Reverse engineering enhances the understanding of both programming thought and skills. This video is easy to follow, and the main techniques of reverse engineering are shown clearly, which makes me want to decompile a small interesting program to analyze it.
read the book Code by Charles Petzold. You will understand how the CPU and assembler works even if you are a total noob. After that you will automatically understand how programming languages work, reverse engineering too and so on.
I prefer ollydbg 2.01 or x64dbg for 64 bit, ghidra makes really easy the reverse process, can get a source code... I prefer analyze asm instructions one by one for understand fully process but this isn't the best stategy.. one by one can take you a lot of time i use call stack window for locate specific part i want to analyze!
Wow that was probably one of the best descriptive reverse engineering videos I've seen to date. Your method of explaining and showcasing each step in each function is fantastic and even explaining how to identify when disassemblers/decompilers mess up and how to fix them. Bravo. I'm upset that I waited this long to actually start watching these videos.
Just gotta learn GDB, Radare, OllyDBG for Windows, and assembly. And even then the assembly is the part that while takes the longest isn't too bad once you get used to it.
Very interesting and complete video, first time I watch a reversing engineering video and I love the way you investigate and explain what you do. It's the first video of your channel I see and I love it. Keep going !
I am currently doing my bachelor in Computer Science and didn't know this reverse engineering even existed! Very cool and very nicely explained. Showing the keyboard output is also a nice addition of you! Thanks :)
That was very insightful! I'm a software developer/architect for 17 years now and I must say that you have a very nice way to tell details and to guide your audience. thank you very much! for the follow up video I would like to see the "physical" impact of the malware, like show the registry-key or the installation folder to make it more understandable for non-developers.
I have a few questions. I've done vb coding for years, but more as a supplement to my other work loads, I'm not a full blown dev. First, what was so hard about spotting the kill switch? There must have been a lot of the best devs looking at this code globally for 4 days, the guy who killed it even did that on accident. Secondly, and I'm not advocating for better viruses, but would a kill switch that the owner had exclusive controle over not be possible? They went to great lengths coding this but left the kill switch free for anyone to use.
I don't really know what's going on because Im noob but these videos are cool, this is the best and practical approach I've seen I think, loving it and subbed immadietely, good commentary, step by step. Waiting for more.
first time i watched this about 2 year ago and i was a simple java programer now i am a c/c++ programming working at a hardware developing company and i just watched this again that was awesome , i finally understood what was u talking about , i am always checking u tube for part 2 please upload it i am tried :)
starshipeleven presumably you download the sample from within the VM, then disable the Ethernet adapter that gives the VM Internet access to prevent worms from going through the connection.
Just something that scares me : They are easy accessible websites to download loads of virus to try antivirus and understanding how they work ? I hope they tell the user several warnings before sending the file
I came across your channel shortly after downloading Ghidra. I appreciate how you clearly detail your train of thought in each video. I hope to see more!
Nice tutorials man! Maybe some basics for reverse engineering video's in Ghidra would be great as well! Like explaining how the system works and what each action truly means :). But it's great :) Can't wait for the next one.
Interesting and good video. Reverse engineering and programming isn't really my thing and a lot of it is going over my head. But it's an interesting and informative video none the less. Waiting to see part 2!
Really well done video. I think you should keep this series in this format. Personally I like the pacing of the video, and wouldn't want it slower, or faster.
Amazing video, very good to follow and it helped me a lot with some frustrating 'features' in Ghidra. I found I was using the disassembler window more than the decompilation window because of weird decompilation results - you helped me understand getting better decompilation results by adjusting Ghidra's interpretation of some code. Thanks!
@@stacksmashing greaat tut, can please explain if possible im chrome devtools save the changes i make in offline? i want change a pwa web worker app that works online and offline but the changes i made nolt save when i restart the app, exist any trick to save?if i not save i only get the cache of pwa app and not possible open and edit i think, thanks
Reading the WannaCry warning, the creaters were real lads, providing multiple languages, information about BitCoin and a contact method. They just sound incredibly kind.
Kind, maybe not, but they were reasonable. Do as we ask and we promise all will be well. And see we have written in clear language what we want you to understand. Give us the money and have a nice day 😊
@@kahlzun Investigations show that this was most likely an attack by the North-Korean Government-Controlled Lazarus hacking group to fund nuclear programs and Fatass Jong Un's Sanction-Bypassing Goldschlager run. Eh, probably not Goldschlager. The fatass is probably going for something more expensive.
I honestly didn't understand a single thing but I still appreciate the video, so thanks for sharing this. I wonder who was behind the attack. It pisses me off there was nothing I could do to help when it happened to my relatives.
@@fatfr0g570 they formally asserted its origin as North Korea, the only 2 instruction pages not machine translated were english and chinese. more interestingly, the developers computers had Korean font families installed and build stamps indicated their timezone.
@@Slenderman63323 Nahh, things are constantly changing which keeps it interesting. Unless you dont know what youre doing or looking at then yeah, I could see it getting "old fast"
Wow... as difficult as all this sounds, I'm a new security enthusiast, so I'm still learning. I was able to understand and somewhat follow what you were doing. kudus.
Very good video. Thanks for this video. That flowchart was helpful too. I have never seen reverse engineering in practice, this was very interesting. Very similar to debugging programs only here we don't have symbol information and have to create our own symbols, but it seems this Ghidhra tool makes things a lot convenient. Whoever wrote this malware must have very good knowledge of Windows API, maybe even about Windows kernel.
Would love to see a tutorial on TP-Link router firmware RE or firmware with similar architecture, reverse engineering and rebuild of the firmware. Love your videos so far.
Si entendiera inglés y lo que haces me encantaría seguir lo que haces. Mis ojos se quedaron atrapados cuando vi este video al parecer lo había visto antes y no comenté. .Mis respetos hombre.
This is very interessting! Can't wait for part 2. Have discovered these malwares before, but fortunately it was on a computer with no important stuff on it. One question, are you really using mac osx or is this linux with mac os x skin ??
Great work and love what you did to show us how to reengineer a malware program like wanna cry I am in discord and on htb trying everything I can do to learn this so thank you and this is very helpful
I am looking forward to the next video. (Should you encrypt the copy of Wannacry on your website using the AES key in your previous video? That would protect script kiddies from themselves and create a nice easter egg/crackme challenge?)
Reminds me when I reverse engineered a program that communicated with certain peripherals to try to understand how that obscure peripheral worked. No information online except for the program itself at hand.
The video is excellent, I understood most of it with some rudimentary background in programming. I would suggest that after you finish uploading all the videos running through the code, that you upload a 5-10 minute video with just a recap of what you learned and maybe a description of the overall workflow and your thoughts. I think that one would be a lot better for the rest of the 95% of watchers.
Thanks to solo learn the C++ and the python course I understand the basic functions. I just need to finish the modules for both and I'll be able to understand this a lot better
Reverse engineering enhances the understanding of both programming thought and skills. This video is easy to follow, and the main techniques of reverse engineering are shown clearly, which makes me want to decompile a small interesting program to analyze it.
安笑生 yeah we can learn programming from reverse engineering stuffs
你好同志
lol
@@wanderingpalace 安笑生
@@wanderingpalace i love xi jinping's huge cawk
@@wanderingpalace no you absolutely can't
I'm a vegetable that doesn't understand anything but this was an interesting video
@@ayylmaoglow
takes one to know one! unless you're a reptilian
read the book Code by Charles Petzold. You will understand how the CPU and assembler works even if you are a total noob. After that you will automatically understand how programming languages work, reverse engineering too and so on.
@Rajath Pai trust me. Petzold is a guru
@@ThisDaveAndThatJohn code by charles petzold?
Ok BOOMER
"Microsoft security center (2.0) sevice" LMAO
Looks like Ghidra is a very good renaming tool!
I prefer ollydbg 2.01 or x64dbg for 64 bit, ghidra makes really easy the reverse process, can get a source code... I prefer analyze asm instructions one by one for understand fully process but this isn't the best stategy.. one by one can take you a lot of time i use call stack window for locate specific part i want to analyze!
@@vladysmaximov6156 keep us posted mate
@@vladysmaximov6156 weird flex but ok
@@vladysmaximov6156 I tried out ghidra and improved my performance like 10 times (mainly due to being shit in reading asm fast).
@@vladysmaximov6156 You absolute pleb. Version 1.10 or GTFO.
Wow that was probably one of the best descriptive reverse engineering videos I've seen to date. Your method of explaining and showcasing each step in each function is fantastic and even explaining how to identify when disassemblers/decompilers mess up and how to fix them.
Bravo. I'm upset that I waited this long to actually start watching these videos.
Fully agree, amazing video! Simple step by step explanation is excellent!
I didn't understand anything of what you did, but the casualness of explaining something so exoticly complicated drew me in.
Ghidra ninja:The function is very simple
Me:
Love this! Please create a series of Reverse Engineering Basics!
Yes
Just gotta learn GDB, Radare, OllyDBG for Windows, and assembly. And even then the assembly is the part that while takes the longest isn't too bad once you get used to it.
Oh and IDA / Binary Ninja are good too.
I understood everything except for the renaming parts. Meaning i did not understand a thing. Cool vid tho, you've earned a sub!
You know too many things. You explain it too casually like it's food lmao.
This guy be like:
Ok, let me present you my house.
hijacking this to say WE NEED PART 2
Inserts his too powerful(smart) to be kept alive meme*
looks pretty standard to me
Plot twist: he is the hacker who made wanna cry
marv b first 20 minutes is really basic stuff. Its just general reversing and assigning names
This was SUPER interesting and well made, please continue! You left us on a cliffhanger!
Very interesting and complete video, first time I watch a reversing engineering video and I love the way you investigate and explain what you do. It's the first video of your channel I see and I love it. Keep going !
Just wow. Impressive job! I hope you are employed by one of the major tech/AV companies.
I am just happy that there are people out there who understand stuff like this! 😅
First time RUclips recommended me something amazing. 😀
I am currently doing my bachelor in Computer Science and didn't know this reverse engineering even existed!
Very cool and very nicely explained. Showing the keyboard output is also a nice addition of you! Thanks :)
RubenCO what language is this in?
@@elijahburnham7882 The left side of Ghidra is x86 Assembly and the right side is C.
@@Slenderman63323you need low level knowledge to be able to do stuff like this since the c code that is outputed is very low level
Subbed instantly.Cant wait for another episodes.
That was very insightful! I'm a software developer/architect for 17 years now and I must say that you have a very nice way to tell details and to guide your audience. thank you very much!
for the follow up video I would like to see the "physical" impact of the malware, like show the registry-key or the installation folder to make it more understandable for non-developers.
I have a few questions. I've done vb coding for years, but more as a supplement to my other work loads, I'm not a full blown dev.
First, what was so hard about spotting the kill switch? There must have been a lot of the best devs looking at this code globally for 4 days, the guy who killed it even did that on accident.
Secondly, and I'm not advocating for better viruses, but would a kill switch that the owner had exclusive controle over not be possible? They went to great lengths coding this but left the kill switch free for anyone to use.
I'm so happy that RUclips recommended this video to me. Keep up the good work! Waiting for part 2..
Hopefully tomorrow :) life has been busy
I don't really know what's going on because Im noob but these videos are cool, this is the best and practical approach I've seen I think, loving it and subbed immadietely, good commentary, step by step. Waiting for more.
first time i watched this about 2 year ago and i was a simple java programer
now i am a c/c++ programming working at a hardware developing company and i just watched this again
that was awesome , i finally understood what was u talking about , i am always checking u tube for part 2 please upload it i am tried :)
RUclips algo has done it again. Could understand probably 1% of what was talked about, but it seemed very interesting. Subscribed!
Fantastic Video, I hope to see more both on wannacry and other things soon. As an embedded SW guy looking to get into RE this was great.
Looks good want to see the following episode. Reverse engineering seems pretty fun.
everyone: try not downloading files from entrusted places!!!
Ghidra: let's unpack the malware !
@starshipeleven He could use a VM.
What is an entrusted place?
starshipeleven presumably you download the sample from within the VM, then disable the Ethernet adapter that gives the VM Internet access to prevent worms from going through the connection.
starshipeleven forgot about that option, thanks for reminding me.
Just something that scares me :
They are easy accessible websites to download loads of virus to try antivirus and understanding how they work ?
I hope they tell the user several warnings before sending the file
I came across your channel shortly after downloading Ghidra. I appreciate how you clearly detail your train of thought in each video. I hope to see more!
Wow this is very impressive! Great job & keep going :)
WannaCry: exists
Ghidra: im about to end this mans whole carrer
what the H E C C is a carrer
@@xyphoes345 it's a carrer
@@glowingone1774 isnt it meant to be a *career* tho
@@xyphoes345 no this is much different.
but wannacry isnt a man
subbed, 22 minutes passed like a breeze
Abra, Kadabra, Alakazam,
You now possess a new subscriber,
Simsalabam.
Nice tutorials man! Maybe some basics for reverse engineering video's in Ghidra would be great as well! Like explaining how the system works and what each action truly means :). But it's great :) Can't wait for the next one.
Interesting and good video. Reverse engineering and programming isn't really my thing and a lot of it is going over my head. But it's an interesting and informative video none the less. Waiting to see part 2!
Really well done video. I think you should keep this series in this format. Personally I like the pacing of the video, and wouldn't want it slower, or faster.
Best video i ever seen on reverse engineering, keep it easy to understand! Thank you.
This was super interesting. Please continue with this series
I used the GNU debugger to reverse engineer some stuff, but with more complex programs it gets harder, this seems make things more agile and clear
Might be just Ghidra making it seem too easy 😃
Ghidra: *does windows reverse engineering in iOS*
Windows: "Am I a joke to you?"
macOS*
@@rohitas2050 woops
more like Reclass: Am I a Joke to you ?
@@Elffi LOL
Man, I used to debug exe using ollydebug and you are taking it to another level 🤯
Ghidra looks like an EXCELLENT tool to manage an RE session. Top notch.
Amazing video, very good to follow and it helped me a lot with some frustrating 'features' in Ghidra. I found I was using the disassembler window more than the decompilation window because of weird decompilation results - you helped me understand getting better decompilation results by adjusting Ghidra's interpretation of some code.
Thanks!
That's awesome to hear, thank you! Feel free to let me know what else you have trouble with, maybe it's something I can feature in the future
@@stacksmashing I'll be sure to comment it when I find more stuff, but seeing you work already solves a lot of problems!
@@stacksmashing greaat tut, can please explain if possible im chrome devtools save the changes i make in offline? i want change a pwa web worker app that works online and offline but the changes i made nolt save when i restart the app, exist any trick to save?if i not save i only get the cache of pwa app and not possible open and edit i think, thanks
Hey, I love watching reverse engineering videos! Thank you for this one. I'm glad that the RUclips recommendation bots have blessed you.
Keep up the amazing work you do with your videos!
I’m trying to learn Ghidra and reverse engineering in general, and this and your other videos are so helpful.
I have no idea what's gong on here, but I'm straining to understand. Great video!
Your skills are unbelievable. Good job 👏🏼
Reading the WannaCry warning, the creaters were real lads, providing multiple languages, information about BitCoin and a contact method.
They just sound incredibly kind.
tbh, i think they knew that they would affect millions of devices. humble people
Kind, maybe not, but they were reasonable. Do as we ask and we promise all will be well. And see we have written in clear language what we want you to understand. Give us the money and have a nice day 😊
professionals have *standards*
cant get money from someone who cant understand what they are reading
@@kahlzun Investigations show that this was most likely an attack by the North-Korean Government-Controlled Lazarus hacking group to fund nuclear programs and Fatass Jong Un's Sanction-Bypassing Goldschlager run. Eh, probably not Goldschlager. The fatass is probably going for something more expensive.
I didn't understand single bit of information u said but I watched full video..and subscribed.. Thanks for making this video
Very informative and interesting video. Thanks for that amazing upload! I cannot wait to see its continuation.
I don't know shit about coding, but you've explained this in a very human-readable way and i appreciate that.
Thanks for the great work! Can't wait for a part 2
Dude!! This is an epic walkthrough of reverse engineering - SO INTERESTING!!
I honestly didn't understand a single thing but I still appreciate the video, so thanks for sharing this.
I wonder who was behind the attack. It pisses me off there was nothing I could do to help when it happened to my relatives.
It might be finger pointing, but the US, UK, and Australia claimed that North Korea was behind the attack.
@@fatfr0g570 they formally asserted its origin as North Korea, the only 2 instruction pages not machine translated were english and chinese. more interestingly, the developers computers had Korean font families installed and build stamps indicated their timezone.
Very nice video, thank you. I would definitely want to see more malware analysis with ghidra videos. :)
Thanks man! Great content!! Definitely looking forward to more!!
All the best!!
Again your videos are insanely good !!! Love it !
I wouldn't mind doing that for a living. It seems like the sweet spot between meditative focus, puzzle solving, and education.
Trust me, it gets old fast.
@@Slenderman63323 Nahh, things are constantly changing which keeps it interesting. Unless you dont know what youre doing or looking at then yeah, I could see it getting "old fast"
Wow... as difficult as all this sounds, I'm a new security enthusiast, so I'm still learning. I was able to understand and somewhat follow what you were doing. kudus.
Very good video. Thanks for this video. That flowchart was helpful too. I have never seen reverse engineering in practice, this was very interesting. Very similar to debugging programs only here we don't have symbol information and have to create our own symbols, but it seems this Ghidhra tool makes things a lot convenient.
Whoever wrote this malware must have very good knowledge of Windows API, maybe even about Windows kernel.
So fast and accurate like a real ninja 😂, nice video , I didn't have to use speed 2 , like I usually do 😂
Impressed by your work. Keep it up! :D
Would love to see a tutorial on TP-Link router firmware RE or firmware with similar architecture, reverse engineering and rebuild of the firmware. Love your videos so far.
Well, I dont really understand well but Im here to understand it better, thanks for the video!
Edit: i actually managed to understand a part of it
Thanks for your videos, great detail. I hope you carry on with this channel and it's content.
i'm ignorant as a goat about this, but i find this voice quite relaxing and soothing
Awesome video looking fwd to part 2
Wow, I learnt so much about decompilation in this video! Thanks, keep it up!
This is some quality work! Congrats...
Parents: Install obvious virus that slows down the computer.
Parents: It must be that Steam thing.
Highly informative! Clearly explained, only understood about half of it but subscribed!!!
i don't know much about what you are doing but you earn a new subscriber here
you make me realise how little I know about anything. Great video
Si entendiera inglés y lo que haces me encantaría seguir lo que haces. Mis ojos se quedaron atrapados cuando vi este video al parecer lo había visto antes y no comenté. .Mis respetos hombre.
imagine doing this and accidentally running wannacry. i would actually scream
**laughs in multiple VMs running in Arch Linux**
i use arch btw
@@watema3381 no one cares
@@bigbythebigbadwolf aparently you do cause you replied!
also (incase you haven't noticed), it's an inside joke
@@watema3381 still no one cares
@@medo7dody ur prob crying behind ur screen: i dont care either but i gotta be an edgy loser so i can prove this guy wrong
I didn't understand anything, but I would have loved to cause it seems like a very useful skill to have and props to you for being so good at it!
Great video. Waiting for the next part
I almost fell asleep watching this video just because of this guy's beautiful asmr voice
Great video! Looking forward to more of your videos on Ghidra reverse engineering!
"This is part 1"
*months later*
6 days ago part 2 was released
This is very interessting! Can't wait for part 2. Have discovered these malwares before, but fortunately it was on a computer with no important stuff on it. One question, are you really using mac osx or is this linux with mac os x skin ??
Nope this is macOS
it's macOS 2: electric boogaloo (system-wide dark theme included)
get your copy today and save 50% off the normal cost!
great work....can´t wait for part II
i dont know what you are saying but i think this is very great
this is the video that helped me learn how to reverse engineer, thank you
Keep doing this. Show the world sth more about WannaCry.
Verstehe erst noch Bahnhof, aber ist ein interessanter Kanal. Weiter so!
Awesome work as always. Keep it up
I love your videos. It inspired me to chose computer security for my career. Give me a heart.
Great work and love what you did to show us how to reengineer a malware program like wanna cry I am in discord and on htb trying everything I can do to learn this so thank you and this is very helpful
you have finally cracked the 'WannaCry'' virus! I'm Impressed
this is the only guy who can decrypt wannacry without paying it lol
I am looking forward to the next video. (Should you encrypt the copy of Wannacry on your website using the AES key in your previous video? That would protect script kiddies from themselves and create a nice easter egg/crackme challenge?)
Reminds me when I reverse engineered a program that communicated with certain peripherals to try to understand how that obscure peripheral worked. No information online except for the program itself at hand.
The video is excellent, I understood most of it with some rudimentary background in programming. I would suggest that after you finish uploading all the videos running through the code, that you upload a 5-10 minute video with just a recap of what you learned and maybe a description of the overall workflow and your thoughts. I think that one would be a lot better for the rest of the 95% of watchers.
i wonder if wannacry author watched it :D
Nsa? Of course
@@jayzah It was made by North Korean cybercrime organization codenamed 'Lazarus'
It probally have more than 1 author
Thank you for your videos!!
Thanks to solo learn the C++ and the python course I understand the basic functions. I just need to finish the modules for both and I'll be able to understand this a lot better
The creators of WannaCry must have been geniuses like this guy
Great video! Thank you! When will part 2 be released?
This looks very interesting, great analysis, even for laymen.
awesome video! I'd love to see more!
Was looking for a video like this, thank you 👍