bsides algiers - reversing win32 applications - yacine hebbal
TRANSCRIPT
![Page 1: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/1.jpg)
1
Reverse engineering
By : Yacine Hebbal
![Page 2: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/2.jpg)
2
What is reverse engineering ?
Reverse engineering is the process of extracting the
knowledge or design blueprints from anything man-made.
![Page 3: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/3.jpg)
3
What is reverse engineering ?
Reverse engineering can be practiced on: mechanical
devices, electronic components, or software programs, and we
will focus on reversing software programs
Reversing applications can be seen as "going backwards
through the development cycle.”
![Page 4: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/4.jpg)
4
What is reverse engineering ?
compiling
decompiling
![Page 5: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/5.jpg)
5
Where do we need it?It is used for
1-Evaluating the level of security that the application
provides
2-Analyzing and eventually defeat various copy protection
schemes (cracking)
3-Locating vulnerabilities in operating systems and other
software
4-Reversing Cryptographic Algorithms
5-Infecting application by viruses or to healing them from
the infection
![Page 6: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/6.jpg)
6
Is it legal ?
It depends on why you are reversing software, it is legal for
education purposes and illegal for stealing password and
private information
![Page 7: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/7.jpg)
7
Terminology
Patching : A technique of modification of a program.
Serial fishing : Finding the correct password for an
application.
Keygenning : Finding the algorithm that generate the
password of an application.
![Page 8: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/8.jpg)
8
So how to do it ?
Software reverse engineering requires a combination of
skills & tools
So to do it we need:
- Tools
- Knowledge
- A working mind , curiosity & the desire to learn
![Page 9: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/9.jpg)
9
So how to do it ?
Tools
1-disassemblers: are programs that let us get the
assembly code from any application such as
![Page 10: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/10.jpg)
10
IDA PRO DISASSEMBLER
![Page 11: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/11.jpg)
11
OLLY
![Page 12: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/12.jpg)
12
So how to do it ?
Tools
2- Debuggers: they are programs that let us execute
assembly code and see the results of any instruction
IDA & Olly are also debuggers
![Page 13: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/13.jpg)
13
So how to do it ?
Tools
3-Hex editors: they show the content of any file
(programs) in hexadecimal format, they allow us
to modify instructions or to get some information
(header information for ex)
Ex: hex workshop
![Page 14: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/14.jpg)
14
HEX WORK SHOP
![Page 15: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/15.jpg)
15
So how to do it ?
Tools
4- Other tools : We need also some other tools like :
- Peid
- ImpRec
- metasploit
- …
![Page 16: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/16.jpg)
16
Let’s make hands dirty !!!!
![Page 17: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/17.jpg)
17
1- Patching applications
Bypassing Authentication
![Page 18: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/18.jpg)
18
2 - Password fishing
Static passwords
![Page 19: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/19.jpg)
19
3 - Password fishing
Dynamic passwords
![Page 20: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/20.jpg)
20
4 - Keygenning
Create keygen
![Page 21: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/21.jpg)
21
Some defense methodes
To protect your application there is many defense methods such as:
Packers
Protectors
Encryption algoritms
…
![Page 22: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/22.jpg)
22
Packers
they compress the application so the constant like text for
example will be changed, and they will be restored after the
execution of the application so we can’t see theme before the
execution
Ex : UPX , Morphine , Aspack , FSG …
![Page 23: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/23.jpg)
23
Protectors
they are small programs fused with the application that
can detect the debugger or the disassembler so they won’t let
us reverse the application
Sometimes we can find a packer and protector in the same
time
EX : YodaEncrypt , ARMprotect …
![Page 24: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/24.jpg)
24
Encryption
Also there are some other techniques like encrypting the
password by using hash functions like MD5, SHA-1 …
![Page 25: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/25.jpg)
25
Buffer overflow vulnerability
Overview ….
![Page 26: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/26.jpg)
26
Buffer overflow vulnerability
Exploitation
![Page 27: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/27.jpg)
27
Links:
http://www.kromcrack.com/
http://tuts4you.com/
http://www.newbiecontest.org
![Page 28: BSides Algiers - Reversing Win32 applications - Yacine Hebbal](https://reader035.vdocument.in/reader035/viewer/2022062313/5586c101d8b42aab718b4694/html5/thumbnails/28.jpg)
28
Thank you
For you attention