Reverse Engineering Resources-Beginners to intermediate Guide/Links
While i wanted to learn up reverse engineering , I started hunting up for blogs, I wish to share the links which i came across with respect to categorization .
What is reverse engineering :
Reverse engineering may refer to any of the following: 1. When referring to computer science/programming, reverse engineering means to “break down” the programming code. … Generally speaking, the purpose is to fix errors in the software engineer’s code, or create a program like the one being deconstructed.
Are reverse engineering and decompilation the same?
Decompilation is just one method of reverse engineering.
From the decompilation description:
Decompiling is the process of analyzing an executable or object code binary and outputting source code in a programming language such as C. The process involves translating a file from a low level of abstraction to a higher level of abstraction.Decompilation is usually carried out using a decompiler. From Wikipedia’s article on reverse engineering:
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.
Software can be reverse engineered and decompiled. A lot of other things (such as hardware, door locks) can be reverse engineered but not decompiled, because their software/firmware is written in low level languages without a higher-level representation, or, more radically, they don’t have any firmware in the first place.
Whenever we begin up reverse engineering Two things will come up in mind :
Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor.
Static program analysis is the analysis of computer software that is performed without actually executing programs.
In other words :
- The static analysis is usually based on analyzing the program without the need to execute it. It is mostly based on finding patterns, counting memory references, … The Wikipedia page about Static program analysis is, from my point of view, incomplete but still a good read.
- The dynamic analysis, on the other hand, involves executing the program and requires instrumentation of basic blocks such as loops, functions, … The instrumentation consists of inserting probes at the entry and exit of a basic block which will measure the time according to a certain metric (CPU cycles, time in µs, …). The information gathered after analysis is usually used to optimize the application by performing loop unrolling with a suitable unroll factor, vectorization if possible (SSE, AVX, Altivec, …), etc.
Ok lets Jump in to resources, Please note that the following collection is collected by various professionals i just summarize it up here.All credits goes to original authors.
Assembly Fundamentals
- LiveOverflow Binary Hacking🌟💬
- OpenSecurityTraining.info: Introductory Intel x86🌟
- Practical Reverse Engineering🌟💬
- Practical Malware Analysis🌟💬
- Assembly Language Step-by-Step: Programming with Linux
- Wikibooks: x86 Disassembly
- Eli Bendersky: Where the top of the stack is on x86
- Eli Bendersky: Stack frame layout on x86–64
- x86 Assembly Guide (CS216 ‘06)
C Fundamentals :
- The C Programming Language (K&R)
- The GNU C Reference Manual
- Learn C the Hard Way
- Learn C in Y Minutes
- Beej’s Guide to C Programming💬
Reverse engineering Fundamentals :
- LiveOverflow Binary Hacking🌟💬
- OpenSecurityTraining.info: Introduction to Reverse Engineering Software
- RPISEC: Modern Binary Exploitation🌟
- Practical Reverse Engineering🌟💬
- A Bug Hunter’s Diary🌟💬
- Reversing: Secrets of Reverse Engineering💬
- Basic Dynamic Analysis with IDA Pro and WinDbg💬
- Ben Hawkes: What makes software exploitation hard?
- GynvaelEN Hacking Livestreams
- The Art of Fuzzing: Slides and Demos
- Malware Unicorn: Reverse Engineering Malware 101🌟
- sploitF-U-N: Linux (x86) Exploit Development Series
- Gynvael Coldwind: How to find vulnerabilities?
- High-Level Approaches for Finding Vulnerabilities
- FuzzySecurity Tutorials🌟💬
- GitHub CTF Write-ups💬
- Dennis Yurichev’s Reversing Challenges
General
Articles
- Reverse Engineering — Wikipedia
- High Level view of what Reverse Engineering is
- What is Reverse Engineering?
Educational
- Introduction to Reverse Engineering Software — Dartmouth
- CSCI 4974 / 6974 Hardware Reverse Engineering
- Starting from Scratch?
- Introduction to Reverse Engineering Software
- Reverse History Part Two — Research
- mammon_’s tales to his grandson
- Reversing Prince Harming’s Kiss of Death
- Theorem prover, symbolic execution and practical reverse-engineering
- Jailbreaks and Pirate Tractors: Reverse Engineering Do’s and Don’ts
Timelines
Videos
- The Best Campfire Tales that Reverse Engineers Tell — Travis Goodspeed with Sergey Bratus
- Jailbreaks and Pirate Tractors: Reverse Engineering Do’s and Don’ts
- Introduction to Reversing and Pwning — David Weinman — BsidesLV ProvingGrounds17
Things that are interesting/don’t fit elsewhere
Things that Don’t fit elsewhere
- SyntaxHighlighter
- linguist
- Ohcount — Ohloh’s source code line counter.
- Detecting programming language from a snippet
Comparison Tools
References
General Research/Stuff
Tools
Binary Visualization Tools
- binglide & binvis.io
- visual analysis of binary files
- cantor.dust
General
De/Obfuscators/Unpackers
ELF/Related Tools
Emulators
Packers
PE32/Related Tools
OLE
- python-oletools
- python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.
Searching Through Binaries
Static Analysis Tools
- Bindead — static binary binary analysis tool
- Static binary analysis tool
- Statically Linked Library Detector
OS X
Linux
Windows
- PolyHook — x86/x64 Hooking Library
- EasyHook
- Microsoft Message Analyzer
- API Monitor
- SpyStudio
- SpyStudio Tutorials
- Fibratus
- Deviare2
- Deviare In-Pro
Debuggers
Debuggers
All platforms
- Voltron
- GDB — GNU Debugger
- GDB Addons
- PEDA
- PEDA — Python Exploit Development Assistance for GDB
- gdbgui
- GEF — GDB Enhanced Features
- Docs
- edb
- LLDB
- Linux
- PulseDBG
Hypervisor-based debugger
- xnippet
- OllyDbg
- OllyDbg Tricks for Exploit Development
- WinDbg
- Excellent Resource Site
- Crash Dump Analysis Poster
- Getting Started with WinDbg (User-Mode)
- Getting Started with WinDbg (Kernel-Mode)
- REhints MEX — WinDBG addons
- pykd
- WinAppDbg
- Open Source Windows x86/x64 Debugger
- HyperDbg
- Paper
Debugging Writeups/Papers
- BugNet: Continuously Recording Program Execution for Deterministic Replay Debugging
- Back to the Future: Omniscient Debugging
- A REVIEW OF REVERSE DEBUGGING — Jakob Engblom (2012?)
- Binary Hooking Problems
- Hyper-V debugging for beginners
Decompilers & Disassemblers
- fREedom is a primitive attempt to provide an IDA Pro independent means of extracting disassembly information from executables for use with binnavi (https://github.com/google/binnavi).
- Hopper
- Reverse
- Medusa
- PLASMA
- Snowman decompiler
Java
- Procyon — Java Decompiler
- Luyten
- Java Decompiler Gui for Procyon
- JavaSnoop
- Blackhat — 2010 JavaSnoop: How to hack anything written in Java
- JavaSnoop — Debugging Java applications
- Krakatau
- Bytecode Viewer
.NET
IDA specific Stuff
IDA Extensions
IDA Plugins
- A list of IDA Plugins
- IDA Python — Ero Carrer
- Kam1n0-Plugin-IDA-Pro
- FLARE-Ida
- toolbag
- Dynamic IDA Enrichment (aka. DIE)
- HexRaysCodeXplorer
- Ida Pomidor.
- idaConsonance
- Lighthouse — Code Coverage Explorer for IDA Pro
- NRS
- Poncer
IDA Tutorials/Help
- TiGa’s Video Tutorial Series on IDA Pro
- IDA PLUG-IN WRITING IN C/C++
- How to Identify Virtual Table Functions with IDA Pro and the VTBL Plugin
- Reversing C++ programs with IDA pro and Hex-rays
- IDAPython The Wonder Woman of Embedded Device Reversing Maddie Stone — Derbycon7
- IDA FLIRT In Depth
File Formats
- Encyclopedia of Graphics File Formats
- PE File Format Graphs
- PNG File Format
- Tour of Win32 Executable format
Flash Player
Frameworks
- angr
- Radare2 — unix-like reverse engineering framework and commandline tools ](http://www.radare.org/y/?p=features)
- Github
- Radare2 Book(free)
- Radare2 Documentation
- Reverse engineering embedded software using Radare2 — Talk/Tutorial
- Notes and Demos for above video
- radare2 cheat sheet
- radare2 as an alternative to gdb-peda
- Radare2 in 0x1E minutes
- cutter
- BitBlaze
- Platform for Architecture-Neutral Dynamic Analysis
- BARF-Project
- BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
- Presentation: Barfing Gadgets — Ekoparty 2014
Programming Language Specifics/Libraries
Programming Language Specific Stuff/Useful/Related Libraries
GO
Python
Decompiler
- python-uncompyle6
- A native Python cross-version Decompiler and Fragment Decompiler. The successor to decompyle, uncompyle, and uncompyle2.
- Decompyle++
- C++ python bytecode disassembler and decompiler
- Python Decompiler
- This project aims to create a comprehensive decompiler for CPython bytecode (likely works with PyPy as well, and any other Python implementation that uses CPython’s bytecode)
- Extract contents of a Windows executable file created by pyinstaller
- Python 1.0–3.4 bytecode decompiler
- Python RE tools list
Anti-Reverse Engineering Techniques & Countermeasures
Anti-Reverse Engineering Techniques & Countermeasures
Talks
- Trolling reverse_engineers with math — frank² — part.mov
- Techniques
- The “Ultimate”Anti-Debugging Reference — Peter Ferrie 2011/4
- Android Reverse Engineering Defenses
- Anti-RE A collection of Anti-Reverse Engineering Techniques
- Anti Reverse Engineering
- Fun combining anti-debugging and anti-disassembly tricks
- simpliFiRE.AntiRE — An Executable Collection of Anti-Reversing Techniques
- OpenRCE Anti Reverse Engineering Techniques Database
- Windows Anti-Debugging Reference
- Windows Anti-Debug techniques — OpenProcess filtering
- Detecting debuggers by abusing a bad assumption within Windows
- Dangers of the Decompiler — A Sampling of Anti-Decompilation Techniques
IDA specific Stuff
IDA Extensions
- BAP-IDA
- funcap - IDA Pro script to add some useful runtime info to static analysis.
- DAPython Embedded Toolkit
IDA Plugins
- A list of IDA Plugins
- IDA Python - Ero Carrera
- Kam1n0-Plugin-IDA-Pro
- FLARE-Ida
- toolbag
- Dynamic IDA Enrichment (aka. DIE)
- HexRaysCodeXplorer
- Ida Pomidor
- Lighthouse - Code Coverage Explorer for IDA Pro
- NRS
- Ponce
- IDASkins
- Ida Sploiter
- vtbl-ida-pro-plugin
- virusbattle-ida-plugin
- ida-batch_decompile
- IdaRef
- [YaCo])(https://github.com/DGA-MI-SSI/YaCo)
IDA Tutorials/Help
- TiGa's Video Tutorial Series on IDA Pro
- IDA PLUG-IN WRITING IN C/C++
- How to Identify Virtual Table Functions with IDA Pro and the VTBL Plugin
- Reversing C++ programs with IDA pro and Hex-rays
- IDAPython The Wonder Woman of Embedded Device Reversing Maddie Stone - Derbycon7
- IDA FLIRT In Depth
File Formats
- Encyclopedia of Graphics File Formats
- PE File Format Graphs
- PNG File Format
- Tour of Win32 Executable format
Flash Player
Frameworks
- angr
- Radare2 - unix-like reverse engineering framework and commandline tools ](http://www.radare.org/y/?p=features)
- Github
- Radare2 Book(free)
- Radare2 Documentation
- Reverse engineering embedded software using Radare2 - Talk/Tutorial
- Notes and Demos for above video
- radare2 cheat sheet
- radare2 as an alternative to gdb-peda
- Radare2 in 0x1E minutes
- cutter
- A Qt and C++ GUI for radare2 reverse engineering framework
- BitBlaze
- Platform for Architecture-Neutral Dynamic Analysis
- BARF-Project
- BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
- Presentation: Barfing Gadgets - Ekoparty 2014
Programming Language Specifics/Libraries
Programming Language Specific Stuff/Useful/Related Libraries
- Libraries
- openreil
- PortEx
- Equip: python bytecode instrumentation
- Reversing GO binaries like a pro
- Python
- Bytecode
- Gynvael’s Mission 11 (en): Python bytecode reverse-engineering
- Deobfuscating Python Bytecode
- Decompiler
- python-uncompyle6.
- Decompyle++
- Python Decompiler
- PyInstaller Extractor
- Extract contents of a Windows executable file created by pyinstaller
- Easy Python Decompiler
- Python RE tools list
Anti-Reverse Engineering Techniques & Countermeasures
Anti-Reverse Engineering Techniques & Countermeasures
Techniques
- The “Ultimate”Anti-Debugging Reference - Peter Ferrie 2011/4
- Android Reverse Engineering Defenses
- Anti-RE A collection of Anti-Reverse Engineering Techniques
- Anti Reverse Engineering
- Fun combining anti-debugging and anti-disassembly tricks
- simpliFiRE.AntiRE - An Executable Collection of Anti-Reversing Technique
- OpenRCE Anti Reverse Engineering Techniques Database
- Windows Anti-Debugging Reference
- Windows Anti-Debug techniques - OpenProcess filtering
- Detecting debuggers by abusing a bad assumption within Windows
- Dangers of the Decompiler - A Sampling of Anti-Decompilation Techniques
.NET Related
- Getting Started with CLR MD
- Microsoft.Diagnostics.Runtime.dll(CLR MD)
- Microsoft.Diagnostics.Runtime.dll (nicknamed "CLR MD") is a process and crash dump introspection library. This allows you to write tools and debugger plugins which can do thing similar to SOS and PSSCOR.
- Reflexil
Writeups
Writeups(Papers/Videos)
Binary & Code Analysis
- Byteweight: Learning to Recognize Functions in Binary Code
- Memalyze: Dynamic Analysis of Memory Access Behavior in Software
- How to Grow a TREE from CBASS - Interactive Binary Analysis for Security Professionals
- Reversing Monkey
- How to RE data files?
Firmware
- Reverse Engineering Firmware Primer
- The Empire Strikes Back Apple – how your Mac firmware security is completely broken
- Hacking Linksys E4200v2 firmware
- Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)
- Reverse Engineering Qualcomm Baseband
General
- Reverse Engineering Flash Memory for Fun and Benefit - BlackHat 2014
- Getting access to your own Fitbit data
- Screwdriving. Locating and exploiting smart adult toys
- Hacking travel routers like it’s 1999
- Reverse Engineering IoT Devices
- How I Reverse Engineered and Exploited a Smart Massager
- Make Confide great again? No, we cannot
- RE'ing an electron based "secure communications" app
- The Three Billion Dollar App - Vladimir Wolstencroft -Troopers14
- Talk about reverse engineering SnapChat and Wickr Messaging apps.
- A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony
- Reverse engineering HID iClass Master keys
- Reversing EVM bytecode with radare2
OS X
- Reverse Engineering Mac OS X
- Excellent source of papers from 2003-2013 all with a focus on reversing either iOS or OS X.
- osx & ios re 101
Packers
- A Brief Examination of Hacking Team’s Crypter: core-packer.
- The Art of Unpacking - Paper
- Paper on Manual unpacking of UPX packed executable using Ollydbg and Importrec
Process Hooking
- [Software Hooking methods reveiw(2016)]((https://www.blackhat.com/docs/us-16/materials/us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations-wp.pdf)
- PolyHook
Protocols
- Somfy Smoove Origin RTS Protocol
- Reverse Engineering The eQSO Protocol
- Cyber Necromancy - Reverse engineering dead protocols - Defcamp 2014
- Reverse Engineering of Proprietary Protocols, Tools and Techniques - Rob Savoye - FOSDEM 2009
- Netzob
- Netzob Documentation
Satellites
Windows
- Windows for Reverse Engineers
- Introduction to Reverse Engineering Win32 Applications
- Reverse Engineering Windows AFD.sys
- Event Tracing for Windows and Network Monitor
- Improving Automated Analysis of Windows x64 Binaries
- Microsoft Patch Analysis for Exploitation
Wireless
- Reverse engineering radio weather station
- You can ring my bell! Adventures in sub-GHz RF land…
- Reverse engineering walk through; guy REs alarm system from shelf to replay
- Part 1:reverse-engineering-a-wireless-burglar-alarm-system-part-1/
- Part 2:reverse-engineering-a-wireless-burglar-alarm-part-2/)
- Part 3:
- Part 4:
- Part 5:
- Part 6:
- Part 7:
- Part 8:
- Blackbox Reversing an Electric Skateboard Wireless Protocol
- Reverse Engineering a 433MHz Motorised Blind RF Protocol
- Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
- SATCOM Terminals Hacking by Air, Sea, and Land — Black Hat USA 2014
Windows
- Windows for Reverse Engineers
- Introduction to Reverse Engineering Win32 Applications
- Reverse Engineering Windows AFD.sys
Event Tracing for Windows and Network Monitor
Improving Automated Analysis of Windows x64 Binaries
Microsoft Patch Analysis for Exploitation
- Reverse engineering radio weather station
- You can ring my bell! Adventures in sub-GHz RF land…
- Reverse engineering walk through; guy REs alarm system from shelf to replay
- Part 1:reverse-engineering-a-wireless-burglar-alarm-system-part-1/
- Part 2:reverse-engineering-a-wireless-burglar-alarm-part-2/)
- Part 3:
- Part 4:
- Part 5:
- Part 6:
- Part 7:
- Part 8:
- Blackbox Reversing an Electric Skateboard Wireless Protocol
- Reverse Engineering a 433MHz Motorised Blind RF Protocol
- Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
Apart From The above Valuable links ,Other Uncategorized would be
- LiveOverflow Binary Hacking🌟💬
- OpenSecurityTraining.info: Introduction to Reverse Engineering Software
- RPISEC: Modern Binary Exploitation🌟
- OpenSecurityTraining.info: Introductory Intel x86🌟
- OpenSecurityTraining.info: The Life of Binaries
- OpenSecurityTraining.info: Reverse Engineering Malware
- RPISEC: Malware Analysis
- Practical Reverse Engineering🌟💬
- A Bug Hunter’s Diary🌟💬
- Reversing: Secrets of Reverse Engineering💬
- Practical Malware Analysis🌟💬
- Assembly Language Step-by-Step: Programming with Linux
- Wikibooks: x86 Disassembly
- The C Programming Language (K&R)
- The GNU C Reference Manual
- Learn C the Hard Way
- Learn C in Y Minutes
- Beej’s Guide to C Programming💬
- The Shellcoder’s Handbook: Discovering and Exploiting Security Holes💬
- Windows Internals🌟
- Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- Rootkits: Subverting the Windows Kernel
- Basic Dynamic Analysis with IDA Pro and WinDbg💬
- Ben Hawkes: What makes software exploitation hard?
- GynvaelEN Hacking Livestreams
- The Art of Fuzzing: Slides and Demos
- A Link to the Past: Abusing Symbolic Links on Windows
- Abusing GDI for Ring0 Exploit Primitives (Slides)
- Abusing GDI for Ring0 Exploit Primitives: Reloaded (Slides)
- Modern Kernel Pool Exploitation: Attacks and Techniques
- Finding And Exploiting Token Handling Vulnerabilities in the Windows Kernel
- James Forshaw: Process Failure Modes
- MalwareAnalysisForHedgehogs Video Tutorials
- AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing
- Windows Kernel Graphics Driver Attack Surface
- bee13oy: Attacking Antivirus Software’s Kernel Driver💬
- Direct X: Direct Way to Microsoft Windows Kernel
- A Window Into Ring 0
- Windows Drivers Attack Surface
- Malware Unicorn: Reverse Engineering Malware 101🌟
- sploitF-U-N: Linux (x86) Exploit Development Series
- Gynvael Coldwind: How to find vulnerabilities?
- High-Level Approaches for Finding Vulnerabilities
- Eli Bendersky: Where the top of the stack is on x86
- Eli Bendersky: Stack frame layout on x86–64
- x86 Assembly Guide (CS216 ‘06)
- HumbleSec: Assembly to Pseudocode Manually💬
- Mozilla: A Crash Course in Memory Management
- Corelan Team Exploit Writing
- Hacking the PS4: Userland ROP💬
- What is a “good” memory corruption vulnerability?🌟
- Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016–4622
- The Stack Clash (Qualys Security Advisory)
- Microsoft Security Research & Defense Blog💬
- Abusing Token Privileges For Windows Local Privilege Escalation
- GhostHook: Bypassing PatchGuard with Processor Trace Based Hooking
- “Wild” Pool Overflow on Win10 x64 RS2 (CVE-2016–3309 Reloaded)
- Abusing GDI for Ring0 Exploit Primitives
- Tarjei Mandt: Kernel Pool Exploitation on Windows 7
- Alternative methods of becoming SYSTEM
- A Technical Survey of 10 Common and Trending Process Injection Techniques
- Shut Up and Hack: Inject All the Things
- Dangers of the Decompiler: A Sampling of Anti-Decompilation Techniques
- Software Protection via Obfuscation
- What steps can I take to make my C++ app harder to RE?
- hasherezade: Starting with Windows Kernel Exploitation
- Windows Kernel Exploitation Series with HEVD
- User-Mode Interactions: Guidelines for Kernel-Mode Drivers (Microsoft, 2006)
- DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
- Cure53 Browser Security White Paper
- X41 Browser Security White Paper
- The Great DOM Fuzz-off of 2017 (DOM Fuzzing Methodology)
- The Apple of Your EFI: Findings from an Emprical Study of EFI Security
- HexType: Efficient Detection of Type Confusion Errors for C++
- A Generic Approach to Automatic Deobfuscation of Executable Code
- Anti-Unpacker Tricks🌟
- The “Ultimate” Anti-Debugging Reference
- FuzzySecurity Tutorials🌟💬
- GitHub CTF Write-ups💬
- phoenhex team write-ups🌟💬
- Project Zero Issue Tracker🌟💬
- Cisco Talos Vulnerability Reports🌟
- Flare-On Challenge Solutions: 2015
- Flare-On Challenge Solutions: 2016
- Exploiting a Firefox UAF with Shared Array Buffers
- Analysis and Exploitation of an ESET Vulnerability
- Attacking the Windows NVIDIA Driver
- Kernel Exploit Demo: Windows 10 (x86) PrivEsc via WARBIRD
- Windows Kernel Resources💬
- Dennis Yurichev’s Reversing Challenges
- Exploit Exercises🌟
- Flare-On Challenges
- ROP Emporium
- HackSys Extreme Vulnerable Windows Driver
- Compiler Explorer🌟💬
Credits :
Hope it helps.