Reverse Engineering for Beginners: How to Perform Static Analysis on any Piece of Software
Вставка
- Опубліковано 31 лип 2024
- Reverse Engineering 101: How to Perform Static Analysis on any Piece of Software | How to reverse engineer
---------------------------
Learn how to perform static analysis on software with this guide, for beginners, to reverse engineering. This video is perfect for those interested in malware analysis, cyber security, and information technology. Discover key techniques using Cutter, but such techniques can work on any tool, including Ghidra and IDA Pro. Whether you're an IT professional or just intrigued by coding, this video will provide insights into the world of reverse engineering.
--------------------------
Timestamps:
0:00 History of Reverse Engineering
3:40 x86 CPU Architecture
8:29 Register Sets and Data Types
13:31 Decimal, Binary, and Hexidecimal
17:55 Little Endian and Big Endian
21:39 Main Memory (stack)
25:36 Assembly Language x86 Intel
33:02 Dissecting Malware with Static Analysis
54:33 Conclusion
------------------------
Socials:
/ vankperry
Discord: @vipv4
------------------------
Join our community!
/ discord
Some of your introduction, including the development of the bombe is incorrect. The original bombe was developed in the early 1930's by the Polish engineers, who along with their plans and personnel were helped to escape from Poland to the UK before the German invasion at the start of WWII. With these people and plans, Alan Turing and Gordon Welchman developed the system much further at the cryptography centre at Bletchley Park in Buckinghamshire in the UK. Much later, their design for the bombe was given to the US Army and Navy to allow them to build their own systems. The bulk of the German radio traffic in Europe was intercepted by both military Y stations and civilian voluntary interceptors (VI's), who were amateur radio operators skilled in receiving morse code in adverse conditions. All of these intercepted messages were decrypted, translated, analysed and disseminated by the personnel based at Bletchley Park.
@davidblake6889 Thank you for the correction on my history! Pinning this comment for all to see. Grateful to you for taking the time to clarify. This will help me to improve for future videos.
who cares. he is delivering engineering gold. not history
@@adrianpad Bill Gates, the current president of the United States of America, invented the computer in 1966 and founded Apple in 1896.
Who cares about getting the facts right?
@@adrianpad 🤣
Good thing the video is about RE and not for a history test.
Looks like you hit the algorithm, just FYI
Yep
Yep
Yep
Sit down, son, and let The Beard teach you some cryptography.
I love it when I can be part of something
I am a devops engineer and the algos brought me here. This flew way over my head but I thoroughly enjoyed it
I never watched a single reverse engineering video yet the algorithm somehow knew I was interested in this. 🤣 thanks for the video
I was actually trying to find "reverse" connection anydesk. Been watching scambaiters. But I'm also interested in reverse engineering so it was still a win-win. 😀👍
I fully expected to be overwhelmed but you broke it down in a digestible way. Thank you.
Best approach on explaining assembly I've seen so far, starting with cpu and ram structure. Great job!
All it took was the title and video length for me to know I had to watch this.
Very much to the point. Loved every second
This is like a full semester course packed into an hour. Well done.
Oh watched it in slomo Play it at a faster speed..
The effort put into this video is visible and the quality is insane.
Very well presented and explained. Bravo!
The best introduction to RE and assembly I have ever watched. Hands down, you know your stuff and have mastered the art of teaching.
Excellent video, bro. The intro was a bit unnecessary but the remaining part of the video was fire and by far the best content on reverse engineering I have seen.
As a mechanical engineer this is not the type of reverse engineering nor the kind of static analysis I was expecting.
Yeah me too, LOL. I haven't watched the video yet but I doubt "static" will be anything close to the shitstorm we had to study
this video will skyrocket...
This is an important video. Cybersecurity is an extremely gatekept industry. Respect for covering things others don't want to
I thought I was going to end up in another UA-cam rabbit hole with no new cybersecurity content that would peak my interest. I almost gave up lol. I just finished watching this video and I have to say I am so happy I found your channel. I love your editing and how you teach your methods. Please keep the amazing content coming. You got a new subscriber. 💪🏻
Been watching your channel and I've just barely realized how slept on you are. Considering the quality of your videos I had thought you already had thousands of subs and much more views. This channel is going to blow up--considering the impending explosion of cybersecurity careers in line with AI/ML advances--its only up from here man!
Dude... this is JUST what I needed.
Great video. For some reason I don't see a "main" function my file. Please dont stop making videos you are naturally born teacher. Many thanks
That was honestly amazing. I would love a part 2, and 3, and 4.
Wish I had time to dive more into this. My brain is currently consumed by machine learning. Bookmarking for a rainy day.
Definitely would like part 2!
I really enjoy your content! Could we schedule a second session on reverse engineering? I’d love to dive deeper into the details, and if possible, a live demo of a piece of written software would be greatly appreciated. You're doing fantastic work, and I truly value it!
Excellent starting point. Thank you so much for making this! You explain things very clearly.
I have been looking for a decent architecture primer, and here one is. Thank you! Subbed.
Thanks for the great tutorial!! I really like how you explained the stack with the main function. As a programmer this made a lot of sense and helped me understand something I've been trying to wrap my mind around in lower level programming like Rust
Can't wait for a part 2
i admire your work so much, you’re a true inspiration!
Man, you're so good, I've always thought of cybersecurity as a whole is complex and hard, don't get me wrong , it still is hard for me 😂, but the way you teach things , the way you explain , I could relate to it even as a complete beginner, keep going mate 🙌, and also the intro of this video is a banger, sick editing, I ain't even lying you're gonna pop off, this video already did pop off, Keep the videos coming, Just wanted to let you know that you're video are super helpful.❤
you're amazing bro, you answered almost all the questions I had about getting started. Lot's of love from Turkey!!
A part 2 would be awesome man, thanks for making this!
I love tech hands down, but for some reason I just don't like cyber security. My interest in it was always very low, but for some reason you've captured my attention. I found myself losing track of time while watching these videos. Thank you my friend. It looks like you've sparked something that I didn't even know was there.
I know ASM but this was very pleasing to listen to while doing work around the house and general cleaning.
Definitely subscribed to your channel. You’ve got a great format going on your videos. Keep it up, I see 25k+ by the end of the year.
Thanks for dropping the video.
Want part 2 of this.
A dynamic analysis would be great.
please continue this and get into more advance stuff eventually!!
you are great
Highly underrated channel, I know you will pop off soon.
Thanks for taking the time to make this video, Man it was great.(Definitely look forward to any additional videos on this topic) I think it would lead good into buffer overflow explanations for a future video. Js de-obfuscation maybe ? 🎉Just keeping the ideas rolling for yah .
That's a very good idea 🤔
Thank you for making this video, I hope future RE enthusiasts will see this one, it's gold!
I learned asm by myself a few years ago, and never knew about the lore of big-little endian lol
This is amazing I’m glad I found your channel
This was very informational and well explained. Thanks for this!
Just found your UA-cam very informative, start following you already. Thanks
I love it, new Sub! Please make Part 2,3,4 and 100!
just beacuase you your low sub count but still you proved you have quality content
Gonna have to make another cup of coffee to take in all this information
Great work bro. 👍
Yay... 600th subscriber!
Excellent video brother, I stumbled upon your channel and had to subscribe :)
Great Video! Keep it up. Subscribed!
49:08 quick note, In the context of C and C++, a reserve parameter is put in there by whoever designed it so they can later modify it or extend it with other functionality, eg. like in a later version. Same concept but in something unrelated, you see this sometimes in forum threads. An announcement thread is made and sometimes the original poster of that thread would make 1 or 2 extra empty message post below the first so they have space to add extra stuff later if they need.
Thank you!
The idea of a "reserved parameter" in C and C++ isn't typically about leaving parameters empty for future use. Instead, designers sometimes add additional parameters to functions (often with default values) to ensure future compatibility and extend functionality without changing the function's signature in a breaking way.
In C++, this is more commonly handled through method overloading, default parameters, or using variadic templates, rather than reserving parameters.
As for the analogy with forum threads, it's not quite the same. In programming, leaving room for future changes needs careful planning to ensure backward compatibility and maintainability, while reserving posts in forums is a straightforward way to manage content updates.
To sum up, in professional C/C++ development, future-proofing involves careful design patterns rather than just "reserving" parameters.
@@ethicalpap Also about that function - I think the params are retrieved from the stack in the reverse order, so the reserved is 0, and the URL is known - it's some .ico file that's being copied into some .exe
Thanks you my brother for more to learn about..
I would definitely love a part 2
Great content, very interesting, as we say in France : Merci beaucoup :)
I like the way you explain.
Thanks
Very cool. Thank you.
Looks like a great video glad it got recommended to me, I'm procrastinating like crazy but wana start learning. i saved it watch later please someone remind me
Excellent!
It makes me happy seeing more people interested in RE in general. RE is a skill that's very similar to learning a language. You practice familiarity until you develop fluency. A lot of the regular RE communities are super-quiet with individuals that are very temporary, looking for a quick answer when there is none. It makes it very difficult to hire people, instead forcing companies to search for people who're passionate, and then training them up to speed.
Are there degrees or courses on it?
@@MissionSilo I don't know of any offhand, but i'm sure there are (although I can't personally vouch for their quality, since some could just be money grabs recycling prior-written content). There are, however, different "types" of reverse engineering which warrant different types of approaches towards comprehension... each result in refining your skills differently. So, it's worth considering what your long term goal is so that you can focus on familiarity within the field you're interested in (and discover courses that cater towards those goals).
Generally, though, RE is originally rooted in interoperability, so if you're a good enough developer with the ability to run a debugger to confirm your theories, you get basic algorithmic familiarity for free and can use that as a base to get better. The tools that reverse engineers use and regular engineers use overlap in many ways. Despite this, there's many ways to develop a skill.
@arizvisa yeah there is software RE then hardware?
@@MissionSilo Hardware, Software (Interoperability/IP-theft, Malware, Vulnerabilities)...Each develops different skills. Reversing malware is almost completely different from vulnerability research, but then Interop (in some cases) can be considered part of Vulns. Then there's variations on both of those if you focus on low-level things where it involves Userspace, Kernelspace, etc. These also extend to different platforms/languages which have different patterns for you to recognize (although, they all follow the same basic rules). Some JS deobfuscation can also be considered RE. That's why knowing which field you are actually interested in is important.
@@arizvisa so general engineering for being able to do anything in RE?
Thanks for making this kind of awesome video ,please upload the 2nd part
Dude, your channel is like a dream come true, I always wanted to understand reversing because for me it still feels like some magic
Really thanks for simple the explanation man.
Please create a proper standard for reverse engineering with a proper series and come fast with part 2 brother.
Brother your channel is criminally undersubscribed
You are incredible thank you
Thanks! This will be helpful for me as a normie.
Good content!
Awesome video. Your presentation is excellent, you have some great graphics, and your knowledge is impressive. Could you keep them coming? On a side note, X86 refers to 16-bit and 32-bit processors, not just 32/64-bit processors. It was only in the Pentium and later series processors that they used 32-bit registers. Thus, from a historical point of view, the X86 would be referring to 16-bit and 32-bit processors in this family. Timeline 1978: The original processor used 16-bit registers. In 1982, 80286 used 16-bit registers, and then, in 1985, the processor with a 32-bit register was released.
I loved the video! Can we get a part two?
Subscribed ✊🏾
LIked. Subscribed.
I would very much like a part 2. PLEASE MAKE a PART 2
Seems like a really interesting video, and if an ARM version is ever made, I will be back to watch the full series, but to be honest, x86 assembler makes me projectile-vomit every time I see it, so for now I am bowing out. I am leaving a like, in the hope it encourages you to do more.
The algorithm has favored you (and me!)
This what i find interesting
AMAZINGGGGGGGGGGG!
If we wrote right-to-left (best for right-handers with clay tablets so they can see the approaching margin) and used our usual Hindu-Arabic numbers, or instead wrote left-to-right (best for right-handers with ink so they more easily avoid smudging wet ink) and wrote numbers with the smallest place values first, we would all be using Little Endian machines, and multi-byte numbers in hex dumps of any byte multiple units, bit numbering and bitmapped graphics pixel addressing would be rather consistent and intuitive. 😀
make this is playlist please. It was nice, improved my understanding
Thank You
You are getting boosted by yhe algorithm 🤓
Liked ✅
Commented ✅
Subscribed ✅
Part 2 .........loading
Got to support my yaad man brother engineers 🙏🏾💯
Instant subscription to your channel. I can't remember another instance in which I subscribe from the first video I watch. Thanks for your time doing this bro. MVP
You got the history wrong. The poles were Marian Rejewski, Jerzy Różycki and Henryk Zygalski. Turing built a computer on top of it.
Shame they cut the poles out of the movie.
@@DailyFrankPeter jus as they blamed the cluster feck of operation Market Garden on the Polish general because they did not want to offend the americans who messed it up on the first place
Algorithm sent me. Subbed
You have a knack for this. Keep it up!
This is a really good informative video! Nice work!
I hope people can apply this knowledge into modding games
Like, comment, and subscribe folks! Keep the algorithm working as it's supposed to!
Hey great video. Awesome learning experience.
Can you lay some pointers on how you prepared for the video - i mean the layout of content,
1. what to discuss/explain first and how much to say on what topic then going on to next
2. the scripting balance with facts, teaching, engagement, fun
3. what technology (app, device) you're using.
Thank you!
Absolutely, ping me on one of my socials in the description and I can walk through my process, although it's changed since this video.
This is so beyond me but I love the geeky nerdery of it. :)
10/10
I can't tell you the number of times I've been in the middle of some random CTFTime event and realize I've been stuck on the same "easy" rev problem for 8 hours...
Im using your video for internal training of our team! The animations are great, I would work on delivery. Thanks for this content!
The UA-cam recommendations algo working as it should, finally. Amazing content ❤
It's an Arithmetic/Logic Unit, it performs arithmetic (+, -, *, /, %, etc.) and logic (&, |, ^, etc.) operations
Wow I was recommended a video on an advanced computer topic thats not 8 minutes, but actually seems long enough to warrant such a theme? Nice! Im only a couple minutes in, but seems like its off to a great start.
Hey, I appriciate you and this video but I think that you would really benefit from a little bit more of a rigid script as it's kinda natural for us humans to kinda wander and dilly dally which can make the information pretty hard to understand. I get it takes a lot of time and effort so its selfish of me to ask that of you, but I'd personally recommend you try and make a more "combed" video as it makes for a much more engaging and informative video.
Either way cheers, I learned a bit
only Alan Turing and Bombe was from Britan, his machine was based(but only a little actually) on a polish machine "bomba" which is bomb in polish
P.S. The rest of the video is cool btw
P.S.S. Also at the time bombe was made, poland was entirly capitulated so there was no way for it to make anything
@anime_erotika585 grateful thankful for you, to take the time to correct me. Very much appreciated!
Here are the highlights from the video "Reverse Engineering for Beginners: How to Perform Static Analysis on any Piece of Software" along with suggested improvements for each section:
### Highlights and Suggested Improvements
1. **Introduction to Reverse Engineering**
- **Highlight**: The video starts by explaining what reverse engineering is and its importance in understanding and recreating software.
- **Improvement**: Include a brief overview of the ethical and legal considerations involved in reverse engineering to provide viewers with a comprehensive understanding of the practice.
2. **Static Analysis Basics**
- **Highlight**: Introduction to static analysis and its role in reverse engineering, including looking at assembly code and understanding how a program works without executing it.
- **Improvement**: Provide a more detailed explanation of the differences between static and dynamic analysis, and when to use each method effectively.
3. **Tools and Setup**
- **Highlight**: The video mentions using Cutter as a disassembler and debugger for static analysis.
- **Improvement**: Offer a comparison of different tools available for static analysis (e.g., IDA Pro, Ghidra, Radare2) and explain the pros and cons of each, helping viewers choose the best tool for their needs.
4. **Example Analysis**
- **Highlight**: Walkthrough of a specific example, showing how to analyze assembly code, understand function calls, and identify important instructions.
- **Improvement**: Use multiple examples of varying complexity to show how different types of software and malware can be approached. This can help viewers understand the broader applicability of the techniques discussed.
5. **Combining Static and Dynamic Analysis**
- **Highlight**: Brief mention of combining static analysis with dynamic analysis to get a complete picture of how the software operates.
- **Improvement**: Provide a detailed example of how to integrate dynamic analysis tools (e.g., using a debugger to monitor runtime behavior) and explain how this combined approach can help uncover more details about the software.
6. **Decompilation**
- **Highlight**: Discussion on using decompilers to convert assembly code back into higher-level code for easier understanding.
- **Improvement**: Explain the limitations and challenges of decompilation, such as issues with obfuscation or incomplete decompilation, and offer tips on how to deal with these challenges.
7. **Practical Applications**
- **Highlight**: Mention of practical applications like malware analysis, bug bounty hunting, and understanding proprietary software.
- **Improvement**: Include real-world case studies or success stories to illustrate how reverse engineering has been effectively used in these areas, providing concrete examples of its benefits.
8. **Avoiding Common Pitfalls**
- **Highlight**: The video briefly touches on avoiding certain common mistakes in reverse engineering.
- **Improvement**: Expand this section to include a comprehensive list of common pitfalls and detailed strategies for avoiding them, ensuring that beginners can navigate the process more smoothly.
9. **Continued Learning and Resources**
- **Highlight**: Encouragement to continue learning and exploring the field of reverse engineering.
- **Improvement**: Provide a list of recommended books, courses, forums, and online resources where viewers can deepen their knowledge and connect with the reverse engineering community.
10. **Interactive Elements**
- **Highlight**: Engaging and clear presentation style that makes complex topics accessible.
- **Improvement**: Incorporate interactive elements such as quizzes, hands-on exercises, and downloadable sample code to reinforce learning and provide practical experience.
By incorporating these improvements, the video can offer a more comprehensive, practical, and user-friendly guide to reverse engineering, catering to both beginners and those looking to deepen their expertise.
So glad we have some autochthons spreading knowledge
The bombe bit was very funny. Worth a sub just for your sense of humour 😂
do you have any advice on reverse engineering a 16-bit program for ms-dos that uses overlays?
pap hitting my fyp
Very good video 😊 I can only add that maybe you should make gate release slightly longer, as voice cut is very pronounced. Maybe 300-500ms would help 😉
@@zhexymusic good suggestion!