Logic & binaries
What is this post about?
Malicious codes are implemented to stay hidden during the infection and operation, preventing their removal and the analysis of the code. Software analysis is a critical point in dealing with malware, since most samples employ some sort of packing or obfuscation techniques in order to thwart analysis.
Getting the Code
In the last post, we discussed how to find important information about how to communicate with the device’s. In this post, we are going to describe the standard approach of getting the code we want to reverse and use the information we collected before.
I have this $device - How to start?
Understanding your device
First of all: Look for Debug Ports
In fact, this should be the step zero step. I mean, you’ve got a wonderful piece of hardware but how do you communicate with it? To find all the available connections, I usually make a list of all physical ports I can access, I count all the pins I see and so on, always keeping in my mind that I want a debug port. The debug port is usually the one used to program the device at the factory and is sometimes left available for technical support and repair reasons.
/me on reverse engineering
Work in Progress - my first steps!
Notes on fundamentals for reverse engineers
I remember the day when a friend told me that “this is fun!”- thingy we spend time doing on our weekends had a name: Reverse Engineering. I got curious about information security just after that! I really enjoy understanding deeper low-level internals of $thing. And when I decided to take a more “researcher-like” approach on it, I felt like diving into the a software developer’s perspective of computer architecture. I am planning to cover the same topic from another perspective, which is for me more comfortable and logical - I am coming from the hardware level back to software. There are plenty of extremely well written RE101 tutorials using a pletora of different tools. However not so many explaining how to get the code to analyze in first place or giving a general idea on reverse any kind of binary.
Tinkering the memory
50 shades of the memory
I have been writing lots of notes on PROLOG and logical programming and people keep asking me, why I never write about reverse engineering. So I decide to give it a try.
I will start with stuff that I think are important for reverse engineering. It will be a bit different of the approaches I see on online tutorials, so I won’t be mad or sad if this notes are not helpful for you. BUT I will be REALLY happy if someone finds it useful!