reverse eng

2025-04-25 18:19:07 -04:00 · 2014-11-20 20:45:07 -05:00 · 2014-11-20 20:45:07 -05:00 · e896d65b84
commit e896d65b84
parent 70265a5a44
2 changed files with 266 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -19,53 +19,68 @@ All in one big bag. For fun, profits, or CTFs.



---- 
+----

 ### Useful Command Line

 #### Searching
- 
- 
+
+
 ```
 grep word f1
- 
+
 sort | uniq -c
- 
+
 diff f1 f2
- 
+
 find -size f1
 ```
- 


- 
+
+
 #### Compressed Files
- 
- 
+
+
 ```
 zcat f1 > f2
- 
+
 gzip -d file
- 
+
 bzip2 -d f1
- 
+
 tar -xvf file
 ```
- 
- 
- 
+
+
+
 #### Connecting to a Server/Port
- 
+
 ```
 echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
- 
+
 openssl s_client -connect localhost:30001 -quiet
- 
+
 nmap -p 31000-32000 localhost
- 
+
 telnet localhost 3000
 ```
- 
+
+
+----
+
+## References:
+
+### Books
+- The Tangled Web
+- The Art of Exploitation
+- The Art of Software Security Assessment:
+- Practical Packet Analysis
+
+### Websites
+- https://ctf.isis.poly.edu
+
+
 ----

 ### License
--- a/Reverse_Engineering/README.md
+++ b/Reverse_Engineering/README.md
@ -1,6 +1,219 @@
 # Reverse Engineering

+* Objective: turn a x86 binary executable back into C source code.
+* Understand how the compiler turns C into assembly code.
+* Low-level OS structures and executable file format.

+---
+##Assembly 101
+
+### Arithmetic Instructions
+
+```
+mov eax,2   ; eax = 2
+mov ebx,3   ; ebx = 3
+add eax,ebx ; eax = eax + ebx
+sub ebx, 2  ; ebx = ebx - 2
+```
+
+### Accessing Memory
+
+```
+mox eax, [1234]     ; eax = *(int*)1234
+mov ebx, 1234       ; ebx = 1234
+mov eax, [ebx]      ; eax = *ebx
+mov [ebx], eax      ; *ebx = eax
+```
+
+### Conditional Branches
+
+```
+cmp eax, 2  ; compare eax with 2
+je label1   ; if(eax==2) goto label1
+ja label2   ; if(eax>2) goto label2
+jb label3   ; if(eax<2) goto label3
+jbe label4  ; if(eax<=2) goto label4
+jne label5  ; if(eax!=2) goto label5
+jmp label6  ; unconditional goto label6
+```
+
+### Function calls
+
+First calling a function:
+
+```
+call func   ; store return address on the stack and jump to func
+```
+The first operations is to save the return pointer:
+```
+pop esi     ; save esi
+```
+
+Right before leaving the function:
+```
+pop esi     ; restore esi
+ret         ; read return address from the stack and jump to it
+```
+---
+
+
+## Modern Compiler Architecture
+
+**C code** --> Parsing --> **Intermediate representation** --> optimization --> **Low-level intermediate representation** --> register allocation --> **x86 assembly**
+
+### High-level Optimizations
+
+
+
+#### Inlining
+
+For example, the function c:
+```
+int foo(int a, int b){
+    return a+b
+}
+c = foo(a, b+1)
+```
+translates to  c = a+b+1
+
+
+#### Loop unrolling
+
+The loop:
+```
+for(i=0; i<2; i++){
+    a[i]=0;
+}
+```
+becomes
+```
+a[0]=0;
+a[1]=0;
+```
+
+#### Loop-invariant code motion
+
+The loop:
+```
+for (i = 0; i < 2; i++) {
+    a[i] = p + q;
+}
+```
+becomes:
+```
+temp = p + q;
+for (i = 0; i < 2; i++) {
+    a[i] = temp;
+}
+```
+
+#### Common subexpression elimination
+
+The variable attributions:
+```
+a = b + (z + 1)
+p = q + (z + 1)
+```
+
+becomes
+````
+temp = z + 1
+a = b + z
+p = q + z
+```
+
+#### Constant folding and propagation
+The assignments:
+```
+a = 3 + 5
+b = a + 1
+func(b)
+```
+
+Becomes:
+```
+func(9)
+```
+
+#### Dead code elimination
+
+Delete unnecessary code:
+```
+a = 1
+if (a < 0) {
+printf(“ERROR!”)
+}
+```
+to
+```
+a = 1
+```
+
+### Low-Level Optimizations
+
+####  Strength reduction
+
+Codes such as:
+```
+y = x * 2
+y = x * 15
+```
+
+Becomes:
+```
+y = x + x
+y = (x << 4) - x
+```
+#### Code block reordering
+
+Codes such as :
+
+```
+if (a < 10) goto l1
+printf(“ERROR”)
+goto label2
+l1:
+    printf(“OK”)
+l2:
+    return;
+```
+Becomes:
+```
+if (a > 10) goto l1
+printf(“OK”)
+l2:
+return
+l1:
+printf(“ERROR”)
+goto l2
+```
+
+
+#### Register allocation
+
+* Memory access is slower than registers.
+* Try to fit as many as local variables as possible in registers.
+* The mapping of local variables to stack  location and registers is not constant.
+
+#### Instruction scheduling
+
+Assembly code like:
+```
+mov eax, [esi]
+add eax, 1
+mov ebx, [edi]
+add ebx, 1
+```
+Becomes:
+```
+mov eax, [esi]
+mov ebx, [edi]
+add eax, 1
+add ebx, 1
+```
+
+
+---
 ## Tools Folder

 - X86 Win32 Cheat sheet
@ -9,7 +222,7 @@
 - Command line tricks


-
+----
 ## Other Tools

 - gdb
@ -27,18 +240,18 @@
 - uncompyle2 (Python)
 - unpackers, hex editors, compilers

-
+---
 ## Encondings/ Binaries
- 
+
 ```
 file f1
- 
+
 ltrace bin
- 
+
 strings f1
- 
+
 base64 -d
- 
+
 xxd -r

 nm
@ -47,17 +260,17 @@ objcopy

 binutils
 ```
- 
- 



+
+---
 ## Online References

 [Reverse Engineering, the Book]: http://beginners.re/


-
+---
 ## IDA

 - Cheat sheet
@ -65,7 +278,7 @@ binutils



-
+---
 ## gdb

 - Commands and cheat sheet
@ -88,8 +301,8 @@ set disassembly-flavor intel
 disas main
 ```

-
-## objdump 
+---
+## objdump

 Display information from object files: Where object file can be an intermediate file
 created during compilation but before linking, or a fully linked executable
@ -98,14 +311,15 @@ created during compilation but before linking, or a fully linked executable
 $ objdump -d  <bin>
 ```

+----
 ## hexdump & xxd

 For canonical hex & ASCII view:
 ```
-$hexdump -C 
+$hexdump -C
 ```
-
-## xxd 
+----
+## xxd
 Make a hexdump or do the reverse:
 ```
 xxd hello > hello.dump