Reversing CrackMe with Ghidra (Part 1)

Поділитися
Вставка
  • Опубліковано 21 лис 2024

КОМЕНТАРІ • 153

  • @npz1838
    @npz1838 3 роки тому +5

    This is great man. I'm in the process of learning about reverse engineering and Ghidra, and this series is helping me out a TON. Thanks for doing it!

  • @TheAVITube
    @TheAVITube 5 років тому +6

    Really great. This helps noobs like me to get my feet wet. With so much info out there and the newness of ghidra its really hard to find something that is basically "Getting started with RE using Ghidra"
    Also, starting at crackme 3....thank you for going into the test function and doing the RE there too. Extra mile effort. Awesome.

    • @stryker2k2
      @stryker2k2  5 років тому +4

      Thanks a ton!
      Ghidra is still pretty new so good info is hard to find. I'm glad this video was able to help you out!

    • @LeAvventureDiFraeGra
      @LeAvventureDiFraeGra 4 роки тому +1

      @@stryker2k2 Puoi fare altre lezioni,con esempi pratici. Grazie prof

  • @nahiyanalamgir7614
    @nahiyanalamgir7614 4 роки тому +3

    You're amazing! You explain well and show everything in a very relaxed way. I fell in love with Ghidra after watching this video.

  • @metasploited5790
    @metasploited5790 3 роки тому +3

    Thank you for these uploads - very helpful walkthroughs and the pacing makes it easy to follow along.

    • @stryker2k2
      @stryker2k2  3 роки тому

      I'm glad you found it helpful 😊

  • @akloskikoblansk2698
    @akloskikoblansk2698 4 роки тому +9

    Thank you for making this very beginner friendly by the way. Most may find the pacing slow and patronizing, but it's great for complete noobs like me who learns best by doing and getting straight into it. I bet everyone, even my nana, can learn something from this - I certainly most have!

    • @fueljuice9206
      @fueljuice9206 4 місяці тому

      wait until she finds out about anti-decompiler and anti debugger

  • @ghee-air-moe5775
    @ghee-air-moe5775 4 роки тому +5

    My hero! Thanks again for the videos! What a great tutorial! Notably, your instruction tempo is great as well as your lack of saying "um" a lot is fantastic, which means you're easy to listen to and follow, lol.

    • @stryker2k2
      @stryker2k2  4 роки тому

      Thanks, Ghee!
      I like what you did with your username! I caught on as soon as I said it out loud.

    • @ghee-air-moe5775
      @ghee-air-moe5775 4 роки тому

      @@stryker2k2 @27:27 you said that we completed it but we didn't insert any password in the program to ensure we actually got a correct password. We did figure out what the program does when we have the correct password, but...what's the password for 0x3? lol

    • @adrianslabu9053
      @adrianslabu9053 4 роки тому

      Ghee-Air-Moe @17:59

  • @cvrsor2985
    @cvrsor2985 Рік тому +1

    Ghidra does a lot of the function naming automatically now which is so nice. Still the best tutorial, even in 2023. 😄

    • @stryker2k2
      @stryker2k2  Рік тому

      Thanks! I need to check out the new Ghidra version!

  • @stevecaswell8814
    @stevecaswell8814 4 роки тому +2

    Great video, very instructive. Thanks for taking the time to walk me through topics that are easier to understand than explain! You do it great though!

  • @antoinedevldn
    @antoinedevldn Рік тому +1

    And this is going to be the serie I am following to teach me the basics :D

    • @stryker2k2
      @stryker2k2  Рік тому

      As of right now, it is a scrambled series of some-what random topics. For example, I just published a new Ghidra video today about the new Emulator tool they have. The only thing that remains constant is the simplicity and elaboration in my 'series'.

  • @tt-fx6nt
    @tt-fx6nt 2 роки тому +1

    Sir, you're awesome, your explanation is very clear. Please do more video on CrackMe challenge with Ghidra, or maybe IDA Pro, or x64dbg.

    • @stryker2k2
      @stryker2k2  Рік тому

      Thanks a ton! I love making Ghidra videos. I'm sure there will be more CrackMe videos in the future! I just posted a new Ghidra video today about their new tool, the Emulator.

  • @user-tg6vk4ig3i
    @user-tg6vk4ig3i 5 років тому +1

    Very good and thank you very much. I hope you continue the series with more complex subjects. Malware analysis, packers and VM protect.

    • @stryker2k2
      @stryker2k2  4 роки тому

      Hello again! Yes... Packers and VM Protect! Not anytime soon but, yes, definitely! Especially Themida packer... it's a straight kick in the teeth and I would love to make a video on Reversing it!

  • @hyunwhanjoe3477
    @hyunwhanjoe3477 Рік тому +1

    Thanks for showing which keys you're pressing

    • @stryker2k2
      @stryker2k2  10 місяців тому +1

      It always bugged me when I watch some keyboard master fly through a program using shortcuts with no explaination. I promised myself to never be that guy :D

  • @kiwidev_
    @kiwidev_ 5 років тому +1

    This is really helpful, I'm trying to start learning the RE process and you walking through the steps makes this super understandable. I hope your channel gets more attention, this is great!

    • @stryker2k2
      @stryker2k2  5 років тому

      That's awesome to hear! I'm glad my videos are helping! :)

  • @BoebieBaby
    @BoebieBaby 6 місяців тому +1

    Little late to the party but I solved the 4th example a bit differently by pure coincidence. I thought it was counting string length so I entered "123456789012345". The code stops whenever it hits 15 so as soon as it got to the first "5" it gave me the Ok lol. Made more sense when I looked up sscanf

    • @stryker2k2
      @stryker2k2  6 місяців тому

      Nice! Running into cool little discoveries like that is always fun.

  • @rlee431
    @rlee431 4 роки тому +3

    This was such a great tutorial. I can't thank you enough. You made things so clear.

  • @hlflifeenjoyer6176
    @hlflifeenjoyer6176 7 місяців тому +1

    incredibly useful tutorial thank you for making this

  • @panjak323
    @panjak323 Рік тому +1

    Hey, how do you find main in C++ program that was compiled with MSVC compiler ? Entry point is just some CRT startup code, but no signs of main being called after that.

    • @stryker2k2
      @stryker2k2  Рік тому

      Shoot me a screenshot of the Entry Point code to my Twitter (@stryker2k2). There are two possibilities. 1) a new thread is being launched with the Main Function being passed as a parameter or 2) the binary is a DLL/SO library file

    • @panjak323
      @panjak323 Рік тому +1

      @@stryker2k2 nevermind, found it, just had to check every single function there was in entry point and following all labels in ASM. I still have no idea how to do this consistently.

    • @stryker2k2
      @stryker2k2  Рік тому

      @@panjak323 Every compiler does it a bit differently. You'll get there :)

  • @patistachowski
    @patistachowski 4 роки тому +2

    Thank you!!! Very interesting video. Everything was perfectly explained!

  • @baruchben-david4196
    @baruchben-david4196 4 роки тому +1

    For crackme4, I entered '12345678912345' and it still passed. Also, if I type '1' and then 14 other characters - digits, alphabetic, punctuation - it still passes. I don't quite understand why. Evidently I don't fully understand how sscanf works...
    Edit: I think I figured it out. The loop exits when the counter reaches 15. Whatever follows is irrelevant. So, 12345 works, as will 12345xxxxxxx... The first five digits add to 15. The loop exits, so whatever follows is ignored.

  • @carlfarrington
    @carlfarrington 5 років тому +1

    How exactly are you planning to fix the message about debugging information being missing from the PE file? It's good that you've learned that pressing OK on the message doesn't cause any catastrophes. Would be even better if you just read and understood it though ;-)

    • @stryker2k2
      @stryker2k2  5 років тому

      Thank you for that! Indeed just pressing OK is the easy way! Nevertheless, I did research that error and I've been able to describe the error message more to the viewers in the new video!
      Thank you for pushing me to grow!
      ua-cam.com/video/Eu9YC1Jq1Do/v-deo.html

  • @sweetcarbon1132
    @sweetcarbon1132 4 роки тому +3

    does anybody not get the value in different data types when hovering over the hex code, cuz i don't, i only get "Signed integer Compiler specific size) and the length

    • @stryker2k2
      @stryker2k2  4 роки тому

      Interesting... maybe there is a selection at the 'Auto-Analyze' menu at the beginning you didn't select? I'll poke around my Ghidra and see if I can replicate that... but, I can't promise anything.

    • @akhattukenov8987
      @akhattukenov8987 4 роки тому

      Same problem , cannot find the solution.

    • @antinvk1
      @antinvk1 4 роки тому +1

      ​@@akhattukenov8987 Try to enable extension "GnuDisassembler", that worked for me for some reason.

  • @akloskikoblansk2698
    @akloskikoblansk2698 4 роки тому +1

    "Yes, it very much is for real." lmao

  • @0x6d696368
    @0x6d696368 5 років тому +1

    Regarding the ".text" function names. It is because the binary has 2 symbol names per function. One is the real name the other the section name ".text". This is most likely because it was compiled by gcc with -ffunction-sections.
    You can delete the ".text" labels before analysis and it is fine. See my video: ua-cam.com/video/WENXr6iDu8A/v-deo.html

    • @stryker2k2
      @stryker2k2  5 років тому

      You are amazing! Your video is very clear and concise. I will implement that fix in the next video!
      I also put your link in the description of this video.

  • @CyberZyro
    @CyberZyro 3 роки тому +1

    I actually cant see those Decimal's while hovering over the Hex , i know i can simply covert them online but what's the reason for not showing while hovering over ?

    • @stryker2k2
      @stryker2k2  3 роки тому +1

      I have also been having issues recently with the Decompiler pop-up not showing up. I'm making the assumption that you are hovering above "0x52b24". In the Assembly Code, that line is read as "CMP EAX, dword ptr [EBP + local_10", in which the Ghidra Decompiler has read the value in that location and translated it to 0x52b24. Now, if the instructions said "CMP EAX, 0x52b24"... I believe that the decompiler would give us a pop-up showing us different variable translation (integer, unsigned integer, etc).
      I do not know exactly why this is. But, for CrackMe0x02, the pop-up doesn't show up for me anymore either.

    • @CyberZyro
      @CyberZyro 3 роки тому

      @@stryker2k2 exactly, and am beginner so not that friendly with Ghidra and concepts

  • @user-pg1pk3cd6i
    @user-pg1pk3cd6i 3 роки тому +1

    Thank you!!! Very interesting video.

  • @BryceChudomelka
    @BryceChudomelka 3 роки тому +1

    Excellent video. You are a great instructor.

  • @MrDrickjo
    @MrDrickjo Рік тому +1

    I got things under control. Disregard all previous chat post. However,,,,,, Quick Question, On my WIndows 11 I notice I have choose Data Type Manager, Symbol Tree etc. and Decompiler all indivisually as they dont show up all at same time like on Windows 10. How can I get it all show up on 1 display like yours as individual pains

    • @stryker2k2
      @stryker2k2  10 місяців тому

      I have not yet installed Ghidra on Windows 11. But, when I do, I will look into this.

  • @kakashisharigan336
    @kakashisharigan336 4 роки тому +1

    A lot of value in here. Thanks mate

  • @tarasboichuk3958
    @tarasboichuk3958 4 роки тому +6

    Interesting: when i pass input [000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    ] its not == 15 but it works fine ... do i overflowing the buffer??? UPD: i think i am - there is a fixed input char array size :)
    IOLI Crackme Level 0x04
    Password: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Password OK!

    • @stryker2k2
      @stryker2k2  4 роки тому +1

      Whoooaaaaa... I'll have to check that out!

    • @nullzero9224
      @nullzero9224 3 роки тому

      ​@@stryker2k2 I spent sometimes trying to solve this challenge and I noticed that the challenge can be solved once we supply digits add up to 15 at the beginning no matter how many digits we supply as password afterwards. for example , if we start the password with digits 96 , it will be okay and challenge will be solved even if the password we type is 96999999999999999999999999 or whatever digits we might add later. The code break once we reach to total 15 , then all other values in the password are ignored and while loop ends. In addition to that , if we supply 54 zeros or more , the challenge also will be solved strangely. I'm not sure if the decompiler failed to generate correct representation for the assembly or there was a logic mistake in the challenge code itself !!

  • @MrDrickjo
    @MrDrickjo Рік тому

    I got mine to work as I simply used Windows 10 and not use my box thats running Windows 11. However, what type of language are Crack 0,1,2 running? I see a lot of if then statements.

  • @arvinmoravej7161
    @arvinmoravej7161 4 роки тому +1

    tnx for the video

    • @stryker2k2
      @stryker2k2  4 роки тому

      I had some issues reversing Python executables as well in the past. I'll make sure to record a video if I ever throw a Python executable into Ghidra.

  • @aga1nstall0dds
    @aga1nstall0dds Рік тому +1

    Are these crackme files safe to be run on a ghidra directly installed on my windows without a vm?

    • @stryker2k2
      @stryker2k2  Рік тому

      I always suggest running executables in VMs. With that said, these crackmes are safe for use on your bare-metal Windows machine.

  • @dirks.2909
    @dirks.2909 5 років тому +1

    What theme are you using here?
    Could you upload it?
    thanks

    • @stryker2k2
      @stryker2k2  5 років тому +1

      Excellent question! Dark Mode is available in Ghidra natively.
      You can follow enable Dark Mode by following along with my instructions in the linked video:
      ua-cam.com/video/IL60yGDbRGw/v-deo.html

  • @leozendo3500
    @leozendo3500 4 роки тому +1

    Very helpful! If I may ask, How can I search for a png image embedded in a 10Mb exe binary? Say if I want to patch it out.

    • @stryker2k2
      @stryker2k2  4 роки тому

      Funny you ask! One of my next videos is going to be on how to detect malicious droppers. In which, the executable payload would be embedded into the dropper the same fashion as an image would be. Maybe I'll make the 'payload' an image instead.

    • @leozendo3500
      @leozendo3500 4 роки тому

      @@stryker2k2 Very cool. Thank you. I used Restorator.exe to search for the image but no luck. the program is MagicMusicVisuals.exe and it has an encrypted shell. I know software cracking can be bad but well for educational purposes...

  • @LukeAvedon
    @LukeAvedon 10 місяців тому +1

    Super helpful! Thanks!

    • @stryker2k2
      @stryker2k2  10 місяців тому

      Glad it was helpful!

  • @stevevai2442
    @stevevai2442 4 роки тому

    Could not open these executable files in ghidra (error as "select library to open it") and even in cmd. Gives error as "can not start due to incompatibility with 64bit version of windows. How to do I replicate these?

  • @marcosrocha2312
    @marcosrocha2312 4 роки тому

    tanck you, conteúdo incrível bem legal mesmo. didática incomparável.

  • @ferivertid
    @ferivertid 3 роки тому +1

    you're a great teacher

  • @MikeMike-um8sq
    @MikeMike-um8sq 3 роки тому +1

    When I try crackme0x02 it does not give the information when I hover over the number in the decompiler
    Any ideas

    • @stryker2k2
      @stryker2k2  3 роки тому

      I have also been having issues recently with the Decompiler pop-up not showing up. I'm making the assumption that you are hovering above "0x52b24". In the Assembly Code, that line is read as "CMP EAX, dword ptr [EBP + local_10", in which the Ghidra Decompiler has read the value in that location and translated it to 0x52b24. Now, if the instructions said "CMP EAX, 0x52b24"... I believe that the decompiler would give us a pop-up showing us different variable translation (integer, unsigned integer, etc).
      I do not know exactly why this is. But, for CrackMe0x02, the pop-up doesn't show up for me either. Here is my work around... (see screenshot below)
      nc.strykersoft.us/index.php/s/mHkzfHYziBEetSs

    • @MikeMike-um8sq
      @MikeMike-um8sq 3 роки тому +1

      @@stryker2k2 Thank you very much/ Is there a way to see the registers and stack in Ghidra?

    • @stryker2k2
      @stryker2k2  3 роки тому

      There is not, unfortunately. I use x64dbg for reading stack, registers, and heap. Would a x64dbg video be something you would be interested in?
      I usually have both Ghidra and x64dbg up at the same time when I work. Maybe showing that work flow would be beneficial?

  • @cephurs
    @cephurs 3 роки тому +1

    great stuff, thank you!

  • @dhanaa2007
    @dhanaa2007 3 роки тому

    Can you suggest me ex4 how to crack which tool

  • @GeneralBison
    @GeneralBison 3 роки тому

    I get a different popup when hovering over the address in crackme0x02, it doesn't convert. Struggling to figure out how your Ghidra is coming to that conclusion, also tried active analysis in r2 and I can't get it :/

    • @stryker2k2
      @stryker2k2  3 роки тому

      I have also been having issues recently with the Decompiler pop-up not showing up. I'm making the assumption that you are hovering above "0x52b24". In the Assembly Code, that line is read as "CMP EAX, dword ptr [EBP + local_10", in which the Ghidra Decompiler has read the value in that location and translated it to 0x52b24. Now, if the instructions said "CMP EAX, 0x52b24"... I believe that the decompiler would give us a pop-up showing us different variable translation (integer, unsigned integer, etc).
      I do not know exactly why this is. But, for CrackMe0x02, the pop-up doesn't show up for me anymore either. Here is my work around... (see screenshot below)
      nc.strykersoft.us/index.php/s/mHkzfHYziBEetSs

  • @rbkhyvc
    @rbkhyvc 3 роки тому

    Mine won't import all at once. I have to do it one by one.

  • @FrontlineFauji
    @FrontlineFauji 3 роки тому

    Sir how can we play .rio extention video into any another player

  • @zvit
    @zvit 5 років тому +1

    A little tip: you don't have to drag and drop onto the dragon, you can just double click the project name :) (or, while the project is selected, just click the dragon)

    • @stryker2k2
      @stryker2k2  4 роки тому

      Thank you for bringing this up! Because of this comment, I've used that little tip in every video since! You rock!

  • @MrDrickjo
    @MrDrickjo Рік тому

    I notice my Ghidra goes through all steps I can drag Crackme file over to GUI and it does everything as in video,, But after I analayze I dont understand why it doesn't seem to display output. Im running Windows 11 but Im not sure why after being prompted to analayze it doesn't display anything in code Browser. I tried "FILE > Open and still NOTHING. Any suggestions or tips

    • @stryker2k2
      @stryker2k2  Рік тому

      Shoot me a message on Twitter @stryker2k2 and I'll see what I can do (when I get back to my computer on Monday)

  • @MrDrickjo
    @MrDrickjo Рік тому +1

    Does this work with windows 11

  • @anthonysmith5857
    @anthonysmith5857 5 років тому +1

    Can you show a video on AUTODESK Maya any version would be great.

    • @stryker2k2
      @stryker2k2  4 роки тому

      I have no experience with AUTODESK Maya... but I love learning and making videos! I'll see what I can do!

  • @ParlaySeb
    @ParlaySeb 5 років тому +1

    tell me how to reverse 0x50?

    • @stryker2k2
      @stryker2k2  5 років тому +1

      I can't help with 0x50! But... I can help with 0x05!
      Check out my new video at ua-cam.com/video/Eu9YC1Jq1Do/v-deo.html

  • @0xp4ul
    @0xp4ul 4 роки тому +1

    You are rocking

  • @polinimalossi8404
    @polinimalossi8404 2 роки тому

    hi stryker how are you? I wanted to ask you for information. This tutorial is also good for those paid software that hides the cracks so as not to crack the program? a thousand thanks

    • @stryker2k2
      @stryker2k2  2 роки тому

      Ghidra and these tutorials were created to make reading assembly code easier and learn basic reverse engineering. Doing anything further is up to your ambition and imagination.

    • @polinimalossi8404
      @polinimalossi8404 2 роки тому

      @@stryker2k2 I understand you do to download that file from github you must first disable a setting in the windows defender then you have to block the exceptions in windows defender and you have to put the download folder then you have to use the edge browser then do as you did in the video and save the file in the download folder and then do as you did in the video for safety I have removed the option to download unknown files from the browser in the registry Wednesday afternoon I do everything calmly thank you very much and good evening carlo 👍

    • @polinimalossi8404
      @polinimalossi8404 2 роки тому +1

      @@stryker2k2 excuse me if I wrote to you in private in a video where it has nothing to do I hope I was not too eppertinent?

  • @HandyFox333
    @HandyFox333 2 роки тому +1

    Why did you include the pointless comments in the beginning?

    • @stryker2k2
      @stryker2k2  2 роки тому

      This pointless comment will be in the beginning of my next video 😊

  • @MrDrickjo
    @MrDrickjo Рік тому +1

    Does it matter where u download code? Crackme file

    • @stryker2k2
      @stryker2k2  Рік тому

      Right Answer: Yes, it matters. Download challenges from official sources. HackTheBox is a great source for crackme challenges and has Virtual Machines you can use with Ghidra pre-installed.
      Less Right Answer: No, it doesn't matter. As long as you are running in a Virtual Machine on a physical computer with no important files and disconnected from all networks (air-gapped), then you can download challenges from anywhere.

  • @abdullah5246
    @abdullah5246 2 роки тому +1

    The dark theme is perfect here. Can you share the code please? great video by the way ;)

    • @stryker2k2
      @stryker2k2  2 роки тому +1

      The link to the code can be found at 3:13 in the video

    • @abdullah5246
      @abdullah5246 2 роки тому +1

      @@stryker2k2 I meant the script for the dark theme. I've downloaded a python script before but its color customization was awful to say the least

    • @stryker2k2
      @stryker2k2  2 роки тому +1

      @@abdullah5246 I didn't find any good theme scripts. I used one of Ghidra's default themes. You can see the video where I walk through making a dark theme here -> ua-cam.com/video/Cgukr7v9eg0/v-deo.html

    • @abdullah5246
      @abdullah5246 2 роки тому +1

      @@stryker2k2 Amazing, thank you!

    • @stryker2k2
      @stryker2k2  2 роки тому +1

      @@abdullah5246 My pleasure

  • @jarno_r
    @jarno_r 4 роки тому +1

    Awesome video

  • @sdfsdf1728
    @sdfsdf1728 3 роки тому +1

    good stuff!

    • @stryker2k2
      @stryker2k2  3 роки тому

      I'm lad you liked it!

    • @deedewald1707
      @deedewald1707 3 роки тому

      @@stryker2k2 Interesting comment indeed ! I'm glad

  • @jasonking1284
    @jasonking1284 4 роки тому +1

    Can't see a thing. I do not have a microscope...

    • @stryker2k2
      @stryker2k2  4 роки тому

      I completely agree! I have learned a lot about producing UA-cam content since then; namely that font size is important!
      My newer videos are easier to read and I will probably re- record this series in the future as well!

    • @jasonking1284
      @jasonking1284 4 роки тому +1

      @@stryker2k2 I am glad to read that you realize this and have fixed this problem. Big text is essential on UA-cam educational videos. People might not have the luxury of large 42inch 4K monitors and might be limited to small 20inch 1080p monitors. Best of luck with your videos.

    • @stryker2k2
      @stryker2k2  4 роки тому

      @@jasonking1284 Very true and thank you!

  • @DavidDavisMr3moons
    @DavidDavisMr3moons 4 роки тому

    Hey striker I have a question for you if you could PM me my follow of yours I’m looking to see if you can help me with that ma’am no programmer I’m just barely learning how to operate how to use the G Dr. and I think that you might be able to help me out with a problem here

  • @Kev1305
    @Kev1305 3 роки тому +1

    Interestingly, my output is already different from yours on the very first challenge as my _mainCRTStartup returns the following:
    void _mainCRTStartup(void)
    {
    __set_app_type(1);
    /* WARNING: Subroutine does not return */
    ___mingw_CRTStartup();
    }
    Any ideas why it's so different from yours?

    • @stryker2k2
      @stryker2k2  3 роки тому

      Ghidra does an automatic analysis everytime you launch a new program the Ghidra disassembler. Of course Ghidra, in theory, should decompile CrackMe_0x00 the same way everytime on any system. But I've noticed that sometimes when I recompile (green recycle arrows at the top of the decompiler), it changes what it believes is the best translation on the fly.
      Also, there is a possibility that I may have a few extra analysis options selected that you don't that duplicate some of the analysis task.
      With that said, if you look at the CrackMe_0x00's assembly code at 7:20, you'll see that __mingw_CRTStartup is only called once. So you're automatic analysis is probaly more accurate than mine in this case.
      Disassemblers are very good but are not perfect. Reverse Engineering is more of an artform and less of a science.

  • @rajchaturvedi8195
    @rajchaturvedi8195 5 років тому +1

    why is this video and its Part 2 (ua-cam.com/video/Eu9YC1Jq1Do/v-deo.html ) so long? how can I get more manageable bits so I can easily watch them? its just impossible to view this video if this channel keeps on this sloppy method.
    is there any other channel which shows videos about using ghidra to understand binaries in short chunks, like one video per binary or 10 minutes maximum.
    since it seems unlikely that this video get broken up, does somebody have it broken up into small pieces so I can see if its good or just waste of time?

    • @stryker2k2
      @stryker2k2  4 роки тому

      My UA-cam Studio flagged this comment as "Likely Spam"... and I can see why. Nevertheless, I have Approved it because you bring up a really good point.
      There are other Ghidra videos on my channel that are shorter that you can watch and learn from.
      But, it seems that a series of short 5-10 minute videos would be super beneficial to you and others.
      I don't know of any channels that have "Bite-size" Ghidra videos but, thanks to this comment, my channel will soon have a bite-size ghidra series; quite possibly revisiting the CrackMe series as a starting point.
      Until then, Raj, would it help if I put timestamps in the Description so that you can quickly navigate to the individual projects?

    • @deedewald1707
      @deedewald1707 3 роки тому

      @@stryker2k2 Timestamps are chapters with a bookmark, should help !

  • @AmineOnline
    @AmineOnline 3 роки тому +1

    Please I want to tell you that the quality of videos is low and for the seek of tutorials it's better to de the normal design of any software, not the dark chocolate.

    • @stryker2k2
      @stryker2k2  3 роки тому +1

      Thank you for your feedback. This video was one of my first ones and definitely lacked polish.
      Many of my newer video now have that polish. I have upgraded from my Logitech C9200 webcam to a new Sony A6000 and have also changed the resolution so that the text inside of Ghidra is MUCH larger. I have also purchased studio-quality lighting to make it easier to record in the night time!
      UA-cam is not my job. It is a hobby. But it is a hobby that I enjoy and I want to make the highest quality videos I can. I appreciate the feedback!
      Lastly, I have done multiple polls... and dark mode stays. Sorry! But I'm glad to know that there is at least one light-mode lover out there!
      Thanks again!

  • @malte0621
    @malte0621 4 роки тому

    i cracked "CrackMe0x00" in 2 minutes.. (I got almost no knowledge of debugging..) :/

    • @malte0621
      @malte0621 4 роки тому +1

      i used "x64dbg" tho..

    • @malte0621
      @malte0621 4 роки тому

      but i didn't reverse it.. Oops.....

    • @stryker2k2
      @stryker2k2  4 роки тому

      @@malte0621 x64dbg is awesome! So is Noriben, SysInternals, and RegSnapShot. They all make finding the answer super simple!
      Congratulations on solving it! Now, if I may make a suggestion... solve it by using Ghidra 😁

  • @MrDrickjo
    @MrDrickjo Рік тому

    Hey I have email account. and dont have twitter. Can we do zoom I can provide you my email. I notice My decompiler doesn't pop up anymore.

  • @mendaxassange4465
    @mendaxassange4465 5 років тому +3

    Bro No Offense But.. Every time I search RE Tutorial Whatever it's ghidra or not..i got disappointed... because every video ifsabout Like Reversing "Enter Your Password:" C Program.. XD... I Never Seen A Tutorial About Unpacking VMProtect And Something More Complex... Or How a Packer Works And How To Defeat Theme... How Obfuscation Works And How APIMonitor Help TO RE A Malware.... Can You Please Make A Tutorial About It...

    • @stryker2k2
      @stryker2k2  5 років тому +3

      Absolutely! Themida, UPX, and other packers have been a pain in my side at work! I'd love to make a video series on those!
      My next few videos are going to build on what I've done here. So, expect another video on the CrackMe series (0x05 - 0x09), then another video reversing my own crafted malware (maldev.exe)... then after that I'll turn my attention to packers and VM protect.
      Unfortunately, it will not happen as quickly as we all would want it to. But it will happen!

    • @mendaxassange4465
      @mendaxassange4465 5 років тому +2

      @@stryker2k2 It Doesn't Have To Be Quick.. Just Need A Proper Guideline... :)

    • @j_lode
      @j_lode 5 років тому +1

      I second this. I'd like to see SOMEONE, ANYONE do a reverse video on something super complex

  • @dclxviclan
    @dclxviclan Рік тому +1

    Malware 👽

    • @stryker2k2
      @stryker2k2  Рік тому +1

      Yep! Well, no... it is not... but it is always best to assume that everything is malware! Which is why we learn and teach Reverse Engineering! 😊