
Introduction to reverse engineering and assembly - seiflotfy
http://kakaroto.homelinux.net/2017/11/introduction-to-reverse-engineering-and-assembly/
======
itsmemattchung
Beyond reverse engineering, learning assembly made me appreciate what really
goes on underneath the hood of my machine while I program in a higher level
language such as C or Python. If you want a more comprehensive introduction to
not only assembly, but the system as a whole, I cannot recommend this book
enough: Computer System's from a programmer's perspective.

Self studying that book -- along with the free video lectures[1] by the
authors -- equipped me practical knowledge that's applicable as a software
engineer who strives to grasp an understanding of the entire system.

[1]
[https://scs.hosted.panopto.com/Panopto/Pages/Sessions/List.a...](https://scs.hosted.panopto.com/Panopto/Pages/Sessions/List.aspx#folderID=%22b96d90ae-9871-4fae-91e2-b1627b43e25e%22)

~~~
Chriky
In a similar vein, I highly recommend the nand2tetris online course.

You begin by combining electrical logic gates into gradually more complex
chips, then assemble the components of a computer, write an assembler, then a
compiler for a high level toy language a bit like Java. Finally you program a
game (such as Tetris) in that high level language.

It is available on Coursera, you can access it for free but have to pay to
have your work marked, which is definitely worth it.

It really demystified that magical bridge between hardware and software for me
- "How does typing text on this keyboard physically alter the flow of an
electrical circuit?"

~~~
tenaciousDaniel
I got a little ways into the Nand2Tetris course but gave up b/c of the intense
logic stuff involved. I never took college-level logic or math and it made the
material muuucchh harder to understand. Maybe I should give it another shot
though, who knows.

~~~
castle-bravo
Hard, intimidating things get easier and less intimidating the more you expose
yourself to them (at least in maths; can't say the same for bears).

------
CurtMonash
I was taught assembler in my second year at school, It's kind of like
construction work With a toothpick, for a tool

    
    
           ~ The Eternal Flame, by Bob Kanefsky
    
    

[https://genius.com/Bob-kanefsky-eternal-flame-lyrics](https://genius.com/Bob-
kanefsky-eternal-flame-lyrics)

[https://www.youtube.com/watch?v=u-7qFAuFGao](https://www.youtube.com/watch?v=u-7qFAuFGao)

~~~
happy-go-lucky
I've just found the Eternal Flame (song parody) at
[https://www.gnu.org/fun/jokes/eternal-
flame.en.html](https://www.gnu.org/fun/jokes/eternal-flame.en.html)

------
teolandon
Writing down a high-level version of the assembly instructions in C is one of
the best tricks when reverse engineering disassembled code.

When I started trying to interpret assembly instructions by keeping track of
the registers, stack, and branches, but that ended up being way too much
bookkeeping and didn't really give any more insight on what the code actually
does.

Keeping a text file of C code though and adding lines as you go through the
instructions is really fitting and practical. C is abstract enough to not care
about most bookkeeping of registers and stack management, and branches can be
written in nice nested if-else blocks that are familiar to most programmers
and provide a visual structure that is compact and practical. On the other
hand, C is low enough to deal with memory addresses almost directly, allowing
you to easily transcribe any address arithmetic that happens, and if you're
familiar with what stucts get compiled into, you can very nicely spot them in
disassembled code and keep your high-level reverse engineered code structured
and nice.

Very nice guide and a very good starting point in reverse engineering,
especially if you have at least some experience with assembly.

------
adamnemecek
...or spend like 4 hours playing around with godbolt.
[https://godbolt.org](https://godbolt.org). You can thank me later.

~~~
pthreads
This is quite nifty, love it. I will thank you later (you a fan of Monk?)

~~~
adamnemecek
I’m not lol.

------
kruhft
One the most fun ways to learn assembly is on older systems like the Gameboy
using something like the excellent no$gmb[1] emulator and some of the really
well developed docs[2]. Full graphical debugging capabilities and an excellent
tool for learning.

A lot less complex to start and you still learn the magic.

[1] [http://problemkaputt.de/gmb.htm](http://problemkaputt.de/gmb.htm) [2]
[https://github.com/avivace/awesome-gbdev](https://github.com/avivace/awesome-
gbdev)

------
partycoder
Some useful links:

\- [https://github.com/radareorg/cutter](https://github.com/radareorg/cutter)
(GUI for Radare2, free alternative to IDA)

\- [https://github.com/eteran/edb-debugger](https://github.com/eteran/edb-
debugger) (debugger, free alternative for OllyDbg)

\- [http://hte.sourceforge.net/](http://hte.sourceforge.net/) (hex editor,
disassembler, free alternative for Hiew) (open a binary, then press F6, select
image format to get started, e.g: elf/image or pe/image)

\- [http://ref.x86asm.net/coder64.html](http://ref.x86asm.net/coder64.html)
List of x86-64 opcodes

\- [https://godbolt.org/](https://godbolt.org/) REPL that shows asm for given
C/C++ code.

\-
[https://www.reddit.com/r/ReverseEngineering/](https://www.reddit.com/r/ReverseEngineering/)

------
Avery3R
I don't know why people still use at&t syntax for x86(-64) asm, Intel syntax
is so much easier to read

The syntax the author uses isn't even proper at&t or Intel, it's some weird
hybrid of both.

------
AnIdiotOnTheNet
A while back I had a side project I took on for a colleague that involved
reverse engineering and bypassing the lockout mechanism on an old piece of kit
that wanted to phone home. It was one of the most fun and engaging things I've
ever done. There does seem to be a lack of really good free disassemblers
though, none of the ones I tried could consistently handle relocation tables
for some reason.

~~~
stevekemp
I got started programming doing similar things; hacking copy-protection code
on games on my 48k spectrum, so that I could go on to patch the games for
infinite lives:

[https://blog.steve.fi/how_i_started_programming.html](https://blog.steve.fi/how_i_started_programming.html)

Later I started doing similar things on shareware and trial-locked
applications for the PC, via sites such as +fravia's reverse-engineering site.

These days people put out "crackmes" which are fun challenges if you want to
test your reverse-engineering skills, and while I always pay for software
these days, when I need it, there's still a lot of fun to be had patching
binaries to allow your preferred serial number to be accepted!

~~~
brango
I wondered when fravia would make an appearance.

+ORC got me into programming too. Great days cracking winzip and defeating
parental controls :-)

~~~
IronBacon
Fravia, aka Francesco Vianello, passed away few years ago.

------
rwx------
Almost ten years ago I worked on a reverse engineering project. It was _very_
tedious work. Is it worth it to be good at reverse engineering, I mean are
there good paying jobs for it now?

I often have trouble explaining reverse engineering to people without raising
eyebrows. People think its hacking

~~~
umanwizard
It's surprising to me how often reverse engineering turns out to be useful
even in normal programming jobs.

Even if it only happens once or twice a year, if you're the only person on
your team who can figure out how to work around some framework or OS bug,
people will think you're a magician. Stuff like that can make performance
review cycles all by itself.

It really depends on the type of work you're doing, though. Most people got
into reverse engineering because they find it fun. If you hate it, there is
probably other stuff you can spend your time on more productively.

------
adricnet
This mirror of a Purism blog post to his personal blog looks pretty
interesting but I'm having trouble accessing it on homelinux or puri.sm
domains due to reputation.

Here's G cache:
[http://webcache.googleusercontent.com/search?q=cache:dH0AFM8...](http://webcache.googleusercontent.com/search?q=cache:dH0AFM8hqaIJ:kakaroto.homelinux.net/2017/11/introduction-
to-reverse-engineering-and-assembly/+&cd=1&hl=en&ct=clnk&gl=us)

The OP, afaict: [https://puri.sm/posts/primer-to-reverse-engineering-intel-
fs...](https://puri.sm/posts/primer-to-reverse-engineering-intel-fsp/)

Thanks for sharing!

------
seiferteric
I've just in the past month or so started getting into intel assembly. For
some reason I was a bit intimidated by it even though I have done some m68k,
avr, pic and z80 asm in the past. After watching some Australian dudes
tutorials on youtube though I quickly realized it was not bad at all. Also
it's pretty great how easy it is to mix C code with asm and really helps you
understand things like calling conventions. Now I have been playing around
doing weird things like trying to implement a closure in C and smashing the
stack to return to a different function than the one that was called.

------
ngcc_hk
There is another one recently about intel reverse eng. he use crackme ...

