Binary Reverse Engineering for Beginners

Binary reverse engineering is a critical skill in the infosec world, from verifying crypto algorithms to finding and analyzing vulnerabilities and writing exploits. This often requires a balance of experience and intuition that only comes from practice. Our workshop will delve into the dark art of disassembly and provide participants with the tools and techniques required to practice it and develop the perceived "sixth sense" that accompanies expert reverse engineers.

All examples in the workshop will be implemented in 32-bit x86 assembly, and some experience programming in a high-level language is assumed (preferably C/C++). Examples will be performed on the Linux operating system, although many techniques will convey to any platform. It is also assumed that participants understand the legal risks associated with reverse engineering.

Participants must bring a laptop capable of running a Linux virtual machine via VirtualBox or VMWare (Player, Workstation, or Fusion).

Topics

Intro

Intro to the Intel Architecture Overview of the 32-bit instruction set Calling conventions Reversing high-level language constructs from disassembly Lab Exercises

Binary Recon with binutils and debuggers
Binary recon with strings, objdump, ldd and other binutils
How does a debugger work?
gdb usage
Lab Exercises

Disassemblers
What does a disassembler do?  
Intro to IDA Pro - walk through first 3 levels of bomb
Lab Exercises

64-bit Intel (time permitting)
Overview of the 64-bit instruction set

Where to go next?
Language features (C++, etc.)
Structure analysis
What to do if your tools don't work (binwalk!)
Emulation
Symbolic Execution
Semantic analysis, intermediate representation

Presented by