52455645525345: Difference between revisions

From Chaosdorf Wiki
Tags: mobile edit mobile web edit
No edit summary
 
(33 intermediate revisions by 22 users not shown)
Line 1: Line 1:
{{Project
{{Project
|name=52455645525345
|name=52455645525345
|description=Reverse Engineering Workshop
|description=Reverse Engineering Group
|project category=Meet-Up
|project category=Meet-Up
|location=Chaosdorf
|location=Chaosdorf
Line 8: Line 8:
|people={{U|barbieauglend}}
|people={{U|barbieauglend}}
}}
}}
= ReVeRsE Engineering - Welcome to the page of the reverse engineering group! =
Reverse Engineering is fun! It's like a puzzle and if there is an algorithm out there that can solve this puzzle, it's your brain. =)
I, {{U|barbieauglend}}, would love to take a look at binaries with you and figure out together what the programs do. They are often a lot easier than you might think!
If you want to participate, you will need a laptop (with charger!) and if you have any questions, feel free to contact me under {{mailto|barbieauglend@chaosdorf.de}}.
== Interesting things to look at ==
* [https://www.garykessler.net/library/file_sigs.html File signatures]
* [https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf File Formats]
* [http://archive.hack.lu/2015/Albertini%20-%20Trusting%20files.pdf Moaaarr File Formats]
* [https://pixl.dy.fi/posts/2018-01-22-reverse-engineering-basics-with-radare-fundamentals-and-basics/ Nice good to know before starting RE!]
* Andrea Fioraldi's Bachelor Thesis "Symbolic Execution and Debugging Synchronization" (https://arxiv.org/pdf/2006.16601.pdf)
== Past Events ==
=== Symbolic execution with angr workshop ===
{{Event
{{Event
|Title=52455645525345
|Title=52455645525345
|Description=Reverse Engineering Workshop
|Description=Lazy reversing - angr & symbolic execution workshop
|Type=Workshop
|Type=Workshop
|Date=2018-07-16
|Date=2021-03-24
|Start=18:00
|Start=18:00
|Host=barbieauglend
|Host=barbieauglend
|Location=https://virtual.chaosdorf.space/Hackcenter Virtual Hackcenter
|isRelevant=Yes
|isRelevant=Yes
}}
}}


Symbolic execution is a powerful tool for code verification, bug hunting, and reverse engineering. In this class, we will dive into the concepts of constraint programming and SMT solvers and how binary analysis tools, such as angr, integrate these concepts into their frameworks. It is going to be a very practical class, where we are going to solve various CTF challenges with the goal of visiting different features of angr.
Most CTF players use z3 and angr to save time when solving reverse engineering challenges and that is also the path we are going to take.
If time is available, we will also check manticore and miasm, two other tools with symbolic execution engines with different features!
==== Requirements for the symbolic execution workshop ====
* Be comfortable understanding and writing Python3 code
* Familiarity with x86/x64 assembly
* VMware Workstation or Player (at least version 12) (no VirtualBox)
* At least 40GB of free disk space- At least 8GB of RAM
* A laptop with administrative privileges
==== Goals ====


<br>
* Understand how SMT solvers work
<br>
* Understand how symbolic execution works
<font size="3">ReVeRsE Engineering - Welcome to the page of the reverse engineering group!</font><br>
* Get all the flags!


<br>Reverse Engineering PEs is fun! It's like a puzzle and if there is an algorithm out there that can solve this puzzle, it's your brain =)
==== Materials ====


<br>I, {{U|barbieauglend}}, would love to take a look at binaries with you and figure out together what the programs do. They are often a lot easier than you might think!
* Andrea Fioraldi's Bachelor Thesis "Symbolic Execution and Debugging Synchronization" (https://arxiv.org/pdf/2006.16601.pdf)
* Training materials @ ShaktiCon (https://keybase.pub/barbieauglend/2021_03_Shakti/)


<br>If you want to participate, you will need a laptop (with charger!) with a Windows 7 guest machine. If you don't have it or have problems organizing it, please let me know before the workshop =) We can manage something! And if you have any questions, feel free to contact me under {{mailto|barbieauglend@chaosdorf.de}}!
==== Participants (please register!) ====


== Please read ==
* Zeid
* b3y0nd3r
* {{U|hanemile}}
* Arne
* Count3rmeasure
* Patuti
* harryr
* dobin
* ente (maybe)
* mx
* gabriel
* Peace-Maker
* linse


Requirements:  
=== Reverse Engineering for beginners ===
 
{{Event
|Title=52455645525345
|Description=Reverse Engineering Workshop
|Type=Workshop
|Date=2018-07-16
|Start=18:00
|Host=barbieauglend
|isRelevant=Yes
}}
 
==== Requirements for the RE workshop: ====


- Virtual machine software (VMWare, VirtualBox etc...)
- Virtual machine software (VMWare, VirtualBox etc...)
Line 37: Line 99:
- Microsoft Visual Studio 2008 redistributable package
- Microsoft Visual Studio 2008 redistributable package


Let's dive into the blackhole of compiled code and understand the internals of the software running in our computer. It doesn't matter if you want to fix a broken gadget or save your files (now you know why to backup, right!?) from a ransomware, it is elementary to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.
Let's dive into the black hole of compiled code and understand the internals of the software running on our computer. It doesn't matter if you want to fix a broken gadget or save your files (now you know why to backup, right!?) from ransomware, it is elementary to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.


We are going to try to cover topics like:
We are going to try to cover topics like:
Line 50: Line 112:
* Dynamic Analysis tools and techniques for RE
* Dynamic Analysis tools and techniques for RE


I am going to bring some nice binaries which we can go through together. We are going to explore how static reverse engineering works and how can we use it to understand what a piece of malware does (hopefully!).
I am going to bring some nice binaries which we can go through together. We are going to explore how static reverse engineering works and how can we use it to understand what a piece of malware does (hopefully).
 
==== Participants ====


== Participants (please register!) ==
* {{U|Ilias}}
* {{U|Ilias}}
* {{U|byte}}
* {{U|hanemile}}
* {{U|divado}}
* divado
*{{U|r2co}}
* r2co
 
*ocyphert
== other related things ==
* harryr
 
* [https://www.garykessler.net/library/file_sigs.html File signatures]
* [https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf File Formats]
* [http://archive.hack.lu/2015/Albertini%20-%20Trusting%20files.pdf Moaaarr File Formats]
* [https://pixl.dy.fi/posts/2018-01-22-reverse-engineering-basics-with-radare-fundamentals-and-basics/ Nice good to know before starting RE!]

Latest revision as of 23:59, 24 March 2021

52455645525345 alpha
Ida.png
Reverse Engineering Group
Ort Chaosdorf
Beteiligt barbieauglend


ReVeRsE Engineering - Welcome to the page of the reverse engineering group![edit | edit source]

Reverse Engineering is fun! It's like a puzzle and if there is an algorithm out there that can solve this puzzle, it's your brain. =)

I, barbieauglend, would love to take a look at binaries with you and figure out together what the programs do. They are often a lot easier than you might think!

If you want to participate, you will need a laptop (with charger!) and if you have any questions, feel free to contact me under barbieauglend@chaosdorf.de.


Interesting things to look at[edit | edit source]

Past Events[edit | edit source]

Symbolic execution with angr workshop[edit | edit source]

52455645525345
Lazy reversing - angr & symbolic execution workshop
Art Workshop
Datum 2021-03-24
Start 18:00
Host barbieauglend
Ort https://virtual.chaosdorf.space/Hackcenter Virtual Hackcenter
Relevant? Yes

Symbolic execution is a powerful tool for code verification, bug hunting, and reverse engineering. In this class, we will dive into the concepts of constraint programming and SMT solvers and how binary analysis tools, such as angr, integrate these concepts into their frameworks. It is going to be a very practical class, where we are going to solve various CTF challenges with the goal of visiting different features of angr.

Most CTF players use z3 and angr to save time when solving reverse engineering challenges and that is also the path we are going to take. If time is available, we will also check manticore and miasm, two other tools with symbolic execution engines with different features!

Requirements for the symbolic execution workshop[edit | edit source]

  • Be comfortable understanding and writing Python3 code
  • Familiarity with x86/x64 assembly
  • VMware Workstation or Player (at least version 12) (no VirtualBox)
  • At least 40GB of free disk space- At least 8GB of RAM
  • A laptop with administrative privileges

Goals[edit | edit source]

  • Understand how SMT solvers work
  • Understand how symbolic execution works
  • Get all the flags!

Materials[edit | edit source]

Participants (please register!)[edit | edit source]

  • Zeid
  • b3y0nd3r
  • hanemile
  • Arne
  • Count3rmeasure
  • Patuti
  • harryr
  • dobin
  • ente (maybe)
  • mx
  • gabriel
  • Peace-Maker
  • linse

Reverse Engineering for beginners[edit | edit source]

52455645525345
Reverse Engineering Workshop
Art Workshop
Datum 2018-07-16
Start 18:00
Host barbieauglend
Relevant? Yes

Requirements for the RE workshop:[edit | edit source]

- Virtual machine software (VMWare, VirtualBox etc...) - Windows 7 guest system with IDA Pro (Free 5.0 is acceptable) - Microsoft Visual Studio 2008 redistributable package

Let's dive into the black hole of compiled code and understand the internals of the software running on our computer. It doesn't matter if you want to fix a broken gadget or save your files (now you know why to backup, right!?) from ransomware, it is elementary to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.

We are going to try to cover topics like:

  • Uses for RE
  • The tricks and pitfalls of analyzing compiled code
  • Identifying calling conventions
  • How to navigate x86 assembly using IDA Pro
  • Identifying Control Flows
  • Identifying the Win32 API
  • Using a debugger to aid RE
  • Dynamic Analysis tools and techniques for RE

I am going to bring some nice binaries which we can go through together. We are going to explore how static reverse engineering works and how can we use it to understand what a piece of malware does (hopefully).

Participants[edit | edit source]