://github.com/sharkdp/binocle (visualise binary data and look for raw images)

News

Some publish news of what they have reverse engineered.

• https://scarybeastsecurity.blogspot.com/ - hardware, copy protection, data recovery and more
• https://www.righto.com/ - a lot of ancient hardware such as equipment used on the Apollo missions

Special Interests

Old Games

There is a lot of interest in RE of old games, to understand how they worked, or to port them to newer platforms as old platforms no longer are available,

• https://tcrf.net/The_Cutting_Room_Floor
• https://stardot.org.uk/forums/ - Specialises in Acorn machines such as the Electron and BBC
• https://www.bbcelite.com/ - Dedicated to the reverse engineering and study of Elite

Cars

There is a lot of electronics and microcontrollers in a car, and a corresponding interest in reverse engineering

• The Car Hacker's Handbook is presented as "A Guide for the Penetration Tester". It has been Licensed under CC-BY-NC-SA though the text of the book has not been amended
• 2014 Car hacker's Handbook - the earlier version of the above, distributed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 license. Note the file is 251 MB in size and slow to download from The Archive.

Resources

• https://back.engineering/
• https://secret.club/
• https://habr.com/ru/articles/548344/ - How to Start Reverse Engineering in 2021