Hacker News new | comments | ask | show | jobs | submit login
Introduction to reverse engineering and assembly (homelinux.net)
343 points by seiflotfy on Jan 9, 2018 | hide | past | web | favorite | 32 comments

Beyond reverse engineering, learning assembly made me appreciate what really goes on underneath the hood of my machine while I program in a higher level language such as C or Python. If you want a more comprehensive introduction to not only assembly, but the system as a whole, I cannot recommend this book enough: Computer System's from a programmer's perspective.

Self studying that book -- along with the free video lectures[1] by the authors -- equipped me practical knowledge that's applicable as a software engineer who strives to grasp an understanding of the entire system.

[1] https://scs.hosted.panopto.com/Panopto/Pages/Sessions/List.a...

In a similar vein, I highly recommend the nand2tetris online course.

You begin by combining electrical logic gates into gradually more complex chips, then assemble the components of a computer, write an assembler, then a compiler for a high level toy language a bit like Java. Finally you program a game (such as Tetris) in that high level language.

It is available on Coursera, you can access it for free but have to pay to have your work marked, which is definitely worth it.

It really demystified that magical bridge between hardware and software for me - "How does typing text on this keyboard physically alter the flow of an electrical circuit?"

I got a little ways into the Nand2Tetris course but gave up b/c of the intense logic stuff involved. I never took college-level logic or math and it made the material muuucchh harder to understand. Maybe I should give it another shot though, who knows.

Hard, intimidating things get easier and less intimidating the more you expose yourself to them (at least in maths; can't say the same for bears).

What does implementing the cpu with logic gates entail? Does the compiler run on top of that metal you build? I’ve been thinking about how best to start from the bottom and I was thinking of getting a cheap fpga to build a cpu and compiler on. How does this course compare?

(everything is done in simulators, you don't physically build anything)

Basically you start with only NAND gates available. Using this you have to connect together inputs/outputs etc to make NOT, AND, OR, XOR gates. Then you use these to make gradually more complex chips, such as MUX, HALF-ADDER, ADDER. Then you make an APU etc, eventually making a CPU.

At each stage they tell you the design, but not the implementation.

The assembler targets the CPU you build. The compiler targets the assembly language etc.

You understand the whole stack, and it is a real computer, although simplified as much as possible.

I was taught assembler in my second year at school, It's kind of like construction work With a toothpick, for a tool

       ~ The Eternal Flame, by Bob Kanefsky



I've just found the Eternal Flame (song parody) at https://www.gnu.org/fun/jokes/eternal-flame.en.html

Thank you so so much for introducing me to Bob's work

Writing down a high-level version of the assembly instructions in C is one of the best tricks when reverse engineering disassembled code.

When I started trying to interpret assembly instructions by keeping track of the registers, stack, and branches, but that ended up being way too much bookkeeping and didn't really give any more insight on what the code actually does.

Keeping a text file of C code though and adding lines as you go through the instructions is really fitting and practical. C is abstract enough to not care about most bookkeeping of registers and stack management, and branches can be written in nice nested if-else blocks that are familiar to most programmers and provide a visual structure that is compact and practical. On the other hand, C is low enough to deal with memory addresses almost directly, allowing you to easily transcribe any address arithmetic that happens, and if you're familiar with what stucts get compiled into, you can very nicely spot them in disassembled code and keep your high-level reverse engineered code structured and nice.

Very nice guide and a very good starting point in reverse engineering, especially if you have at least some experience with assembly.

...or spend like 4 hours playing around with godbolt. https://godbolt.org. You can thank me later.

Post YouTube URL here as a bookmark for myself


This is quite nifty, love it. I will thank you later (you a fan of Monk?)

I’m not lol.

One the most fun ways to learn assembly is on older systems like the Gameboy using something like the excellent no$gmb[1] emulator and some of the really well developed docs[2]. Full graphical debugging capabilities and an excellent tool for learning.

A lot less complex to start and you still learn the magic.

[1] http://problemkaputt.de/gmb.htm [2] https://github.com/avivace/awesome-gbdev

Some useful links:

- https://github.com/radareorg/cutter (GUI for Radare2, free alternative to IDA)

- https://github.com/eteran/edb-debugger (debugger, free alternative for OllyDbg)

- http://hte.sourceforge.net/ (hex editor, disassembler, free alternative for Hiew) (open a binary, then press F6, select image format to get started, e.g: elf/image or pe/image)

- http://ref.x86asm.net/coder64.html List of x86-64 opcodes

- https://godbolt.org/ REPL that shows asm for given C/C++ code.

- https://www.reddit.com/r/ReverseEngineering/

I don't know why people still use at&t syntax for x86(-64) asm, Intel syntax is so much easier to read

The syntax the author uses isn't even proper at&t or Intel, it's some weird hybrid of both.

A while back I had a side project I took on for a colleague that involved reverse engineering and bypassing the lockout mechanism on an old piece of kit that wanted to phone home. It was one of the most fun and engaging things I've ever done. There does seem to be a lack of really good free disassemblers though, none of the ones I tried could consistently handle relocation tables for some reason.

I got started programming doing similar things; hacking copy-protection code on games on my 48k spectrum, so that I could go on to patch the games for infinite lives:


Later I started doing similar things on shareware and trial-locked applications for the PC, via sites such as +fravia's reverse-engineering site.

These days people put out "crackmes" which are fun challenges if you want to test your reverse-engineering skills, and while I always pay for software these days, when I need it, there's still a lot of fun to be had patching binaries to allow your preferred serial number to be accepted!

I wondered when fravia would make an appearance.

+ORC got me into programming too. Great days cracking winzip and defeating parental controls :-)

Fravia, aka Francesco Vianello, passed away few years ago.

link dead...

Works for me, but just in case:


Almost ten years ago I worked on a reverse engineering project. It was very tedious work. Is it worth it to be good at reverse engineering, I mean are there good paying jobs for it now?

I often have trouble explaining reverse engineering to people without raising eyebrows. People think its hacking

It's surprising to me how often reverse engineering turns out to be useful even in normal programming jobs.

Even if it only happens once or twice a year, if you're the only person on your team who can figure out how to work around some framework or OS bug, people will think you're a magician. Stuff like that can make performance review cycles all by itself.

It really depends on the type of work you're doing, though. Most people got into reverse engineering because they find it fun. If you hate it, there is probably other stuff you can spend your time on more productively.

Any job with legacy software involved highly values RE, in my experience. Either you have the source to the legacy application, in which case the reverse-engineering thought process is still present while debugging, or you don't, in which case you've got a real RE job on your hands. For example, I worked at a company with a giant set of business processes running inside a minicomputer emulator, with no clear path to migrate the data. By reversing the database file format we were able to extract the data and build additional tools in a gradual-migration fashion, without disruption, data-loss, or the classic "rewriting software" problems.

Decent paying, yes, but very rare compared to standard software engineering jobs. A lot are in defense. Top companies have a few on hire but unless you're the best of the best, it's tough to match the salary you can get as a standard software dev in a top 10 company.

>It was very tedious work. Is it worth it to be good at reverse engineering, I mean are there good paying jobs for it now?

Malware analysis. Limited job opportunities and companies, very specialized skill set, but good pay, challenging, and exciting.

You can't be a hack who programs through Stack Overflow - either you know your shit or you don't - few people can help you if it's something nobody has ever seen.

I think you can make decent money in it.

However like a lot of other similar jobs you will fairly quickly hit a ceiling in terms of career progression at which point the only way up is becoming a manager of sorts.

This mirror of a Purism blog post to his personal blog looks pretty interesting but I'm having trouble accessing it on homelinux or puri.sm domains due to reputation.

Here's G cache: http://webcache.googleusercontent.com/search?q=cache:dH0AFM8...

The OP, afaict: https://puri.sm/posts/primer-to-reverse-engineering-intel-fs...

Thanks for sharing!

I've just in the past month or so started getting into intel assembly. For some reason I was a bit intimidated by it even though I have done some m68k, avr, pic and z80 asm in the past. After watching some Australian dudes tutorials on youtube though I quickly realized it was not bad at all. Also it's pretty great how easy it is to mix C code with asm and really helps you understand things like calling conventions. Now I have been playing around doing weird things like trying to implement a closure in C and smashing the stack to return to a different function than the one that was called.

There is another one recently about intel reverse eng. he use crackme ...

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact