
Reverse Engineering for Beginners [pdf] - dennis714
https://beginners.re/RE4B-EN.pdf
======
xorpd
Some very serious work was put in writing this book. I admit I never fully
read it from beginning to end, but from the parts I did read I think it is
very well written.

My general advice for beginners who want to get into reverse engineering is to
read less books, and try to actually reverse engineer small and self contained
programs. Reverse engineering has been my job for many years now, but it still
very difficult for me to consume a long text talking about a reverse
engineering project without touching the code on my own.

If you are interested in a hands-on experience, I recently made a self
learning kit for learning reverse engineering for beginners. It is called
ReversingHero.
([https://www.reversinghero.com](https://www.reversinghero.com)). It is one
binary file made of 15 levels of increasing difficulty, teaching reverse
engineering. It works in Linux environment, on the x64 series, and can also be
completed using WSL (Windows subsystem for linux).

ReversingHero also contains an accompanying (paid) video solutions. The video
solutions contain 12+ hours of step by step solutions to all the levels.

~~~
bmer
Maybe you can make the "hex editor", "debugger" and "disassembler" bold words
into links to good FOSS implementations of each tool?

Otherwise, this looks very interesting :)

------
reidacdc
I more or less compulsively downloaded this, and started skimming it. I'm not
an assembly-language programmer, but I thought I at least knew how to read an
assembly listing.

But right there on page 8, in the MIPS and ARM "functions that return a
constant", is an example of "branch delay slots", which (a) I've never heard
of, and (b) failure to grok them makes a _two_ _line_ _function_
incomprehensible.

Fortunately, I like learning things.

~~~
sabas123
ISA's can get very complex very fast, so I would suggest, like the author
wrote down in next sentence, to realize that some complexity is best left for
a later time.

Now that I think about it, ISA's/assembly are a really good example of how
lots of tiny small things combined can become really hard to understand fast.

~~~
saagarjha
MIPS’s choice to shove details from the instruction decoding pipeline into its
visible execution model is still kinda annoying though…

------
dang
A thread from 2016:
[https://news.ycombinator.com/item?id=12185586](https://news.ycombinator.com/item?id=12185586)

2015:
[https://news.ycombinator.com/item?id=10812055](https://news.ycombinator.com/item?id=10812055)

2014:
[https://news.ycombinator.com/item?id=8161316](https://news.ycombinator.com/item?id=8161316)

[https://news.ycombinator.com/item?id=7726213](https://news.ycombinator.com/item?id=7726213)

------
nekitamo
This looks like a great resource for beginners, albeit a bit dense and
overwhelming.

If you're looking for a very gentle introduction the Lena151 video tutorials
are great:
[https://tuts4you.com/e107_plugins/download/download.php?list...](https://tuts4you.com/e107_plugins/download/download.php?list.17)

They're a bit dated, but all the concepts are still relevant.

I wish we had all these great learning resources around when I was starting
with W32Dasm + Hiew lol

~~~
Avery3R
The Lena151 tutorials will only teach dynamic analysis, not static analysis.
What most people do in industry is a combination of static and dynamic
analysis. Static analysis being used to figure out the overall structure and
function of a binary, and dynamic analysis being used to fill in details that
would otherwise be tedious to figure out with a pure static approach.

------
FillardMillmore
Any input from beginners who have dipped their toes into this? Is the content
explained fairly intuitively or in a way that is simple to understand?

I'm also curious - for those in the know - is the pursuit of knowledge
regarding reverse engineering something that has proven valuable in a job or
is it primarily an academic pursuit? If it has proven valuable, how so?

~~~
souprock
I'm one "in the know", so I'll answer that part.

Heck yeah it is valuable. My area has numerous employers that are eager to
hire people with that skill set. It pays more than the typical software
development jobs. Most of the jobs seem to be related to how things get hacked
into. One can play defense or offense.

I post about my employer in the "Who is hiring?" sometimes:
[https://news.ycombinator.com/item?id=21422735](https://news.ycombinator.com/item?id=21422735)

~~~
bowmessage
how much is "more than typical"? Sounds interesting!

~~~
wingerlang
Informally I was told I could get a 40% instant raise by joining a company
like this. I bet it can be more than that though. I haven’t pursued it yet
because I don’t think my skill is enough.

~~~
80486dx2
Defense contractors dont pay well. No stocks n peanuts bonus

~~~
burfog
All of that is false.

I've seen people doing that stuff get yearly pay that is about the price of a
house. That is good pay. I've seen stock given, and I've seen bonuses that
seem nice, but it makes more sense to focus on pay. The pay is fine.

~~~
jki275
I work in the field and maybe there are people out there getting paid like
that, but that’s not the norm at all.

------
Havoc
For beginners...1054 pages of assembly.

Sometimes I think the entire IT sector is on the spectrum.

~~~
icholy
Found the web developer

~~~
tropo
Real Men program web sites in assembly, and they like it.

~~~
wolfgke
Indeed:
[https://news.ycombinator.com/item?id=12371463](https://news.ycombinator.com/item?id=12371463)

~~~
Thorrez
I'm a bit disappointed the frontend uses javascript. I was hoping for
handwritten webassembly.

------
ims
If you enjoy this format, the same author also wrote "SAT/SMT By Example"
which I learned a lot from:
[https://yurichev.com/SAT_SMT.html](https://yurichev.com/SAT_SMT.html)

------
haecceity
Why does he have a bulletin board in the beginning of his book?

------
ngcc_hk
Very readable. Highly recommended.

~~~
0x4a42
Unfortunatly the french translation is very bad and hardly readable.

------
ngcc_hk
Science and engineering is sort of revere hacking of the world code. If you
believe moral is built in, it is also a discovery and “hacking” process. Only
in arts ... may be even that if you are more Plato than hacksmann

