There are more alternatives to IDA Pro. Hopper Disassembler is one. Binary Ninja (binja) is another.
Here is an independent review of Binary Ninja:
Here is the project itself:
I happen to know most of the people involved in Binary Ninja. They do great work. They really understand security and the need to operate off-line.
BTW, if disassembly is a career interest for you, see https://news.ycombinator.com/item?id=17208556 for my "Ask HN: Who is hiring? (June 2018)" comment.
Sure, but radare2 is open source which cuts both ways I suppose. IDA feels significantly more polished than r2, but I've had fun implementing a not-so-common-anymore architecture as a set of r2 plugins.
There's also the free version of IDA (x86 only though).
>IDA Starter: supports more than 20 processor families, including the popular x86 and ARM processors.
>IDA Starter does not support 64-bit files.
Doesn't look like it does.
1. Only for non-commercial use
2. Without technical support
3. Only supports x64 code
It DOES support x64. I am using it.
You can download it at: https://www.hex-rays.com/products/ida/support/download_freew...
Having few games, and little budget for more, most of the kids around would swap home-copied games. I used to have fun removing protection, or hacking the games for infinite lives. At the time I was 12-15 and it was very much a case of trial or error.
Assuming a game started with 3 lives I would look for every occurance of "LD A,3", and change the 3 to 5. If that didn't work I'd eventually replace every occurance of 3 with a different number. As you can imagine this was a tedious process!
If I was lucky enough to find the right "starting value" I'd then go on to look which memory-address the value was saved in. That would then let me search for that same address in the rest of the program, and hopefully spot something like:
Later I moved to the PC, and I found +fravia's site very educational. There are still mirrors which show how you could remove protection from commercial software - and oftentimes I'd be reminded of my previous attempts. Sometimes it is very simple, and sometimes not. Educational regardless.
Random mirror here - http://acrigs.com/FRAVIA/aca400.htm
The main reason I stopped this work? Few programs on Linux prompt you for license keys! But a good disassembler is a worthwhile thing to explore, whether for debugging your own code, or randomly exploring crackmes.
At the same age, i rewrote the Story Text of "The Adventures of Robin Hood" (1991) via hex and "Try and Errored" all Ascii combinations to develop my own Ascii chart.
You can imagine what a 12 year old rewrote a love story to... my older brother was quite happy :D
I later tried to patch Dune2 Level files to create my own but did not understand a thing.
Now i write medical software and sometimes feel the same ;)
I highly recommend anyone who's interested (particularly people who don't remember a pre-Google, pre-Facebook internet) in bold (and crazy) ideas about technology reading his work.
Edit: I suppose many if not most of the essays aren't strictly "pre-Google" but they are from its much earlier days when it was a very different service.
For radare2 in particular, this tutorial was helpful: https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-e...
Another thing I like to do is to rewrite complex parts of the disassembly in pseudo-C (though radare has an option to do this automatically), which makes the overall logic easier to see (and is, of course, the entire point of decompilers like Hex-Rays).
You can become a better programmer this way. You start to get a real feel for what the compiler can and can't optimize. For example, you can see how a do...while loop is usually the best kind of loop, but without seeing the assembly you might assume they are all the same.
Radare2 by itself has a small learning curve, but it is well worth it. It's usually the first dissassembler I turn to.
Also helpful for dynamic analysis is GDB +PEDA.
For some good intros for binary exploitation, see live overflows videos on YouTube.
You're doing "God's Work". I wish I was even remotely qualified to do this sorta thing because I'm pretty interested in it, but I'm pretty far removed from it (large scale infrastructure architecture).
Do you mind if I email you some questions as far as good ways to start tracking in that direction? (though you pretty much enumerated them in the transferable skills part)
Do you do disassembly for government?
On an entirely separate note, I'd love to see a port of this for Android :)
I think one of the most difficult things for me with r2 is that there is no stable API and minimal detection for the internal stuff. If you're merely working on top of well supported architectures (e.g. arm, x86) you're probably going to do just fine with the "pipe" interface.
However, for more advanced features (e.g. new architectures) it's less fun. For instance, when the python bindings break the general response is "fix it yourself and submit a pull request because we don't want to maintain python bindings". Which would be great if the APIs weren't a constantly moving target.
The lack of clear documentation hurts the APIs themselves as it's not necessarily clear which parts are deprecated and which represent best practices. Hopefully with the growing community we'll see some of the cruft get cleaned up.
Version 7 is freeware now. Sure you don't get the decompiler and you're limited on target architectures, but it's still an amazing piece of software.
I, and many of my colleagues, would gladly play 4 or 5 times the price for IDA and Hex Rays. Though, any decent security company will purchase a subscription for it's employees.
I am not so sure I agree. I can take another example, CAD software. There are high powered industry standard softwares which I would love to use on weekends and maybe even use in side projects for profit, but there's no way I can pay $2k/year and justify that. A $2k permanent license? Sure, it's a stretch but I'd probably go for it. 180/month though, whatever I'm doing would have to be really serious before I could justify that.
And I won't ever start at that price so the deal is dead.
There's a parallel in 3d printing. Not so long ago 3d printers were insanely expensive and only accessible to professionals. Now consumer grade machines are starting to replace machines that cost 10-100x more.
It's a frustrating thing about the economy where power tools that could enable a lot of people to do a lot of things are priced so that only a few people who can pay a lot can have access to them. I get that the people making them need to make a livelihood, but the frustration remains.
I would be happy to spend a large sum of money for a copy, but you can't any more. You have to buy a subscription.
If I can buy something excellent and know that I'll be able to use it, even if outdated, in 10 years, there's real value to an investment like that.
If I'm throwing several dollars a day into a hole for something I'll probably only use sometimes, and at that, perhaps taking years between uses, I can't justify the expense.
Something like how I bought the best cordless drill I could find. Not because I use it every day, or even every month, but because I wanted my drilling experience to be good every time I used it.
If you have good tools you're more likely to do things and do them well.
People give the same advice about guitars. Don't buy a cheap guitar if you want to pick up the skill. It will be difficult to tune, it won't keep a tune, and it won't sound great whatever you do. Buy a good guitar and what you do will sound better and encourage you to keep it up and get better.
A lot of free software tools are the same. They can do what they do, but their flaws discourage use and make failure as a beginner a lot more likely.
There is probably an optimum there. Not so refined as to be too expensive to be accessible to most people and not so rudimentary as to turn away people who try with low success.
If I _wanted_ to be unethical, I could surely get anything I wanted.
I want to buy something and be in good standing to use it to perhaps build something to sell.
Fusion is a whole other ball of wax. I was referring to the rest of the Autodesk suite. You can certainly find cracked versions of whatever, but (ab)using the student licensing will at least be some insurance against malware.
The way I look at it (and I'm obviously not a representative of Autodesk in any way, shape, or form): if it's making you money, pay for it. If it's not, don't. If you pirate it to learn how to use it, that's one thing. If you wanted to start selling whatever you're designing that would be the time to pay.
Autodesk, like Adobe, is making a huge push towards subscription licensing. I detest that stuff, but it's at least less of a hit initially unlike IDA.
a. license server
b. licensed to a specific person
c. licensed to a specific computer
They are indeed pretty unpleasant about the process. They've been burned by license violations.
I'd take 'em to court if I knew how.
It's very exciting to have such a great tool available. IDA might actually be detrimental in the long run. We desperately need more pentesters/infosec folks, and this generation's exposure is more high-level. So open-source RE tooling is essential to get people interested and messing about with this stuff (IMO).
On that note, I used to play (as a n00b) to some crackmes and ctf, but not having kept up to date I can't find a live replacement for crackmes.de (or .cf today...still an archive though).
Any suggestions of current resources to "play" with r2 and Cutter?
Shenzhen I/O is also meant to be good, but I haven't played it.
Neither are even close in complexity or sheer number of instructions to x86, but then I get the sense that x86 tends to put people off assembly in a way that simpler architectures don't.
If radare2 found a couple of undergrad usability students to contribute and then focused on consistency and bug-fixing, it would be able to live up to its truly amazing potential.
Radare, in my opinion, is mostly lacking on the user-experience sides. IDA is easier to pick-up and use. Also, I feel Radare's decompilers don't fare as-well as Hex-Rays. I equate this to Windbg - your best Windows debugger, which unfortunately is relatively tough to pick up (I'd argue, mostly due to poor UI choices). Forgoing that, Radare is absolutely packing.
I've moved on to reverse most of my projects with Radare. I'm still missing a handful of small features/plugins from IDA, but it's not a big issue.