Fundamentals of Software Reverse-Engineering
Course Description
Reverse-engineering is an essential skill for many cybersecurity disciplines – vulnerability assessment, malware analysis, and software interoperability.
This course is designed to introduce students to the fundamentals of reverse-engineering software. These fundamentals are common to desktop, mobile, and embedded architectures. Over five days, we introduce students to the x86 instruction set and CPU architecture, recognizing C code constructs in assembly code, reverse-engineering with IDA Pro, and binary vulnerability research. Lectures will be supported by extensive supervised lab exercises that will reinforce and cement knowledge as students learn.
After taking this course, students will be proficient in the fundamentals of reverse-engineering software using IDA Pro, without the help of source code or documentation.
Course Dates
Course Location
The course can be provided on premises or off premises in a rented classroom.
Price
The course is $5,000.00 per student. There is a minimum of 10 students needed for the course to run and a maximum of 30 students.
Class Format
This course is driven by hands-on exercises with theory and diagrams in support. Each student will have access to their own hosted virtual machine (VM). This VM will contain all the tools, exercises, and documents for the class.
Prerequisites
Students are assumed to have a basic knowledge of programming in C and/or C++. Prior exposure to programming in x86 (or any other assembly language) is a plus but is not expected. Students are expected to each have a computer with an internet connection.
Day 1: Introduction to Reverse-Engineering Software
-
Introductions
-
Why reverse-engineer?
-
Overview of class
-
x86 Architecture Fundamentals
- Overview
- Syntax
- Registers
- Arithmetic and logical operations
- Data movement
- Memory and addressing
- Data movement with memory
- Stack manipulation
-
Control flow
- Types of control flow
- Functions
+ Invocation
+ Calling conventions
-
Tools for reverse-engineering
- Static
+ Disassemblers
+ Decompilers
+ Other specialized tools
- Dynamic
+ Debuggers
+ Binary instrumentation
Day 2: Recognizing C Code Constructs
-
Refresher on C
- Types
- Code constructs
- Stack vs heap
- Global vs local variables
- Structures
- Switch
-
C code constructs in x86
- Memory accesses
- if statements
- Loops
- Switch cases
- Identifying arrays
- Identifying structures
-
Compiler optimizations
Day 3: Reverse-Engineering with IDA Pro
-
Introduction to IDA Pro
- Comparison to other reverse-engineering tools
-
Loading binaries
-
The interface
- Graph view
- Text view
- Functions
- Strings
- Imports
- Exports
- Structures
-
Navigating graph view
- Understanding the graph
- Labels
- Navigating between functions
-
Cross-references
- What are they
- How to use them
-
Techniques in IDA
- Labeling code
- Commenting
- Formatting
- Constants
- Applying types
-
Searching
-
Introduction to IDA Scripting
-
IDA internals
Day 4: Vulnerability Analysis
-
Helpful tips and tricks for effective reverse-engineering
- Symbols
- Using strings
- Bottom-up vs top-down analysis
- Annotating your IDB
- Recognizing code constructs
-
Reverse-engineering workflows
-
Common binary bug classes
- Buffer overflows
- Integer Overflows
- Lifetime bugs
+ Use after free
+ Uninitialized memory use
- Logic bugs
-
Auditing for vulnerabilities
- Unsafe functions
- Recognizing unsafe code constructs
Day 5: Advanced Topics
-
Advanced analysis
- C++
- Binary patching
- Rebasing
- Recognizing anti-analysis
-
Mobile/Embedded Architectures
- ARM
- PowerPC
- MIPS
-
Introduction to the IDA API
- Why script reverse-engineering
- IDA API
- IDA Python
-
Advanced tooling
- Decompilers
- Binary diffing