Malicious codes are implemented to stay hidden during the infection and operation, preventing their removal and the analysis of the code. Software analysis is a critical point in dealing with malware, since most samples employ some sort of packing or obfuscation techniques in order to thwart analysis.
In the last post, we discussed how to find important information about how to communicate with the device’s. In this post, we are going to describe the standard approach of getting the code we want to reverse and use the information we collected before.
In fact, this should be the step zero step. I mean, you’ve got a wonderful piece of hardware but how do you communicate with it? To find all the available connections, I usually make a list of all physical ports I can access, I count all the pins I see and so on, always keeping in my mind that I want a debug port. The debug port is usually the one used to program the device at the factory and is sometimes left available for technical support and repair reasons.