Reverse Engineering for Beginners: How to Perform Static Analysis on any Piece of Software
HTML-код
- Опубликовано: 29 июл 2024
- Reverse Engineering 101: How to Perform Static Analysis on any Piece of Software | How to reverse engineer
---------------------------
Learn how to perform static analysis on software with this guide, for beginners, to reverse engineering. This video is perfect for those interested in malware analysis, cyber security, and information technology. Discover key techniques using Cutter, but such techniques can work on any tool, including Ghidra and IDA Pro. Whether you're an IT professional or just intrigued by coding, this video will provide insights into the world of reverse engineering.
--------------------------
Timestamps:
0:00 History of Reverse Engineering
3:40 x86 CPU Architecture
8:29 Register Sets and Data Types
13:31 Decimal, Binary, and Hexidecimal
17:55 Little Endian and Big Endian
21:39 Main Memory (stack)
25:36 Assembly Language x86 Intel
33:02 Dissecting Malware with Static Analysis
54:33 Conclusion
------------------------
Socials:
/ vankperry
Discord: @vipv4
------------------------
Join our community!
/ discord
Some of your introduction, including the development of the bombe is incorrect. The original bombe was developed in the early 1930's by the Polish engineers, who along with their plans and personnel were helped to escape from Poland to the UK before the German invasion at the start of WWII. With these people and plans, Alan Turing and Gordon Welchman developed the system much further at the cryptography centre at Bletchley Park in Buckinghamshire in the UK. Much later, their design for the bombe was given to the US Army and Navy to allow them to build their own systems. The bulk of the German radio traffic in Europe was intercepted by both military Y stations and civilian voluntary interceptors (VI's), who were amateur radio operators skilled in receiving morse code in adverse conditions. All of these intercepted messages were decrypted, translated, analysed and disseminated by the personnel based at Bletchley Park.
@davidblake6889 Thank you for the correction on my history! Pinning this comment for all to see. Grateful to you for taking the time to clarify. This will help me to improve for future videos.
who cares. he is delivering engineering gold. not history
@@adrianpad Bill Gates, the current president of the United States of America, invented the computer in 1966 and founded Apple in 1896.
Who cares about getting the facts right?
@@adrianpad 🤣
Good thing the video is about RE and not for a history test.
The best introduction to RE and assembly I have ever watched. Hands down, you know your stuff and have mastered the art of teaching.
This is like a full semester course packed into an hour. Well done.
Oh watched it in slomo Play it at a faster speed..
I am a devops engineer and the algos brought me here. This flew way over my head but I thoroughly enjoyed it
This is an important video. Cybersecurity is an extremely gatekept industry. Respect for covering things others don't want to
Best approach on explaining assembly I've seen so far, starting with cpu and ram structure. Great job!
I never watched a single reverse engineering video yet the algorithm somehow knew I was interested in this. 🤣 thanks for the video
I was actually trying to find "reverse" connection anydesk. Been watching scambaiters. But I'm also interested in reverse engineering so it was still a win-win. 😀👍
Looks like you hit the algorithm, just FYI
Yep
Yep
Yep
Sit down, son, and let The Beard teach you some cryptography.
I love it when I can be part of something
All it took was the title and video length for me to know I had to watch this.
Very much to the point. Loved every second
The effort put into this video is visible and the quality is insane.
Very well presented and explained. Bravo!
Been watching your channel and I've just barely realized how slept on you are. Considering the quality of your videos I had thought you already had thousands of subs and much more views. This channel is going to blow up--considering the impending explosion of cybersecurity careers in line with AI/ML advances--its only up from here man!
Great video. For some reason I don't see a "main" function my file. Please dont stop making videos you are naturally born teacher. Many thanks
this video will skyrocket...
Thanks for the great tutorial!! I really like how you explained the stack with the main function. As a programmer this made a lot of sense and helped me understand something I've been trying to wrap my mind around in lower level programming like Rust
I have been looking for a decent architecture primer, and here one is. Thank you! Subbed.
Man, you're so good, I've always thought of cybersecurity as a whole is complex and hard, don't get me wrong , it still is hard for me 😂, but the way you teach things , the way you explain , I could relate to it even as a complete beginner, keep going mate 🙌, and also the intro of this video is a banger, sick editing, I ain't even lying you're gonna pop off, this video already did pop off, Keep the videos coming, Just wanted to let you know that you're video are super helpful.❤
As a mechanical engineer this is not the type of reverse engineering nor the kind of static analysis I was expecting.
Yeah me too, LOL. I haven't watched the video yet but I doubt "static" will be anything close to the shitstorm we had to study
A part 2 would be awesome man, thanks for making this!
Can't wait for a part 2
I love tech hands down, but for some reason I just don't like cyber security. My interest in it was always very low, but for some reason you've captured my attention. I found myself losing track of time while watching these videos. Thank you my friend. It looks like you've sparked something that I didn't even know was there.
Thanks for taking the time to make this video, Man it was great.(Definitely look forward to any additional videos on this topic) I think it would lead good into buffer overflow explanations for a future video. Js de-obfuscation maybe ? 🎉Just keeping the ideas rolling for yah .
That's a very good idea 🤔
49:08 quick note, In the context of C and C++, a reserve parameter is put in there by whoever designed it so they can later modify it or extend it with other functionality, eg. like in a later version. Same concept but in something unrelated, you see this sometimes in forum threads. An announcement thread is made and sometimes the original poster of that thread would make 1 or 2 extra empty message post below the first so they have space to add extra stuff later if they need.
Thank you!
The idea of a "reserved parameter" in C and C++ isn't typically about leaving parameters empty for future use. Instead, designers sometimes add additional parameters to functions (often with default values) to ensure future compatibility and extend functionality without changing the function's signature in a breaking way.
In C++, this is more commonly handled through method overloading, default parameters, or using variadic templates, rather than reserving parameters.
As for the analogy with forum threads, it's not quite the same. In programming, leaving room for future changes needs careful planning to ensure backward compatibility and maintainability, while reserving posts in forums is a straightforward way to manage content updates.
To sum up, in professional C/C++ development, future-proofing involves careful design patterns rather than just "reserving" parameters.
@@ethicalpap Also about that function - I think the params are retrieved from the stack in the reverse order, so the reserved is 0, and the URL is known - it's some .ico file that's being copied into some .exe
It makes me happy seeing more people interested in RE in general. RE is a skill that's very similar to learning a language. You practice familiarity until you develop fluency. A lot of the regular RE communities are super-quiet with individuals that are very temporary, looking for a quick answer when there is none. It makes it very difficult to hire people, instead forcing companies to search for people who're passionate, and then training them up to speed.
Are there degrees or courses on it?
@@MissionSilo I don't know of any offhand, but i'm sure there are (although I can't personally vouch for their quality, since some could just be money grabs recycling prior-written content). There are, however, different "types" of reverse engineering which warrant different types of approaches towards comprehension... each result in refining your skills differently. So, it's worth considering what your long term goal is so that you can focus on familiarity within the field you're interested in (and discover courses that cater towards those goals).
Generally, though, RE is originally rooted in interoperability, so if you're a good enough developer with the ability to run a debugger to confirm your theories, you get basic algorithmic familiarity for free and can use that as a base to get better. The tools that reverse engineers use and regular engineers use overlap in many ways. Despite this, there's many ways to develop a skill.
@arizvisa yeah there is software RE then hardware?
@@MissionSilo Hardware, Software (Interoperability/IP-theft, Malware, Vulnerabilities)...Each develops different skills. Reversing malware is almost completely different from vulnerability research, but then Interop (in some cases) can be considered part of Vulns. Then there's variations on both of those if you focus on low-level things where it involves Userspace, Kernelspace, etc. These also extend to different platforms/languages which have different patterns for you to recognize (although, they all follow the same basic rules). Some JS deobfuscation can also be considered RE. That's why knowing which field you are actually interested in is important.
@@arizvisa so general engineering for being able to do anything in RE?
Highly underrated channel, I know you will pop off soon.
Thanks for dropping the video.
Want part 2 of this.
A dynamic analysis would be great.
please continue this and get into more advance stuff eventually!!
you are great
I would definitely love a part 2
you're amazing bro, you answered almost all the questions I had about getting started. Lot's of love from Turkey!!
Very cool. Thank you.
I know ASM but this was very pleasing to listen to while doing work around the house and general cleaning.
Definitely subscribed to your channel. You’ve got a great format going on your videos. Keep it up, I see 25k+ by the end of the year.
This is amazing I’m glad I found your channel
I love it, new Sub! Please make Part 2,3,4 and 100!
Thank you for making this video, I hope future RE enthusiasts will see this one, it's gold!
I learned asm by myself a few years ago, and never knew about the lore of big-little endian lol
Excellent!
Thanks you my brother for more to learn about..
This was very informational and well explained. Thanks for this!
Excellent video brother, I stumbled upon your channel and had to subscribe :)
Looks like a great video glad it got recommended to me, I'm procrastinating like crazy but wana start learning. i saved it watch later please someone remind me
I like the way you explain.
Thanks
Gonna have to make another cup of coffee to take in all this information
Great work bro. 👍
Thanks for making this kind of awesome video ,please upload the 2nd part
You are incredible thank you
Good content!
Great content, very interesting, as we say in France : Merci beaucoup :)
Yay... 600th subscriber!
Thanks! This will be helpful for me as a normie.
make this is playlist please. It was nice, improved my understanding
I loved the video! Can we get a part two?
It's an Arithmetic/Logic Unit, it performs arithmetic (+, -, *, /, %, etc.) and logic (&, |, ^, etc.) operations
You got the history wrong. The poles were Marian Rejewski, Jerzy Różycki and Henryk Zygalski. Turing built a computer on top of it.
Shame they cut the poles out of the movie.
@@DailyFrankPeter jus as they blamed the cluster feck of operation Market Garden on the Polish general because they did not want to offend the americans who messed it up on the first place
Thank You
Really thanks for simple the explanation man.
Please create a proper standard for reverse engineering with a proper series and come fast with part 2 brother.
I would very much like a part 2. PLEASE MAKE a PART 2
Subscribed ✊🏾
This what i find interesting
Brother your channel is criminally undersubscribed
The algorithm has favored you (and me!)
AMAZINGGGGGGGGGGG!
Got to support my yaad man brother engineers 🙏🏾💯
Dude, your channel is like a dream come true, I always wanted to understand reversing because for me it still feels like some magic
Seems like a really interesting video, and if an ARM version is ever made, I will be back to watch the full series, but to be honest, x86 assembler makes me projectile-vomit every time I see it, so for now I am bowing out. I am leaving a like, in the hope it encourages you to do more.
Liked ✅
Commented ✅
Subscribed ✅
Part 2 .........loading
You are getting boosted by yhe algorithm 🤓
If we wrote right-to-left (best for right-handers with clay tablets so they can see the approaching margin) and used our usual Hindu-Arabic numbers, or instead wrote left-to-right (best for right-handers with ink so they more easily avoid smudging wet ink) and wrote numbers with the smallest place values first, we would all be using Little Endian machines, and multi-byte numbers in hex dumps of any byte multiple units, bit numbering and bitmapped graphics pixel addressing would be rather consistent and intuitive. 😀
Hey great video. Awesome learning experience.
Can you lay some pointers on how you prepared for the video - i mean the layout of content,
1. what to discuss/explain first and how much to say on what topic then going on to next
2. the scripting balance with facts, teaching, engagement, fun
3. what technology (app, device) you're using.
Thank you!
Absolutely, ping me on one of my socials in the description and I can walk through my process, although it's changed since this video.
Like, comment, and subscribe folks! Keep the algorithm working as it's supposed to!
10/10
Hey, I appriciate you and this video but I think that you would really benefit from a little bit more of a rigid script as it's kinda natural for us humans to kinda wander and dilly dally which can make the information pretty hard to understand. I get it takes a lot of time and effort so its selfish of me to ask that of you, but I'd personally recommend you try and make a more "combed" video as it makes for a much more engaging and informative video.
Either way cheers, I learned a bit
do you have any advice on reverse engineering a 16-bit program for ms-dos that uses overlays?
Algorithm sent me. Subbed
only Alan Turing and Bombe was from Britan, his machine was based(but only a little actually) on a polish machine "bomba" which is bomb in polish
P.S. The rest of the video is cool btw
P.S.S. Also at the time bombe was made, poland was entirly capitulated so there was no way for it to make anything
@anime_erotika585 grateful thankful for you, to take the time to correct me. Very much appreciated!
I hope people can apply this knowledge into modding games
I can't tell you the number of times I've been in the middle of some random CTFTime event and realize I've been stuck on the same "easy" rev problem for 8 hours...
I love seeing black in tech/IT/Cybersecurity, keep up the great work, brother!
Well said, we need a lot more channels like this. Hope he makes lots of videos, nothing challenges true bigotry than self evidential brilliance. You can argue all day and night with racists and bigots, but you get few of these videos and they cant say anything, not that most racists would understand this level of thought lol. Keep going man, your videos make people proud to see good vibes instead of the constant negative reinforcement forced on ALL of us by the entertainment industry, hope more people of color in general get into these awesome creative vlogs regardless of profession.
sure okay but I come here because Pap is knowledgeable, well spoken and has good ideas. What does it matter if the person speaks coherently, clearly and teaches me something. Don't force people to do something they don't want to. I am sure Pap is where he is bc of his work, effort and belief in himself. Keep it up Pap.
@@theprofessor5584stop making it weird bro
@@MrSomethingdarkwhat
Instant subscription to your channel. I can't remember another instance in which I subscribe from the first video I watch. Thanks for your time doing this bro. MVP
In the 39.39 minute of the video when you were explain the code: [ mov ctp, csp ]
You said it will move from ctp to csp, I thought you said in the earlier part of the video that x86 uses little- endian so shouldn't the csp rather move to ctp?
Yes you are correct, I mixed up my words there. Thank you for pointing that out.
@@ethicalpap no prob😅, thanks for the video man
This is so beyond me but I love the geeky nerdery of it. :)
So glad we have some autochthons spreading knowledge
Here are the highlights from the video "Reverse Engineering for Beginners: How to Perform Static Analysis on any Piece of Software" along with suggested improvements for each section:
### Highlights and Suggested Improvements
1. **Introduction to Reverse Engineering**
- **Highlight**: The video starts by explaining what reverse engineering is and its importance in understanding and recreating software.
- **Improvement**: Include a brief overview of the ethical and legal considerations involved in reverse engineering to provide viewers with a comprehensive understanding of the practice.
2. **Static Analysis Basics**
- **Highlight**: Introduction to static analysis and its role in reverse engineering, including looking at assembly code and understanding how a program works without executing it.
- **Improvement**: Provide a more detailed explanation of the differences between static and dynamic analysis, and when to use each method effectively.
3. **Tools and Setup**
- **Highlight**: The video mentions using Cutter as a disassembler and debugger for static analysis.
- **Improvement**: Offer a comparison of different tools available for static analysis (e.g., IDA Pro, Ghidra, Radare2) and explain the pros and cons of each, helping viewers choose the best tool for their needs.
4. **Example Analysis**
- **Highlight**: Walkthrough of a specific example, showing how to analyze assembly code, understand function calls, and identify important instructions.
- **Improvement**: Use multiple examples of varying complexity to show how different types of software and malware can be approached. This can help viewers understand the broader applicability of the techniques discussed.
5. **Combining Static and Dynamic Analysis**
- **Highlight**: Brief mention of combining static analysis with dynamic analysis to get a complete picture of how the software operates.
- **Improvement**: Provide a detailed example of how to integrate dynamic analysis tools (e.g., using a debugger to monitor runtime behavior) and explain how this combined approach can help uncover more details about the software.
6. **Decompilation**
- **Highlight**: Discussion on using decompilers to convert assembly code back into higher-level code for easier understanding.
- **Improvement**: Explain the limitations and challenges of decompilation, such as issues with obfuscation or incomplete decompilation, and offer tips on how to deal with these challenges.
7. **Practical Applications**
- **Highlight**: Mention of practical applications like malware analysis, bug bounty hunting, and understanding proprietary software.
- **Improvement**: Include real-world case studies or success stories to illustrate how reverse engineering has been effectively used in these areas, providing concrete examples of its benefits.
8. **Avoiding Common Pitfalls**
- **Highlight**: The video briefly touches on avoiding certain common mistakes in reverse engineering.
- **Improvement**: Expand this section to include a comprehensive list of common pitfalls and detailed strategies for avoiding them, ensuring that beginners can navigate the process more smoothly.
9. **Continued Learning and Resources**
- **Highlight**: Encouragement to continue learning and exploring the field of reverse engineering.
- **Improvement**: Provide a list of recommended books, courses, forums, and online resources where viewers can deepen their knowledge and connect with the reverse engineering community.
10. **Interactive Elements**
- **Highlight**: Engaging and clear presentation style that makes complex topics accessible.
- **Improvement**: Incorporate interactive elements such as quizzes, hands-on exercises, and downloadable sample code to reinforce learning and provide practical experience.
By incorporating these improvements, the video can offer a more comprehensive, practical, and user-friendly guide to reverse engineering, catering to both beginners and those looking to deepen their expertise.
This is a really good informative video! Nice work!
You have a knack for this. Keep it up!
I never heard of this guy and he pops up in my feed. The youtube gods are smiling down on you. I'm an expert -- you might need to track your statistics, and maybe gear up to grab your growth spurt audience. Good stuff -- especially for newbies into the fields of programming.
Please correct me if I'm wrong, since it's LE then for the URLDownloadToFile the szURL parameter is the 2nd from the bottom in the stack. Talking about the 48:12 explanation. Loved the video please do more.
Correct! It should have been LE, I used BE which was backwards, but somehow the video still worked out without me noticing the mistake... ty :)
thanks for dis m8, ill look into it later
Very good video 😊 I can only add that maybe you should make gate release slightly longer, as voice cut is very pronounced. Maybe 300-500ms would help 😉
@@zhexymusic good suggestion!
Would love to see an x64 vs 32 bits. The registers definitely behave differently
Im using your video for internal training of our team! The animations are great, I would work on delivery. Thanks for this content!
pap hitting my fyp
is it possible to reverse engineer a Solana program?
Wow I was recommended a video on an advanced computer topic thats not 8 minutes, but actually seems long enough to warrant such a theme? Nice! Im only a couple minutes in, but seems like its off to a great start.
The RUclips recommendations algo working as it should, finally. Amazing content ❤
Is it possible to use real visualizations to help understand?
When Yuli gets back.
@16:40, some of the text is offscreen
Algorithm brought me here. The subscribe button will keep me
At 47:55 while you are explaining the URLDownloafToFileW function, are you accidentally using incorrect endianess? You noticed that the reserved parameter (4th push) is not zero while you should have used 2nd push which was indeed 0.
Great video by the way!
I hadn't even realized that I used big endiannes there. Thanks! Looks like It still worked out
very good, i would have never expected to see the day bob marley came back to life to finally teach me reverse engineering.
James Harden has discovered engineering
A +++
❤