Editing 52455645525345

From Chaosdorf Wiki
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 9: Line 9:
}}
}}


= ReVeRsE Engineering - Welcome to the page of the reverse engineering group! =
== ReVeRsE Engineering - Welcome to the page of the reverse engineering group! ==


Reverse Engineering is fun! It's like a puzzle and if there is an algorithm out there that can solve this puzzle, it's your brain. =)  
Reverse Engineering is fun! It's like a puzzle and if there is an algorithm out there that can solve this puzzle, it's your brain. =)  
Line 17: Line 17:
If you want to participate, you will need a laptop (with charger!) and if you have any questions, feel free to contact me under {{mailto|barbieauglend@chaosdorf.de}}.
If you want to participate, you will need a laptop (with charger!) and if you have any questions, feel free to contact me under {{mailto|barbieauglend@chaosdorf.de}}.


 
== Next event: Symbolic execution with angr workshop ==
== Interesting things to look at ==
 
* [https://www.garykessler.net/library/file_sigs.html File signatures]
* [https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf File Formats]
* [http://archive.hack.lu/2015/Albertini%20-%20Trusting%20files.pdf Moaaarr File Formats]
* [https://pixl.dy.fi/posts/2018-01-22-reverse-engineering-basics-with-radare-fundamentals-and-basics/ Nice good to know before starting RE!]
* Andrea Fioraldi's Bachelor Thesis "Symbolic Execution and Debugging Synchronization" (https://arxiv.org/pdf/2006.16601.pdf)
 
== Past Events ==
 
=== Symbolic execution with angr workshop ===


{{Event
{{Event
Line 36: Line 25:
|Date=2021-03-24
|Date=2021-03-24
|Start=18:00
|Start=18:00
|End=21:00
|Duration=3
|Speaker=barbieauglend
|Host=barbieauglend
|Host=barbieauglend
|Location=https://virtual.chaosdorf.space/Hackcenter Virtual Hackcenter
|Location=https://virtual.chaosdorf.space/Hackcenter Virtual Hackcenter
Line 41: Line 33:
}}
}}


Symbolic execution is a powerful tool for code verification, bug hunting, and reverse engineering. In this class, we will dive into the concepts of constraint programming and SMT solvers and how binary analysis tools, such as angr, integrate these concepts into their frameworks. It is going to be a very practical class, where we are going to solve various CTF challenges with the goal of visiting different features of angr.  
Symbolic execution is a powerful tool for code verification, bug hunting and reverse engineering. In this class, we will dive into the concepts of constraint programming and SMT solvers and how binary analysis tools, such as angr, integrate these concepts into their frameworks. It is going to be a very practical class, where we are going to solve various CTF challenges with the goal of visiting different features of angr.  


Most CTF players use z3 and angr to save time when solving reverse engineering challenges and that is also the path we are going to take.  
Most of CTF players use z3 and angr to save time when solving reverse engineering challenge and that is also the path we are going to take.  
If time is available, we will also check manticore and miasm, two other tools with symbolic execution engines with different features!
If time is available, we will also check manticore and miasm, two other tools with symbolic execution engines with different features!


==== Requirements for the symbolic execution workshop ====
=== Requirements for the symbolic execution workshop ===


* Be comfortable understanding and writing Python3 code
* Be comfortable understanding and writing Python3 code
Line 54: Line 46:
* A laptop with administrative privileges
* A laptop with administrative privileges


==== Goals ====
=== Goals ===


* Understand how SMT solvers work
* Understand how SMT solvers work
Line 60: Line 52:
* Get all the flags!
* Get all the flags!


==== Materials ====
=== Materials ===


* Andrea Fioraldi's Bachelor Thesis "Symbolic Execution and Debugging Synchronization" (https://arxiv.org/pdf/2006.16601.pdf)
* Andrea Fioraldi's Bachelor Thesis "Symbolic Execution and Debugging Synchronization" (https://arxiv.org/pdf/2006.16601.pdf)
* Training materials @ ShaktiCon (https://keybase.pub/barbieauglend/2021_03_Shakti/)
* Training materials @ ShaktiCTF (https://keybase.pub/barbieauglend/2021_03_Shakti/)


==== Participants (please register!) ====
== Participants (please register!) ==


* Zeid
* b3y0nd3r
* {{U|hanemile}}
* {{U|hanemile}}
* Arne
* Count3rmeasure
* Patuti
* harryr
* dobin
* ente (maybe)
* mx
* gabriel
* Peace-Maker
* linse


=== Reverse Engineering for beginners ===
== Other related things ==
 
* [https://www.garykessler.net/library/file_sigs.html File signatures]
* [https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf File Formats]
* [http://archive.hack.lu/2015/Albertini%20-%20Trusting%20files.pdf Moaaarr File Formats]
* [https://pixl.dy.fi/posts/2018-01-22-reverse-engineering-basics-with-radare-fundamentals-and-basics/ Nice good to know before starting RE!]
 
 
== Archive ==


{{Event
{{Event
Line 93: Line 81:
}}
}}


==== Requirements for the RE workshop: ====
Requirements for the RE workshop:  


- Virtual machine software (VMWare, VirtualBox etc...)
- Virtual machine software (VMWare, VirtualBox etc...)
Line 99: Line 87:
- Microsoft Visual Studio 2008 redistributable package
- Microsoft Visual Studio 2008 redistributable package


Let's dive into the black hole of compiled code and understand the internals of the software running on our computer. It doesn't matter if you want to fix a broken gadget or save your files (now you know why to backup, right!?) from ransomware, it is elementary to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.
Let's dive into the blackhole of compiled code and understand the internals of the software running in our computer. It doesn't matter if you want to fix a broken gadget or save your files (now you know why to backup, right!?) from a ransomware, it is elementary to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.


We are going to try to cover topics like:
We are going to try to cover topics like:
Line 114: Line 102:
I am going to bring some nice binaries which we can go through together. We are going to explore how static reverse engineering works and how can we use it to understand what a piece of malware does (hopefully).
I am going to bring some nice binaries which we can go through together. We are going to explore how static reverse engineering works and how can we use it to understand what a piece of malware does (hopefully).


==== Participants ====
Participants (please register!)


* {{U|Ilias}}
* {{U|Ilias}}
Please note that all contributions to Chaosdorf Wiki are considered to be released under the Attribution 3.0 Unported (see Chaosdorf Wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://wiki.chaosdorf.de/52455645525345"