There has been a long time since I first wondered how people could ‘crack’ software like MS Office. For obvious reasons this blog is not intended to show anyone how to crack legit software but to help you to kickoff your RE skills. This is not a RE 101 post either. You will find lots of instructable content about how to actually do RE out there. My intention here is to build an index of great sources which will guide you through the wilderness of RE to somewhere better (hopefully).
Do, or do not. There is no ‘try’” (Yoda)
Why learning RE?
RE is hard. At least if you are not used to a bunch of x86 instructions, it will be a great challenge until you can call yourself a reverse engineer. This does not mean you should be afraid of it. On the contrary, the complexity of RE must be your fuel and motivation in order to learn it effectively. Some facts about RE:
- Steep learning curve
- Requires a lot of
patiencetime - You must stick to the details (but not too much!)
- It is a silent learning, people might not recognize your huge effort at first
So why exactly should you be spending your time with RE and not with something easier, faster or more noticeable? Because it pays you back really high. Right, I did not expect you to believe in me so quickly. Here are some reasons for you to keep reading:
- It will make you a much better programmer
- It is challenging
- Once you get to know it, it gives you super powers
- It is usual in CTFs
- Teaches you how to understand and write a bunch of exploits (pwning!)
- Essential for malware analysis and other infosec related areas
- ‘The world is full of fascinating problems waiting to be solved.’
- It is fun
All these topics are important, specially the last one. It is an essential skill to go from a ‘script kiddie’ to a real ‘hacker’. You really want to understand what is going on behind the curtains of your code? Metasploit? Want to make a CVE PoV? Or your own exploit? Keep reading, young Padawan.
Prerequisites
Since RE is not that simple, you would probably had more fun if you had some previous knowledge:
- C - no matter how much you love pythonic coding or if you are a .NET microsofted guy. C is basic stuff. Being able to decently understand C is essential for RE and will make you a better programmer. And remember, pointers are our friends!
- x86 instructions - this should be pretty obvious. If you have no idea of what mov eax, [esp+04h] does you already know where to start from.
- Basic computer architechture understanding - CPU, memory, registers, PC, von Neumann and other terms like these should not be aliens.
- Basic OS concepts - getting to know the basics of *nix and Windows systems will help you a lot. Processes, virtual memory, paging and others might give you an idea of what I am talking about.
While diving deeper in RE you will learn more and more about those topics. Again, some previous 101 knowledge will do you no harm.
Get ready… GO!
Now that you are fully convinced you should learn the ancient art of reverse engineering, let’s see some places to start.
Start here »
First of all, learn with those who already know and make the first connections in your network.
- #OpenToAll is THE team. People are really friendly and focused there. You will find n00bs and ancient masters exchanging ideas and helping one another. Go for their IRC channel and ask for a Slack ticket.
- http://wiki.opentoallctf.com/wiki/Reverse_Engineering - Some CTF teams have wonderful wikis which can help you in your journey.
- https://nets.ec/Main_Page - another awesome wiki and another awesome team. IRC channel requires Tor.
Now you have prepared your terrain, let’s beggin with the real stuff:
- Introductory Intel x86-64 - this is THE course for learning assembly the right way. Don’t take my word and check it out by yourself, you will not regret it.
- Keep improving your assembly skills with these amazing textbooks (do read them!)
All of these books have pretty good introductory chapters. Again, do read them!
Finally… exploitation!
I believe you should always follow an orientation so you do not waste a lot of effort on not so useful things. Optimize your studying, we are talking about engineering after all for God’s sake. In case you do not want to follow the books above, I strongly recommend you to enroll in the following courses (I am sure I do not even have to mention certificates are meant for skiddos, right?):
- Modern Binary Exploitation has become the de facto course on RE. I am talking about the 2015 class from RPISEC (a security club at Rensselaer Polytechnic Institute) that is public available. It is already a classic and should be your main guide. It is known as the MBE course, so famous it became.
- https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/ - another great course.
I strongly advise you to look for some of the best things internet has provided the world with: top IT blogs.
- Corelan’s Blog - The buffer overflow series is a must read. And many others too.
- Gustavo Duarte’s Blog - Remember all the other sources I said were great? Forget about them. Do yourself a favor and dive into the best blog I have ever seen. Gustavo should be canonized.
Practicing your dojo
“There’s a difference between knowing the path and walking the path.” (Morpheus)
Crackmes and wargames are the way to go so you achieve the highest levels of basic mastery. Do not forget MBE’s labs though!
- http://crackmes.de/
- http://pwnable.kr/
- https://www.vulnhub.com/
Once you do it all, try playing some CTFs. Let me know in case you are interested in a guide like this about CTFs :)