Reverse Engineering for Beginners: How to Perform Static Analysis on any Piece of Software
ฝัง
- เผยแพร่เมื่อ 2 ส.ค. 2024
- Reverse Engineering 101: How to Perform Static Analysis on any Piece of Software | How to reverse engineer
---------------------------
Learn how to perform static analysis on software with this guide, for beginners, to reverse engineering. This video is perfect for those interested in malware analysis, cyber security, and information technology. Discover key techniques using Cutter, but such techniques can work on any tool, including Ghidra and IDA Pro. Whether you're an IT professional or just intrigued by coding, this video will provide insights into the world of reverse engineering.
--------------------------
Timestamps:
0:00 History of Reverse Engineering
3:40 x86 CPU Architecture
8:29 Register Sets and Data Types
13:31 Decimal, Binary, and Hexidecimal
17:55 Little Endian and Big Endian
21:39 Main Memory (stack)
25:36 Assembly Language x86 Intel
33:02 Dissecting Malware with Static Analysis
54:33 Conclusion
------------------------
Socials:
/ vankperry
Discord: @vipv4
------------------------
Join our community!
/ discord
Some of your introduction, including the development of the bombe is incorrect. The original bombe was developed in the early 1930's by the Polish engineers, who along with their plans and personnel were helped to escape from Poland to the UK before the German invasion at the start of WWII. With these people and plans, Alan Turing and Gordon Welchman developed the system much further at the cryptography centre at Bletchley Park in Buckinghamshire in the UK. Much later, their design for the bombe was given to the US Army and Navy to allow them to build their own systems. The bulk of the German radio traffic in Europe was intercepted by both military Y stations and civilian voluntary interceptors (VI's), who were amateur radio operators skilled in receiving morse code in adverse conditions. All of these intercepted messages were decrypted, translated, analysed and disseminated by the personnel based at Bletchley Park.
@davidblake6889 Thank you for the correction on my history! Pinning this comment for all to see. Grateful to you for taking the time to clarify. This will help me to improve for future videos.
who cares. he is delivering engineering gold. not history
@@adrianpad Bill Gates, the current president of the United States of America, invented the computer in 1966 and founded Apple in 1896.
Who cares about getting the facts right?
@@adrianpad 🤣
Good thing the video is about RE and not for a history test.
Looks like you hit the algorithm, just FYI
Yep
Yep
Yep
Sit down, son, and let The Beard teach you some cryptography.
I love it when I can be part of something
I am a devops engineer and the algos brought me here. This flew way over my head but I thoroughly enjoyed it
I never watched a single reverse engineering video yet the algorithm somehow knew I was interested in this. 🤣 thanks for the video
I was actually trying to find "reverse" connection anydesk. Been watching scambaiters. But I'm also interested in reverse engineering so it was still a win-win. 😀👍
Best approach on explaining assembly I've seen so far, starting with cpu and ram structure. Great job!
Excellent video, bro. The intro was a bit unnecessary but the remaining part of the video was fire and by far the best content on reverse engineering I have seen.
All it took was the title and video length for me to know I had to watch this.
Very much to the point. Loved every second
The effort put into this video is visible and the quality is insane.
Very well presented and explained. Bravo!
I fully expected to be overwhelmed but you broke it down in a digestible way. Thank you.
As a mechanical engineer this is not the type of reverse engineering nor the kind of static analysis I was expecting.
Yeah me too, LOL. I haven't watched the video yet but I doubt "static" will be anything close to the shitstorm we had to study
Been watching your channel and I've just barely realized how slept on you are. Considering the quality of your videos I had thought you already had thousands of subs and much more views. This channel is going to blow up--considering the impending explosion of cybersecurity careers in line with AI/ML advances--its only up from here man!
I haven't done reverse engineering since 2005 when I cracked a USB dongle for my boss!! I was surprised that I was able to do it actually. I was using IDA Pro at the time. Previous to that I disassembled some 8 bit MC6809 code in the 1980's ... Reverse engineering is complex, difficult, and time consuming. Makes you wonder what AI tools will emerge that makes it way simpler.
This is an important video. Cybersecurity is an extremely gatekept industry. Respect for covering things others don't want to
I really enjoy your content! Could we schedule a second session on reverse engineering? I’d love to dive deeper into the details, and if possible, a live demo of a piece of written software would be greatly appreciated. You're doing fantastic work, and I truly value it!
this video will skyrocket...
Man, you're so good, I've always thought of cybersecurity as a whole is complex and hard, don't get me wrong , it still is hard for me 😂, but the way you teach things , the way you explain , I could relate to it even as a complete beginner, keep going mate 🙌, and also the intro of this video is a banger, sick editing, I ain't even lying you're gonna pop off, this video already did pop off, Keep the videos coming, Just wanted to let you know that you're video are super helpful.❤
This is like a full semester course packed into an hour. Well done.
Oh watched it in slomo Play it at a faster speed..
Very good content, worth 4 years of college 👍
That was honestly amazing. I would love a part 2, and 3, and 4.
I have been looking for a decent architecture primer, and here one is. Thank you! Subbed.
The best introduction to RE and assembly I have ever watched. Hands down, you know your stuff and have mastered the art of teaching.
Enjoyed the entire topic and reminder of reverse engineering. Presented VERY well and look forward to part 2. You have a new subscriber to your channel. Thanks.
Wish I had time to dive more into this. My brain is currently consumed by machine learning. Bookmarking for a rainy day.
Can't wait for a part 2
Thanks for taking the time to make this video, Man it was great.(Definitely look forward to any additional videos on this topic) I think it would lead good into buffer overflow explanations for a future video. Js de-obfuscation maybe ? 🎉Just keeping the ideas rolling for yah .
That's a very good idea 🤔
A part 2 would be awesome man, thanks for making this!
I love tech hands down, but for some reason I just don't like cyber security. My interest in it was always very low, but for some reason you've captured my attention. I found myself losing track of time while watching these videos. Thank you my friend. It looks like you've sparked something that I didn't even know was there.
Thanks for the great tutorial!! I really like how you explained the stack with the main function. As a programmer this made a lot of sense and helped me understand something I've been trying to wrap my mind around in lower level programming like Rust
Dude... this is JUST what I needed.
I thought I was going to end up in another TH-cam rabbit hole with no new cybersecurity content that would peak my interest. I almost gave up lol. I just finished watching this video and I have to say I am so happy I found your channel. I love your editing and how you teach your methods. Please keep the amazing content coming. You got a new subscriber. 💪🏻
Brother your channel is criminally undersubscribed
49:08 quick note, In the context of C and C++, a reserve parameter is put in there by whoever designed it so they can later modify it or extend it with other functionality, eg. like in a later version. Same concept but in something unrelated, you see this sometimes in forum threads. An announcement thread is made and sometimes the original poster of that thread would make 1 or 2 extra empty message post below the first so they have space to add extra stuff later if they need.
Thank you!
The idea of a "reserved parameter" in C and C++ isn't typically about leaving parameters empty for future use. Instead, designers sometimes add additional parameters to functions (often with default values) to ensure future compatibility and extend functionality without changing the function's signature in a breaking way.
In C++, this is more commonly handled through method overloading, default parameters, or using variadic templates, rather than reserving parameters.
As for the analogy with forum threads, it's not quite the same. In programming, leaving room for future changes needs careful planning to ensure backward compatibility and maintainability, while reserving posts in forums is a straightforward way to manage content updates.
To sum up, in professional C/C++ development, future-proofing involves careful design patterns rather than just "reserving" parameters.
@@ethicalpap Also about that function - I think the params are retrieved from the stack in the reverse order, so the reserved is 0, and the URL is known - it's some .ico file that's being copied into some .exe
Excellent starting point. Thank you so much for making this! You explain things very clearly.
I know ASM but this was very pleasing to listen to while doing work around the house and general cleaning.
Definitely subscribed to your channel. You’ve got a great format going on your videos. Keep it up, I see 25k+ by the end of the year.
Highly underrated channel, I know you will pop off soon.
please continue this and get into more advance stuff eventually!!
you are great
Definitely would like part 2!
Thanks for dropping the video.
Want part 2 of this.
A dynamic analysis would be great.
you're amazing bro, you answered almost all the questions I had about getting started. Lot's of love from Turkey!!
i admire your work so much, you’re a true inspiration!
Takes me back to my WIndows days.
Thank you for making this video, I hope future RE enthusiasts will see this one, it's gold!
I learned asm by myself a few years ago, and never knew about the lore of big-little endian lol
Hell yea; love ur channel, this what i was looking for. just subbed
Yes please part 2!!
It makes me happy seeing more people interested in RE in general. RE is a skill that's very similar to learning a language. You practice familiarity until you develop fluency. A lot of the regular RE communities are super-quiet with individuals that are very temporary, looking for a quick answer when there is none. It makes it very difficult to hire people, instead forcing companies to search for people who're passionate, and then training them up to speed.
Are there degrees or courses on it?
@@MissionSilo I don't know of any offhand, but i'm sure there are (although I can't personally vouch for their quality, since some could just be money grabs recycling prior-written content). There are, however, different "types" of reverse engineering which warrant different types of approaches towards comprehension... each result in refining your skills differently. So, it's worth considering what your long term goal is so that you can focus on familiarity within the field you're interested in (and discover courses that cater towards those goals).
Generally, though, RE is originally rooted in interoperability, so if you're a good enough developer with the ability to run a debugger to confirm your theories, you get basic algorithmic familiarity for free and can use that as a base to get better. The tools that reverse engineers use and regular engineers use overlap in many ways. Despite this, there's many ways to develop a skill.
@arizvisa yeah there is software RE then hardware?
@@MissionSilo Hardware, Software (Interoperability/IP-theft, Malware, Vulnerabilities)...Each develops different skills. Reversing malware is almost completely different from vulnerability research, but then Interop (in some cases) can be considered part of Vulns. Then there's variations on both of those if you focus on low-level things where it involves Userspace, Kernelspace, etc. These also extend to different platforms/languages which have different patterns for you to recognize (although, they all follow the same basic rules). Some JS deobfuscation can also be considered RE. That's why knowing which field you are actually interested in is important.
@@arizvisa so general engineering for being able to do anything in RE?
Great video. For some reason I don't see a "main" function my file. Please dont stop making videos you are naturally born teacher. Many thanks
This is amazing I’m glad I found your channel
Excellent video brother, I stumbled upon your channel and had to subscribe :)
Gonna have to make another cup of coffee to take in all this information
Great work bro. 👍
Excellent!
Very cool. Thank you.
I would definitely love a part 2
I love it, new Sub! Please make Part 2,3,4 and 100!
This was very informational and well explained. Thanks for this!
Thank yu for sharing. Very informative.
If we wrote right-to-left (best for right-handers with clay tablets so they can see the approaching margin) and used our usual Hindu-Arabic numbers, or instead wrote left-to-right (best for right-handers with ink so they more easily avoid smudging wet ink) and wrote numbers with the smallest place values first, we would all be using Little Endian machines, and multi-byte numbers in hex dumps of any byte multiple units, bit numbering and bitmapped graphics pixel addressing would be rather consistent and intuitive. 😀
Great Video! Keep it up. Subscribed!
Awesome video. Your presentation is excellent, you have some great graphics, and your knowledge is impressive. Could you keep them coming? On a side note, X86 refers to 16-bit and 32-bit processors, not just 32/64-bit processors. It was only in the Pentium and later series processors that they used 32-bit registers. Thus, from a historical point of view, the X86 would be referring to 16-bit and 32-bit processors in this family. Timeline 1978: The original processor used 16-bit registers. In 1982, 80286 used 16-bit registers, and then, in 1985, the processor with a 32-bit register was released.
Thanks! This will be helpful for me as a normie.
Just found your TH-cam very informative, start following you already. Thanks
just beacuase you your low sub count but still you proved you have quality content
Thanks you my brother for more to learn about..
Really thanks for simple the explanation man.
Please create a proper standard for reverse engineering with a proper series and come fast with part 2 brother.
Dude, your channel is like a dream come true, I always wanted to understand reversing because for me it still feels like some magic
Thanks for making this kind of awesome video ,please upload the 2nd part
Looks like a great video glad it got recommended to me, I'm procrastinating like crazy but wana start learning. i saved it watch later please someone remind me
I like the way you explain.
Thanks
This what i find interesting
You are incredible thank you
Great content, very interesting, as we say in France : Merci beaucoup :)
Good content!
Seems like a really interesting video, and if an ARM version is ever made, I will be back to watch the full series, but to be honest, x86 assembler makes me projectile-vomit every time I see it, so for now I am bowing out. I am leaving a like, in the hope it encourages you to do more.
The algorithm has favored you (and me!)
I would very much like a part 2. PLEASE MAKE a PART 2
Thank You
I loved the video! Can we get a part two?
LIked. Subscribed.
make this is playlist please. It was nice, improved my understanding
Yay... 600th subscriber!
Subscribed ✊🏾
Got to support my yaad man brother engineers 🙏🏾💯
AMAZINGGGGGGGGGGG!
10/10
Hey great video. Awesome learning experience.
Can you lay some pointers on how you prepared for the video - i mean the layout of content,
1. what to discuss/explain first and how much to say on what topic then going on to next
2. the scripting balance with facts, teaching, engagement, fun
3. what technology (app, device) you're using.
Thank you!
Absolutely, ping me on one of my socials in the description and I can walk through my process, although it's changed since this video.
I never heard of this guy and he pops up in my feed. The youtube gods are smiling down on you. I'm an expert -- you might need to track your statistics, and maybe gear up to grab your growth spurt audience. Good stuff -- especially for newbies into the fields of programming.
Hey, I appriciate you and this video but I think that you would really benefit from a little bit more of a rigid script as it's kinda natural for us humans to kinda wander and dilly dally which can make the information pretty hard to understand. I get it takes a lot of time and effort so its selfish of me to ask that of you, but I'd personally recommend you try and make a more "combed" video as it makes for a much more engaging and informative video.
Either way cheers, I learned a bit
only Alan Turing and Bombe was from Britan, his machine was based(but only a little actually) on a polish machine "bomba" which is bomb in polish
P.S. The rest of the video is cool btw
P.S.S. Also at the time bombe was made, poland was entirly capitulated so there was no way for it to make anything
@anime_erotika585 grateful thankful for you, to take the time to correct me. Very much appreciated!
I can't tell you the number of times I've been in the middle of some random CTFTime event and realize I've been stuck on the same "easy" rev problem for 8 hours...
You are getting boosted by yhe algorithm 🤓
Algorithm sent me. Subbed
Instant subscription to your channel. I can't remember another instance in which I subscribe from the first video I watch. Thanks for your time doing this bro. MVP
I hope people can apply this knowledge into modding games
It's an Arithmetic/Logic Unit, it performs arithmetic (+, -, *, /, %, etc.) and logic (&, |, ^, etc.) operations
So glad we have some autochthons spreading knowledge
Im using your video for internal training of our team! The animations are great, I would work on delivery. Thanks for this content!
Please correct me if I'm wrong, since it's LE then for the URLDownloadToFile the szURL parameter is the 2nd from the bottom in the stack. Talking about the 48:12 explanation. Loved the video please do more.
Correct! It should have been LE, I used BE which was backwards, but somehow the video still worked out without me noticing the mistake... ty :)
You got the history wrong. The poles were Marian Rejewski, Jerzy Różycki and Henryk Zygalski. Turing built a computer on top of it.
Shame they cut the poles out of the movie.
@@DailyFrankPeter jus as they blamed the cluster feck of operation Market Garden on the Polish general because they did not want to offend the americans who messed it up on the first place
Like, comment, and subscribe folks! Keep the algorithm working as it's supposed to!
Very good video 😊 I can only add that maybe you should make gate release slightly longer, as voice cut is very pronounced. Maybe 300-500ms would help 😉
@@zhexymusic good suggestion!
You have a knack for this. Keep it up!