Reverse Engineering master0Fnone Class | Episode 1.1: x86 Assembly Demystified
Вставка
- Опубліковано 5 чер 2024
- Trying to break into RE, but feeling overwhelmed? Looking for a better foundational understanding of what you're already practicing? Somewhere in between? This "master0Fnone Class" is for you - no matter where you assess yourself to be, you can learn RE, and it doesn't have to be a slog.
The jeFF0Falltrades master0Fnone Class series is a collection of free online courses made to make learning topics - like reverse engineering - more accessible (and fun) to everyone.
In this first episode, split into multiple parts, we will:
- Walk through the Language Processing System that converts high-level code to assembly code to the machine code read by your processor, and all of the stages in-between (Part 1)
- Introduce several common features of x86/x64 assembly language and conventions (Part 1)
- Walk through a practice program demonstrating several common C programming structures and statements (Part 2)
- Reverse that practice program in Ghidra to practice identifying these structures and instructions (Part 3)
- Challenge you to take what you've learned and get yourself onto the "Wall of Fame" by finding the hidden flag in the included "CrackMe" program! (Whenever You Want!)
CrackMe Challenge Instructions:
- Download the binary from the Project Homepage below, under the "crackme" folder for this episode
- Use whatever tools you wish to try to reverse the hidden flag in the binary
- Submit the flag and the name you wish to appear on the Wall of Fame to this form: forms.gle/XWWqYyeNUkFH8tHMA
- Brag to your friends by showing them your name on the Wall of Fame in the Project Homepage "crackme" folder, and find out how good your relationship with those friends is!
Please leave feedback and questions here as comments, or DM me on Mastodon (social links listed on the channel).
Check the pinned comment for any updates to the content.
Let me know what you would like to see in future videos!
Project Homepage:
github.com/jeFF0Falltrades/Tu...
Resources and References:
- Programming Language Processing System Example: www.tutorialspoint.com/compil...
- x86 Architecture: en.wikibooks.org/wiki/X86_Ass...
- x86 CPU wiki.osdev.org/CPU_Registers_...
- x86 Instruction Listing: en.wikipedia.org/wiki/X86_ins...
- x86 Calling Conventions: en.wikipedia.org/wiki/X86_cal...
- x64 Calling Conventions (MS): learn.microsoft.com/en-us/cpp...
- Functions & Stack Frames in Assembly: en.wikibooks.org/wiki/X86_Dis...
- Stack Functionality in Assembly: www.varonis.com/blog/stack-me...
- Pointers in C/C++: www.geeksforgeeks.org/c-point...
- x86 Assembler/Disassembler Online: defuse.ca/online-x86-assemble...
- Segment Registers & Segmentation: wiki.osdev.org/Segmentation
- Ghidra: github.com/NationalSecurityAg...
- x64dbg: x64dbg.com/
- MSYS2 (for utilizing gcc quickly): www.msys2.org/
Episode 1, Part 1
00:00:00 - Intro
00:03:30 - Important Notes
00:03:39 - Cheat Sheet/Episode Topics Overview
00:08:16 - The Language Processing System
00:21:43 - Loading and Running an Executable File
00:28:37 - Common x86 Registers and Their Usage
00:39:37 - Common x86 Assembly Instructions
00:56:18 - Stack Layout & Operations
01:07:03 - Observing Stack Operations in a Debugger
01:14:54 - Common x86 Calling Conventions
01:18:41 - Part 1 Wrap-Up
Hello, and thanks for joining me for this master0Fnone class!
As usual, I will post edits/updates/corrections to this video here in the pinned comment.
Parts 2 and 3 of this episode will be posted within the next week - Stay tuned!
Enjoy, and let me know what you think.
59:10 "Stacks of money saved from prescription costs"
LMAO! Love the analogy 😂
I find laughing about it helps me briefly stop crying about it 😂😭
Honestly I'm so sorry that there's been only 3 episodes of this masterpiece, but I'm so grateful for those 3 anyway.
Thanks for the content
Another one coming up next month! Slightly different topic but very excited to get the next one going 😁 So, so happy to hear you enjoyed!
@@jeFF0Falltrades I have only nearly finished the first episode but I am stoked that there are more coming. Thank you so much for these videos!
@@christianlijs1346 So happy to hear this!!! I’m working on a second master0Fnone course now and comments like this motivate me so much. Thanks for watching and I hope you enjoy the rest!
@@jeFF0Falltrades I had a feeling it would motivate you or at the very least make you happy, but just know that's exactly how I feel when I come across a video like this! Thank you, and I might just let you know how the other videos go for me.
@@christianlijs1346 Thank you so much!
Thanks for those high quality videos...
Gianbattista! Thank you so much for your kind words and your generosity. I appreciate your support and hope you continue to enjoy my future content!
That is called power of knowledge
❤️
Glad I came across your channel. You make this all seem a lot more approachable than other tutorials.
Thanks so much - I truly hope so…I started doing this for that very reason, and I hope you get something good out of them!
I have never seen that take place in a Golden Corral. Then again, I do not often eat out because I spend all of my money on prescriptions.
Love the content very much so far. Extremely informative, and exactly what I was looking for! Looking forward to the next parts and eventually solving the crackme
How do you do, fellow American?
Lol, thanks so much for watching and so glad you’ve enjoyed so far - hope that keeps up!
Just earned yourself a sub! This was a great video! I’m a computer engineering student really interested in malware analysis and reverse engineering and this series is so helpful!!
Awesome! Thank you so much for the kind words and glad you enjoyed!
I’ve got two more malware analysis videos that I’m working on now - just enjoying some parental leave before recording them - hope you enjoy and thank you so much for being here; and best of luck in your CE journey!
Invaluable goldmine of information.
Thank you so much! I am hoping to record a new vid this upcoming week so I hope you continue to enjoy this series/content!
Hey man, I just wanted to say your channel is an absolute gem regarding RE and it's to be quite honest one of the best resources out here on youtube and I'm really wondering how your channel is not bigger. Keep up great work!
You are too kind, this comment made my day! I’m just happy to have as many that are in this community today :-)
Getting prepped to record another video this month! Hope you enjoy that one as well. Thanks so much for watching.
Had to pause this tonight and tell my daughter to pause her BOTW-session just to come over to read the Linked/Zeldad-lists. :)
😆 Hope she’s as excited as I am for TotK coming in a couple months
@@jeFF0Falltrades In between playing BOTW, reading her Zelda-manga books, writing her own Zelda book and making a Zelda-play for school, and planning what Zelda-related things I need to 3d-print, there may be a spot left to think what is coming in May. :)
This is an amazing video full of important information. Thank you.
Thank you so much! I am so glad you enjoyed and I appreciate the kind words!
Really cozy tutorial, perfect weekend activity!
Glad that I stumbled onto your mastodon which led me here. 🙂
So glad you did too! Thanks so much for watching and hope you continue to enjoy!
Wow, this video is amazing!
Assembly code previously looked like an alien language, this video helped me out so much!
Your efforts at explaining everything in a clear and concise manner are truly appreciated.
Thank you so much for creating this valuable resource!
I can't wait to view the other parts in this series, keep up the great work Jeff!
Martin, thank you so much for the generosity and kind words!
It makes me so happy to hear you’re getting something out of these videos and I hope you continue to enjoy this series and all of the upcoming videos to this channel!
Wow, this tutorial is amazing, and all the time you've put into it thanks a million man.
I found you by your tycoon video and had to put it off to learn first, but it looks cool af aswell.
Thank you again, excited to carry on watching your amazing videos
Thank you so much for the kind words, and I hope you continue to enjoy videos like these! Best of luck in your learning journey.
I feel really good about catching this in the first few hours. I was one of those super-fans that watched your other videos in one sitting :P
Tyler:
1. You are my hero
2. Please do not do this
3. If you do this, at least remember to hydrate and blink every 20-40 mins
Real talk: So glad you’ve enjoyed, and I hope you enjoy the follow-parts coming shortly!
@@jeFF0Falltrades Your RCT video is a friggin masterpiece. I look forward to all the vids you publish in the future.
This couldnt of been timed better! This kind of work fell in my lap, and have no real experience with this ....... Im here for the ride, thanks so much for your efforts!
So glad to hear it! Part 3 (which is the heaviest in terms of assembly reversing) should be up in a few days’ time, and I hope these + that final piece will be able to get you on your way!
Thank you for making these, jeFF!
Your previous videos helped me learn how to patch a couple of old games by myself, and although I'm now somewhat comfortable with reverse-engineering, this first episode still filled in a couple of gaps in my fundamentals that I didn't even know I had. I appreciate your Bob Ross-esque style and all the little jokes you sprinkle in. Who knew that 1h20m of CPU registers and stack operations could be so relaxing?
Thank YOU for watching them and also I respect the heck out of people who take this and successfully use it to go do stuff like game patching/modding/etc - awesome job!
So happy you enjoy, and I hope you enjoy the rest of this episode!
I'm just 1:47 in, but I'M DOWN!! 🙌🙌
LET’S GOOOOO
Hope you enjoy, man! If you can make it through my low-budget, campy intros, you can do anything!
Ill try to get the timme to do the challenge! Thank you for the effort you put in to this video!
Take your time and hope you enjoy the rest of the episode! Thanks so much for the kind words!
simple and effective......❣
most anticipated video ever ♥️
Hope it lives up to the hype 👀
Thanks for watching!
i really appreciate this series man thanks
I really appreciate you! Thanks for watching, and so glad you enjoyed.
Love your videos Bro :)! Thanks for sharing !!
They love you too! Thanks so much for watching and hope you enjoy this and the upcoming parts.
If there is one video series / channel which I wished I could have gone through before the third world War when internet was gone, it was this channel. SUBSCRIBED INSTANTLY. No video have I come across yet on UA-cam which goes in such depth with a suttle narration that things fall in place like Lego blocks from heaven.
Thank you so much and so glad you’ve enjoyed!
Underrated content !!!
Aw, thank you so much! So glad you found your way here!
Thanks man! I can't think this topic was so simple and fun to learn🥰
So glad to hear you say that - It's the exact reason I started this channel: To summarize a lot of the knowledge that I had to dig around for from multiple resources (and make it fun along the way). If you can keep your sense of humor, you can get through most tough things. Thanks so much for watching!
I love this
It loves you too! Thanks for watching and so glad you enjoyed!
@@jeFF0Falltrades You're really good at explaining! I'm not completely new to reverse engineering and still found this incredebly useful!
@@rtzgf67games7 thank you for that feedback - I hear a lot from beginners but not as often from folks who have been in the game for a minute, so I’m glad to hear it was useful to you too.
Great video 👏👏👏
Thank you for watching, Alexandro!
Your channel got recommended to me, im so glad I clicked.
Same here! Hope you enjoyed and continue to!
Very helpful, thank you!
Thank you for watching and so glad to hear it!
Thank you for the great content!
Thank you for watching!
the easiest way for Anyone, and I mean absolutely Anyone, to learn assembly and reverse engineering at the same time, is to write some simple c code snippets, then to debug them.
Thank you so much!!!!
Thanks for watching! Glad you were here 😁
Awesome, thanks
Thanks for watching 🍻
Thank you so much for this!!! I've been looking for a comprehensive way to get into REing, you sir are amazing!
First of all - Fantastic profile picture.
Second: Thanks so much for watching and for the kind words! Comments like this make me so happy. Hope to have more soon!
@@jeFF0Falltrades Hah, thank you! Such a great movie imo. Awesome, I look forward t to them!
Absolutely brilliant video!!!! Thank you so much!!
Thank you for the kind words and for watching! So glad you enjoyed! In the midst of research for a new one soon 😁
@@jeFF0Falltrades I can’t wait to watch it!!! You have made this topic SO much more accessible! 🍻 cheers to you, for giving us all a leg up!!
@@Hacker_Baby So glad to hear it - that’s the reason I started this channel 😁
Tanks a lot man ...great tuto
Thanks for watching!
Thanks, Jefe. I’ll make you proud
You already have
58:23 good god hahahaha
For some reason I started trying to crack the challenge after this video, didn't realize that we are to finish all 3 videos first before tackling the challenge.
No need to finish all 3 before trying, but if it’s new to you, then yes - I’d recommend at least watching the third part where we talk about disassembly. Thanks for watching!
@@jeFF0Falltrades I was really struggling to figure out the logic of the program because of all of the jumps, and wasn't too sure what the flag can even look like.
Should have a better idea of what to do once I watch the next parts of the series! Looking forward to it :D
Massive thanks for producing and posting the videos online!
@@ArielVolovik You’ll get it - Keep persevering and I hope you enjoy the rest!
For some reason, the stack + base pointer and how it's used in calling conventions never clicked for me until this video, and I've written small bits of assembly plenty of times before. The stack and base pointer manipulation just never clicked with me for some reason!
Edit: An interesting thing I noticed about CRACKME is that the compiler made _main use ESP for all stack references, because it doesn't change at all (and because ESP is forced to be aligned to a 16-byte boundary, whereas EBP isn't.)
I’ma be real with you - it wasn’t until I started making vids for this channel that many things with the stack clicked for me 😂 So glad this helped, if even a little bit!
Awesome, great video. What do those hex values in x32dbg between the EIP and instruction columns represent? I assume it is the raw hex values for the instructions ("translated" from the binary?)
Thank you so much, and thanks for watching!
It’s always hard to try to decipher this over text, but I think I know which column you’re talking about haha - From left-to-right in x64dbg, you see the EIP marker, then a hex value representing the address currently pointed to, then the raw hex of the instruction, and then the rendered assembly instruction.
I think you are talking about the 3rd column, in which case - you are 100% correct, it is the hex representation of the opcodes for that instruction. Let me know if you were talking about another column though.
@@jeFF0Falltrades Thanks, in hindsight a screenshot would have probably been more clear, but that was what I was referring to. Wasn't sure how to google that one 😅.
@@luijia Nah it’s all good. Just a limitation of the commenting system here that I have noticed with a few different comments. Thanks again for your kind words and for watching!
❤
🙏
@@jeFF0Falltrades Hi, could you please help me to bypass registry in app that the manufacturer is not existing any more
@@jeFF0Falltrades Hi, could you please help me to bypass the registry of the app that the manufacturer of this software is not existing anymore
It must be really frustrating for your first video to do so well only to have all the following videos struggle to get anywhere close.
I wanted to say that I feel for you. I think the stuff you teach in these is great.
Eh, not really haha - I started this channel knowing it was going to be for pure fun (I used to have another channel where I did the YT grind for a while and it wore me down) and I’m honestly just happy to see people learning from this stuff and having fun with it - whether it’s 10 or 10,000 peeps. I knew the RCT video was going to be special after its first 24 hours and I’m just glad that it’s brought people more understanding through our shared nostalgia in RCT hahaha.
Thanks so much for the kind words and for watching!
Why do 32 bit memory addresses need to be signed? 27:29 I've never heard of a negative memory address
Great question! The addresses themselves aren’t necessarily positive/negative - this limit is more decided by whatever implementation you are using: Some 32-bit implementations still restrict memory allocations above the most significant bit like this due to how the value may be interpreted differently in certain contexts using a signed value.
I mostly mentioned it here as a reminder of why you may see that limitation in place when allocating memory.
can you share your cheatsheet? overview of all theory
It is on the GitHub page for download in the link within the description of this video :-)
Is that dracula theme you are using for vscode?
It’s Robb Owen’s “Synthwave ‘84” and I have yet to find a theme I like more 😁
@@jeFF0Falltrades thank you :)
How did you make your Visual Studio Code to look like that?
It’s a theme called “Synthwave ‘84” by Robb Owen - highly recommend it: You can download it from the VS Code marketplace for free