Hi everyone! I hope that you enjoy the content we put together for these videos. If you have questions, feel free to reach out to the Instructor on twitter twitter.com/wrongbaud. All of the course details can be found here: hackaday.io/project/172292-introduction-to-reverse-engineering-with-ghidra
35:34 push and pop. If the stack grows down (towards lower and lower memory locations as in your animation, which is correct for the x86 architectures), then PUSHing will DECREASE the stack pointer. POPing will INCREASE the pointer.
When I saw there was all the episodes, I was so happy. I love that there’s so many people interested in this stuff to where there’s PLENTY enough for any person who wants to learn, yet it’s not like even coding is an extremely popular hobby/interest/career among all people
Honestly it seems like finding materials on rev engineering specifically is a lot harder than most other tech topics. Might just have to cave and read that one 1000 page book to hopefully gain a decent understanding
@@Tyler-jd3ex true which is really odd considering it's a vast and fun field. You pretty much have to research it all by yourself with blood and sweat if you have a specific aim in mind. I guess the fact that it's quite easy to get into illegal territories plays a part in how hard finding good material is which is a shame...
@@ant-mf6kl It’s such a niche area. Out of 100 people you won’t find coders really. Out of 100 people it’s likely none of them know assembly… and then even of people who do know it, only so many of them make videos or help others. It’s so difficult! I often just wish I knew somebody who could show me stuff that can be taught quickly but is so hard to figure out yourself. Well if you ever need help I suppose you can try to ask me! 😂
Amazing class. I think I have seen assembly code taught a million times but I FINALLY UNDERSTAND IT PERFECTLY! Wow. Quick question and this may be out of the scope pf your class but I was working on my own files and I have a ton of instructions on my machine considered RAW and it says unknown and the instructions give errors with ?? Question marks. Any idea what this means? Thanks again!
Nice video, one comment - the code in the example at 42 minutes is in error. Due to the lack of ret after the mov rax, 0x02 it will run onto the mov rax, 0x01. I e. No matter if the result of the comparison is true or false you will still end up with 0x01 in rax.
Love your video!😊 i have a question.. currently i am learning some bufferoverflow concepts and using radare2 ...i hear lot about ghidra too should i switch?
Ghidra was developed by the NSA to overcome the limitations present in every other program available for reverse engineering, and limit the number of tools you need to have open at once to do it to 1.
Fun Zelda series fact - Nintendo took kind of an easy out when deciding how to canonize all of the entries in The Legend of Zelda series. They named Link the Hero of Time, and consider the link in each game to be a reincarnation of said Hero of Time. So the most you can say is that he's Hyrulian, as his race changes throughout the series.
I have a 27" 1080p monitor but the examples are of such a small and thin font that I often can not read them even in full screen mode. Not being able to read the examples reduces the value of the video.
The teaching is awesome, but you should consider getting a better microphone (like a large condenser microphone, and not one from a headset... they're never good) and/or not compressing audio that much because it's lacking some frequencies and have lots of hissing, so I have to listen to it pretty loud to be able to understand, which makes it a bit unpleasant to the ears.
Starting from the slide @37:20 to about @40:00 were you using RIP & EIP interchangeably? When you say "mov" - is the value actually _moved_ as in the source register is cleared? Or is the value copied? For example after the instruction mov rax, rbx - what is in rbx? Similar question for popping values off the stack - Does that just increments the stack pointer, and whatever values were in that memory will continue to be in that memory until the stack pointer is decremented again & new values get written?
mov copies the value. So pop register does 2 things. In x86 It looks like mov register, [esp] and then add esp, 4. So mov copies the value. So it remains the same
RIP is 64 bit , EIP is 32 bit (EIP is the half part of RIP) [64 bit register]= RIP or we can say that [32 bit +EIP register] = RIP register , EIP= [32 bit]
Learn the following: 1- Executable files format (PE & ELF) 2- C/C++ Programming 3- Assembly Programming 4- Debugging tools like GDB and WinDBG 5-Debuggers and decompilers like IDA and Ghidra 6- Do reversing CTFs and challenges, crackmes, etc. Good luck
I'm getting error "zsh: exec format error: ./c1" and a quick google led me to some posts suggesting that it's an issue with Apple M1 processors. Is there a workaround? Or an alternate set of exercise files to download?
For most of its life C has been considered a high-level language because it abstracts away the hardware details. The language is machine-independent, you don't have to directly manipulate registers or manage the stack, etc. In recent years people have taken to thinking of C as "low-level" because you *do* have to do more hands-on memory management than with something like Java, and you *can* still get into the guts of the machine if you so choose. But I think "official" definitions (if there are such things) still classify C as a high level language.
I want to learn hacking and reverse engineering .my skills computer tech engineer and with skills html, CSS js only. . please guide me ..I'm from India
I have a question for you when it comes to wanting to crack a game. Do you personally know if there is anyone talented enough in the scene to reverse engineer the game Path of Exile? People say it's one of the worst targets they've ever attempted, with a bunch of abstraction layers and you get perma banned if you even look too long. It's a live server client and the game is free, but people want to make their own private server out of it to be able to play the content the way they want, in a non-profit fashion obviously. Any ideas on how you would go about bypassing the drm on this live service client and getting the source code for people to make their own private server out of it?
Hi everyone! I hope that you enjoy the content we put together for these videos.
If you have questions, feel free to reach out to the Instructor on twitter twitter.com/wrongbaud.
All of the course details can be found here: hackaday.io/project/172292-introduction-to-reverse-engineering-with-ghidra
Motherf get a good Mike.
It's upsetting how clear and concise this lesson is compared to my past training. Amazing series so far!
This video cured my depression and cancer. Thanks 🙏
35:34 push and pop. If the stack grows down (towards lower and lower memory locations as in your animation, which is correct for the x86 architectures), then PUSHing will DECREASE the stack pointer. POPing will INCREASE the pointer.
Good catch! Thank you for pointing that out
When I saw there was all the episodes, I was so happy. I love that there’s so many people interested in this stuff to where there’s PLENTY enough for any person who wants to learn, yet it’s not like even coding is an extremely popular hobby/interest/career among all people
Honestly it seems like finding materials on rev engineering specifically is a lot harder than most other tech topics. Might just have to cave and read that one 1000 page book to hopefully gain a decent understanding
@@ant-mf6kl Yeah seriously! Especially when it comes to specific examples, it is absolutely (nearly) impossible to find a good resource
@@Tyler-jd3ex true which is really odd considering it's a vast and fun field. You pretty much have to research it all by yourself with blood and sweat if you have a specific aim in mind.
I guess the fact that it's quite easy to get into illegal territories plays a part in how hard finding good material is which is a shame...
@@ant-mf6kl It’s such a niche area. Out of 100 people you won’t find coders really. Out of 100 people it’s likely none of them know assembly… and then even of people who do know it, only so many of them make videos or help others. It’s so difficult! I often just wish I knew somebody who could show me stuff that can be taught quickly but is so hard to figure out yourself. Well if you ever need help I suppose you can try to ask me! 😂
A lot of stuff I didn’t know so thanks for the review of everything before diving in 👌
Awesome awesome awesome - this is exactly what I was looking for, in hackaday form. Thanks so kindly!
Amazing class. I think I have seen assembly code taught a million times but I FINALLY UNDERSTAND IT PERFECTLY! Wow. Quick question and this may be out of the scope pf your class but I was working on my own files and I have a ton of instructions on my machine considered RAW and it says unknown and the instructions give errors with ?? Question marks. Any idea what this means? Thanks again!
I love this and I want to see more on this subject. Thank you.
Addicted to learning
Thanks for the content, i'm learning a lot! Any chance we get into PE reversing at some point of this course?
why is the face cam so large? It's hard to see the content on the screen :(
I didnt even notice him before u said it ZLOOL
😂😁
Bruh, I have seen this video so many times and I never noticed bro had a face cam
😂😂😂😂
Very well made content and I thoroughly enjoyed the talk and learned something new
You should make your face-cam smaller, covering the content of the video 😡
Is this sarcasm?
It’s honestly really distracting from the content :/
Ikr, I can't see anything..
@@captainkarma7374 Are you American?
@@EliteBuildingCompany no but my english isnt the best
Nice video, one comment - the code in the example at 42 minutes is in error. Due to the lack of ret after the mov rax, 0x02 it will run onto the mov rax, 0x01.
I e. No matter if the result of the comparison is true or false you will still end up with 0x01 in rax.
Absolutely wonderful content. Thank you so much!
very interesting thanks for. the lesson good. advice
thanks for your effort and time you are awesome (ps: audio quality can be improved even if you are not gonna buy a new microphone)❤❤❤
Love your video!😊 i have a question.. currently i am learning some bufferoverflow concepts and using radare2 ...i hear lot about ghidra too should i switch?
I'm just getting started myself, but I would hands down tell you to load ghidra. You will be glad you did.
Ghidra is much more intuitive, at least if you aren't already fast at re2. Worth trying, at least, since they're both open source.
Ghidra was developed by the NSA to overcome the limitations present in every other program available for reverse engineering, and limit the number of tools you need to have open at once to do it to 1.
Fun Zelda series fact - Nintendo took kind of an easy out when deciding how to canonize all of the entries in The Legend of Zelda series. They named Link the Hero of Time, and consider the link in each game to be a reincarnation of said Hero of Time. So the most you can say is that he's Hyrulian, as his race changes throughout the series.
Very clear excellent 😀
I have a 27" 1080p monitor but the examples are of such a small and thin font that I often can not read them even in full screen mode. Not being able to read the examples reduces the value of the video.
very well taught! thank you.
Thanks for the free content!
thanks
awsm content dear keep it up LOVE FROM BHAARAT (INDIA)
The teaching is awesome, but you should consider getting a better microphone (like a large condenser microphone, and not one from a headset... they're never good) and/or not compressing audio that much because it's lacking some frequencies and have lots of hissing, so I have to listen to it pretty loud to be able to understand, which makes it a bit unpleasant to the ears.
Hello; I am not able to find the main function in Symbol tree, what I should do in such case.
is it required to know C/C++ before i use Ghidra? or can i learn SRE without any coding knowledge? what are your recommendations?
Yes, it’s required to learn C programming for Ghidra. Learning assembly and CPU architecture is required too, if you want to use debugger.
thanks, that was really helpful
Great content! New sub, all bells here Cheer
Really stupid request, but can you post the video for the office hours on youtube? I'm having a lot of trouble with twitch for whatever reason.
Hello! We don't have a video for office hours, it is live only.
@@hackaday :(
I am having an import error while adding a elf file with language xtensa pls help to override it
Great content, greats .) maybe do more in dep on links for they are very important :)
Starting from the slide @37:20 to about @40:00 were you using RIP & EIP interchangeably?
When you say "mov" - is the value actually _moved_ as in the source register is cleared? Or is the value copied? For example after the instruction mov rax, rbx - what is in rbx?
Similar question for popping values off the stack - Does that just increments the stack pointer, and whatever values were in that memory will continue to be in that memory until the stack pointer is decremented again & new values get written?
mov copies the value. So pop register does 2 things. In x86 It looks like
mov register, [esp] and then add esp, 4. So mov copies the value. So it remains the same
RIP is 64 bit , EIP is 32 bit (EIP is the half part of RIP) [64 bit register]= RIP or we can say that [32 bit +EIP register] = RIP register , EIP= [32 bit]
Can this trick will work with wilcome e4. 5 embroidery software for cracking
can you tell me the entire roadmap for learning RE?
Learn the following:
1- Executable files format (PE & ELF)
2- C/C++ Programming
3- Assembly Programming
4- Debugging tools like GDB and WinDBG
5-Debuggers and decompilers like IDA and Ghidra
6- Do reversing CTFs and challenges, crackmes, etc.
Good luck
awesomeeee
Hi I am unable to open the website, please update the website, Thanks
Great video
I passed the whole month to understand this video can you give me a cookie for my hard work :D.
grab some from your browser!
Annoying "sound effects" :) , superb content. Thank you!
I'm getting error "zsh: exec format error: ./c1" and a quick google led me to some posts suggesting that it's an issue with Apple M1 processors. Is there a workaround? Or an alternate set of exercise files to download?
M1 are ARM processor... i suggest you to have vm to emulate x64 instructions set.
Action starts at 56:29
I might be mistaken…but isn’t C more of a ‘low level’ language, and a high level language would be something more like python or even js ?
from an application development perspective - yes
from a systems-level perspective - probably no
For most of its life C has been considered a high-level language because it abstracts away the hardware details. The language is machine-independent, you don't have to directly manipulate registers or manage the stack, etc.
In recent years people have taken to thinking of C as "low-level" because you *do* have to do more hands-on memory management than with something like Java, and you *can* still get into the guts of the machine if you so choose. But I think "official" definitions (if there are such things) still classify C as a high level language.
❤❤❤❤
Hey am new here
Me too, 6 months later 😅
I want to learn hacking and reverse engineering .my skills computer tech engineer and with skills html, CSS js only. . please guide me ..I'm from India
I have a question for you when it comes to wanting to crack a game. Do you personally know if there is anyone talented enough in the scene to reverse engineer the game Path of Exile? People say it's one of the worst targets they've ever attempted, with a bunch of abstraction layers and you get perma banned if you even look too long. It's a live server client and the game is free, but people want to make their own private server out of it to be able to play the content the way they want, in a non-profit fashion obviously. Any ideas on how you would go about bypassing the drm on this live service client and getting the source code for people to make their own private server out of it?
34:40