Satria Ady Pradana, profile picture
Uploaded bySatria Ady Pradana
PPTX, PDF1,147 views

(Workshop) Reverse Engineering - Protecting and Breaking the Software

The document discusses reverse engineering principles and techniques. It introduces reverse engineering as breaking down an existing system to understand its construction and components. The three fundamental principles are comprehension, decomposition, and reconstruction. Common reverse engineering practices are described like resource modification, control flow bypass, and code caving. Hands-on examples are provided using a CrackMe program in C# to demonstrate reverse engineering a .NET binary, including modifying strings, bypassing checks, changing function targets, and injecting custom code.

Technology
Related topics:
Reverse Engineering

Embed presentation

Downloaded 23 times
Reverse Engineering Protecting and Breaking the Software Satria Ady Pradana https://xathrya.id WORKSHOP
# Whoami?  Cyber Security Consultant at Mitra Integrasi Informatika (MII)  Researcher at dracOs Dev Team  Coordinator of Reversing.ID  Member of Indonesia Honeynet Project
Overview  Engage in practical basic reverse engineering activity  Three basic reverse engineering principle.  Common reversing technique
Review the Reversing What, Why, and How?
The Term  Originally used in the context of mechanical engineering  Breaks down an existing object or system to its construction and then rebuild it based on new demand.  Extracting knowledge or design information from anything man- mad and reproducing it or reproduce anything based on the extracted information.
Fundamental Principle  Comprehension  Gain knowledge of basic principle or mechanics of object, the behavior, and knowledge that might related to subject.  Decomposition  Breaking down the system into its structure and gain insight about inherent structure and properties of the component that make the system.  Reconstruction  Reform or reconstruct the components based on need.
Common Practice  Resource Modification (Modding)  Modify the application resource.  Control Flow Bypass  Alter program flow, force the execution to takes or jump over the intended action.  Code Caving  Writing code to specific region of process.
The Language  Various programming language exists with unique and distinctive characteristic.  Typically, divided into two classes of programming language: native, interpreted.  Native: C, C++, Pascal, Rust, Assembly.  Interpreted: Python, Ruby, Java, .NET
The Executable Format  Application has a format.  Identify by magic number.  Structured and has some sections for data, code, resource, etc.  Function might be provided by foreign module (ex: DLL), list of imported function is maintained.
Common Tools  Hex Editor  Disassembler  Debugger  Resource Editor
Our Tools  Radare2  Mono
Our Target  CrackMe.cs  Challenge.cs  Compile them  mcs CrackMe.cs
Dwelling to the New Language  Learning one programming language might speed up learning curve for learning other programming language.  The basic programming syntax you need to know:  Basic type declaration  Control Flow:  Decision (if, switch, etc)  Loop (for, while, etc)  Function  The rest is about language charactestic.
C#  Managed code, interpreted  Run on top of .NET framework  Translated into “bytecode” or some kind of “assembly”  The language is called Common Interpreted Language (CIL)  The interpreter is called Common Language Runtime (CLR)  Very similar to its high level code.
Operations to Know in “Assembly”  Assignment  Load/Store data  Branching (Jump & Call)  Arithmetic  Logical  Language specific feature
Hands On: CrackMe in C#
Task 1: Get Binary Information  $ file CrackMe.exe  $ rabin2 –I CrackMe.exe
Task 2: Disassembler and Assembler the Code  $ monodis CrackMe.exe --output=CrackMe.cil  $ ilasm /exe /output:CrackMe2.exe CrackMe.cil
Task 3: Modify Resource (String)  Disassemble the file  Search for header string, such as “Personalize Crackme for Satria”  Change to exclusive for you, such as “Personalize Crackme for Ady”  Assemble the file
Task 4: Get the Right Password  We are asked for password.  Grab it.  It is hardcoded so you may need to scroll the code.
Task 5: Bypass the Jump  Something happen, our code is stopped. Jump to the next stage, please.  There is a mechanism that checking the condition. See the return value of stage1() and see the required value.
Task 6: Change Target Function  We got the wrong destination, let see if we are able to change it.  Currently we are calling a function stage3() while the function we want is stage3_true()  Change the code to the respective intention.
Task 7: Inject Custom Code  Mayday!  We need code!  Write it by yourself.  The last stage require specific value assigned to access the function. We can create a function to change this value and call it before calling the function.
Challenge

More Related Content

PPTX
From Reversing to Exploitation
bySatria Ady Pradana
 
PPTX
Bypass Security Checking with Frida
bySatria Ady Pradana
 
PPTX
Reverse Engineering - Protecting and Breaking the Software
bySatria Ady Pradana
 
PPTX
(Training) Malware - To the Realm of Malicious Code
bySatria Ady Pradana
 
PPTX
Reverse Engineering: Protecting and Breaking the Software (Workshop)
bySatria Ady Pradana
 
PPTX
Reverse Engineering: Protecting and Breaking the Software
bySatria Ady Pradana
 
PPTX
Another Side of Hacking
bySatria Ady Pradana
 
PPTX
Pentesting Android Apps
byAbdelhamid Limami
 
From Reversing to Exploitation
bySatria Ady Pradana
 
Bypass Security Checking with Frida
bySatria Ady Pradana
 
Reverse Engineering - Protecting and Breaking the Software
bySatria Ady Pradana
 
(Training) Malware - To the Realm of Malicious Code
bySatria Ady Pradana
 
Reverse Engineering: Protecting and Breaking the Software (Workshop)
bySatria Ady Pradana
 
Reverse Engineering: Protecting and Breaking the Software
bySatria Ady Pradana
 
Another Side of Hacking
bySatria Ady Pradana
 
Pentesting Android Apps
byAbdelhamid Limami
 

What's hot

PPTX
Android pen test basics
byOWASPKerala
 
PPTX
Ethical Hacking Conference 2015- Building Secure Products -a perspective
byDr. Anish Cheriyan (PhD)
 
PDF
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
byFFRI, Inc.
 
PDF
Stuxnet redux. malware attribution & lessons learned
byYury Chemerkin
 
PPT
The Future of Automated Malware Generation
byStephan Chenette
 
PDF
Pentesting Mobile Applications (Prashant Verma)
byClubHack
 
PPTX
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
byEndgameInc
 
PDF
Andriod Pentesting and Malware Analysis
byn|u - The Open Security Community
 
PPTX
Drozer - An Android Application Security Tool
bynullowaspmumbai
 
PDF
Hacking ble smartwatch
byidsecconf
 
PDF
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
byFFRI, Inc.
 
PDF
Mobile Application Pentest [Fast-Track]
byPrathan Phongthiproek
 
PPTX
Secure Software Engineering
byRohitha Liyanagama
 
PDF
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
byFFRI, Inc.
 
PDF
Threat Modeling Everything
byAnne Oikarinen
 
PDF
Real World Application Threat Modelling By Example
byNCC Group
 
PDF
Malware Detection - A Machine Learning Perspective
byChong-Kuan Chen
 
PPTX
Fuzzing | Null OWASP Mumbai | 2016 June
bynullowaspmumbai
 
PDF
IOT Exploitation
byCysinfo Cyber Security Community
 
PDF
Making User Authentication More Usable
byJim Fenton
 
Android pen test basics
byOWASPKerala
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
byDr. Anish Cheriyan (PhD)
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
byFFRI, Inc.
 
Stuxnet redux. malware attribution & lessons learned
byYury Chemerkin
 
The Future of Automated Malware Generation
byStephan Chenette
 
Pentesting Mobile Applications (Prashant Verma)
byClubHack
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
byEndgameInc
 
Andriod Pentesting and Malware Analysis
byn|u - The Open Security Community
 
Drozer - An Android Application Security Tool
bynullowaspmumbai
 
Hacking ble smartwatch
byidsecconf
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
byFFRI, Inc.
 
Mobile Application Pentest [Fast-Track]
byPrathan Phongthiproek
 
Secure Software Engineering
byRohitha Liyanagama
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
byFFRI, Inc.
 
Threat Modeling Everything
byAnne Oikarinen
 
Real World Application Threat Modelling By Example
byNCC Group
 
Malware Detection - A Machine Learning Perspective
byChong-Kuan Chen
 
Fuzzing | Null OWASP Mumbai | 2016 June
bynullowaspmumbai
 
IOT Exploitation
byCysinfo Cyber Security Community
 
Making User Authentication More Usable
byJim Fenton
 

Similar to (Workshop) Reverse Engineering - Protecting and Breaking the Software

PPTX
Reverse Engineering: The Crash Course
bySatria Ady Pradana
 
PDF
Hacking with Reverse Engineering and Defense against it
byPrakashchand Suthar
 
PDF
Software cracking and patching
byMayank Gavri
 
PDF
x86 Software Reverse-Engineering, Cracking, and Counter-Measures 1st Edition ...
bygobaadosks
 
PDF
V4I5201571
bykrishan8018
 
PPTX
Reverse engineering & immunity debugger
bymahakant sharma
 
PPTX
Reverse Engineering.pptx
bySameer Sapra
 
PDF
IRJET- Development of Uncrackable Software
byIRJET Journal
 
PPTX
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
byShellmates
 
PPTX
Reverse code engineering
byKrishs Patil
 
PPT
Hrishikesh Choudhari - Overview Of Cracks
byHrishikesh Choudhari
 
PDF
Software Reverse Engineering in a Security Context
byLokendra Rawat
 
PPTX
Intro to Reverse Engineering
byNull Bhubaneswar
 
PDF
WhitePaperTemplate
byJo Marques
 
PPTX
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
bysecurityxploded
 
PPTX
Malware 101 by saurabh chaudhary
bySaurav Chaudhary
 
PPTX
Introduction to Reverse Engineering.....
byGuna Dhondwad
 
PDF
CNIT 127 14: Protection Mechanisms
bySam Bowne
 
PDF
Reverse Engineering 101
byGDSC UofT Mississauga
 
PPT
Software security
byRoman Oliynykov
 
Reverse Engineering: The Crash Course
bySatria Ady Pradana
 
Hacking with Reverse Engineering and Defense against it
byPrakashchand Suthar
 
Software cracking and patching
byMayank Gavri
 
x86 Software Reverse-Engineering, Cracking, and Counter-Measures 1st Edition ...
bygobaadosks
 
V4I5201571
bykrishan8018
 
Reverse engineering & immunity debugger
bymahakant sharma
 
Reverse Engineering.pptx
bySameer Sapra
 
IRJET- Development of Uncrackable Software
byIRJET Journal
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
byShellmates
 
Reverse code engineering
byKrishs Patil
 
Hrishikesh Choudhari - Overview Of Cracks
byHrishikesh Choudhari
 
Software Reverse Engineering in a Security Context
byLokendra Rawat
 
Intro to Reverse Engineering
byNull Bhubaneswar
 
WhitePaperTemplate
byJo Marques
 
Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)
bysecurityxploded
 
Malware 101 by saurabh chaudhary
bySaurav Chaudhary
 
Introduction to Reverse Engineering.....
byGuna Dhondwad
 
CNIT 127 14: Protection Mechanisms
bySam Bowne
 
Reverse Engineering 101
byGDSC UofT Mississauga
 
Software security
byRoman Oliynykov
 

More from Satria Ady Pradana

PPTX
Rekayasa Balik - Sebuah Hikayat dari Dunia Digital
bySatria Ady Pradana
 
PPTX
The Offensive Python - Practical Python for Penetration Testing
bySatria Ady Pradana
 
PPTX
Android Security : A Hacker's Perspective
bySatria Ady Pradana
 
PPTX
(Workshop) Memory Forensic - Investigating Memory Artefact
bySatria Ady Pradana
 
PPTX
Memory Forensic - Investigating Memory Artefact
bySatria Ady Pradana
 
PPTX
Drac lab automatic malware analysis & repository
bySatria Ady Pradana
 
PPTX
Web Security Workshop : A Jumpstart
bySatria Ady Pradana
 
PPTX
Dracos forensic flavor
bySatria Ady Pradana
 
PPTX
Path of Cyber Security
bySatria Ady Pradana
 
PPTX
Docker and-daily-devops
bySatria Ady Pradana
 
PDF
Defense of the assets
bySatria Ady Pradana
 
PPTX
Tugas Akhir 13510030 - Analisis Keamanan Dalam Pengembangan Sistem Transaksi ...
bySatria Ady Pradana
 
Rekayasa Balik - Sebuah Hikayat dari Dunia Digital
bySatria Ady Pradana
 
The Offensive Python - Practical Python for Penetration Testing
bySatria Ady Pradana
 
Android Security : A Hacker's Perspective
bySatria Ady Pradana
 
(Workshop) Memory Forensic - Investigating Memory Artefact
bySatria Ady Pradana
 
Memory Forensic - Investigating Memory Artefact
bySatria Ady Pradana
 
Drac lab automatic malware analysis & repository
bySatria Ady Pradana
 
Web Security Workshop : A Jumpstart
bySatria Ady Pradana
 
Dracos forensic flavor
bySatria Ady Pradana
 
Path of Cyber Security
bySatria Ady Pradana
 
Docker and-daily-devops
bySatria Ady Pradana
 
Defense of the assets
bySatria Ady Pradana
 
Tugas Akhir 13510030 - Analisis Keamanan Dalam Pengembangan Sistem Transaksi ...
bySatria Ady Pradana
 

Recently uploaded

PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PDF
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
PDF
The_Boardroom_Cyber_Playbook_Research_Edition
bySaraDavis91
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
The_Boardroom_Cyber_Playbook_Research_Edition
bySaraDavis91
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 

(Workshop) Reverse Engineering - Protecting and Breaking the Software

  • 1.
    Reverse Engineering Protecting andBreaking the Software Satria Ady Pradana https://xathrya.id WORKSHOP
  • 2.
    # Whoami?  CyberSecurity Consultant at Mitra Integrasi Informatika (MII)  Researcher at dracOs Dev Team  Coordinator of Reversing.ID  Member of Indonesia Honeynet Project
  • 3.
    Overview  Engage inpractical basic reverse engineering activity  Three basic reverse engineering principle.  Common reversing technique
  • 4.
  • 5.
    The Term  Originallyused in the context of mechanical engineering  Breaks down an existing object or system to its construction and then rebuild it based on new demand.  Extracting knowledge or design information from anything man- mad and reproducing it or reproduce anything based on the extracted information.
  • 6.
    Fundamental Principle  Comprehension Gain knowledge of basic principle or mechanics of object, the behavior, and knowledge that might related to subject.  Decomposition  Breaking down the system into its structure and gain insight about inherent structure and properties of the component that make the system.  Reconstruction  Reform or reconstruct the components based on need.
  • 7.
    Common Practice  ResourceModification (Modding)  Modify the application resource.  Control Flow Bypass  Alter program flow, force the execution to takes or jump over the intended action.  Code Caving  Writing code to specific region of process.
  • 8.
    The Language  Variousprogramming language exists with unique and distinctive characteristic.  Typically, divided into two classes of programming language: native, interpreted.  Native: C, C++, Pascal, Rust, Assembly.  Interpreted: Python, Ruby, Java, .NET
  • 9.
    The Executable Format Application has a format.  Identify by magic number.  Structured and has some sections for data, code, resource, etc.  Function might be provided by foreign module (ex: DLL), list of imported function is maintained.
  • 12.
    Common Tools  HexEditor  Disassembler  Debugger  Resource Editor
  • 13.
  • 14.
    Our Target  CrackMe.cs Challenge.cs  Compile them  mcs CrackMe.cs
  • 15.
    Dwelling to theNew Language  Learning one programming language might speed up learning curve for learning other programming language.  The basic programming syntax you need to know:  Basic type declaration  Control Flow:  Decision (if, switch, etc)  Loop (for, while, etc)  Function  The rest is about language charactestic.
  • 16.
    C#  Managed code,interpreted  Run on top of .NET framework  Translated into “bytecode” or some kind of “assembly”  The language is called Common Interpreted Language (CIL)  The interpreter is called Common Language Runtime (CLR)  Very similar to its high level code.
  • 17.
    Operations to Knowin “Assembly”  Assignment  Load/Store data  Branching (Jump & Call)  Arithmetic  Logical  Language specific feature
  • 18.
  • 19.
    Task 1: GetBinary Information  $ file CrackMe.exe  $ rabin2 –I CrackMe.exe
  • 20.
    Task 2: Disassemblerand Assembler the Code  $ monodis CrackMe.exe --output=CrackMe.cil  $ ilasm /exe /output:CrackMe2.exe CrackMe.cil
  • 21.
    Task 3: ModifyResource (String)  Disassemble the file  Search for header string, such as “Personalize Crackme for Satria”  Change to exclusive for you, such as “Personalize Crackme for Ady”  Assemble the file
  • 22.
    Task 4: Getthe Right Password  We are asked for password.  Grab it.  It is hardcoded so you may need to scroll the code.
  • 23.
    Task 5: Bypassthe Jump  Something happen, our code is stopped. Jump to the next stage, please.  There is a mechanism that checking the condition. See the return value of stage1() and see the required value.
  • 24.
    Task 6: ChangeTarget Function  We got the wrong destination, let see if we are able to change it.  Currently we are calling a function stage3() while the function we want is stage3_true()  Change the code to the respective intention.
  • 25.
    Task 7: InjectCustom Code  Mayday!  We need code!  Write it by yourself.  The last stage require specific value assigned to access the function. We can create a function to change this value and call it before calling the function.
  • 26.