Reverse engineering tips

This a draft/notes.

Reverse engineering big software

Reversing big software can be very challenging, you basically don't have symbols so you don't know what to look for.

Here I present some techniques I learned.

Code coverage

Code coverage can be used, we trace software with dynamic instrumentation tool like Intel PIN, Dynamorio or frida without doing the functionality that we want to find, then we re-trace the software while doing the functionality we want for example opening a file.

Then you find the difference between the two coverage sets.

This is a program to do code coverage visualization within IDA Pro called lighthouse. overview.png

Taint analysis

You basically taint sources like user input, and see where code access it, even with branching.

The problem with this approach is that it doesn't work with complicated programs, it works best with individual functions.

Debugger technique

I learned a trick from a gynvael stream, he basically sets breakpoints on all functions, than interacts with the software and removes a breakpoint when the stops at it. Then he does the action he wants to reverse, and hopefully the debugger will stop at the code that does that specific thing.

Author: Aziz Knani

Date: 2023-03-22 Wed 00:01

Emacs 26.3 (Org mode 9.1.9)

Tunisian flag