Presentation is loading. Please wait.

Presentation is loading. Please wait.

PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University.

Published byClyde Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University."— Presentation transcript:

1 PV204 Security technologies Reverse engineering of binary applications Petr Švenda svenda@fi.muni.czsvenda@fi.muni.cz Faculty of Informatics, Masaryk University

2 Laboratory Go to disassembly in IDE, understand basic principles Practical disassembling and binary debugging tutorial Lena tutorial 1 & 2 Open file in debugger Basic operations, jumps Patching Understanding structures from assembler | PV204: Rootkits, RE

3 OllyDbg - shortcuts F3... Open binary file F2... Toggle breakpoint (on opcodes, or double click) F9... Run debugged program Ctrl+F2... Restart program, all temporary changes are lost! F8... Step over F7... Step into Spacebar or double click... allows to set new opcode. Use when you like to change program behaviour, e.g., replacing conditional jump (JGE) by unconditional jump (JMP) or to discard instruction (NOP). Alt+BkSp... Undo change | PV204: Rootkits, RE

4 OllyDbg - shortcuts Rightclick->Search for->All referenced text strings... Constant text strings referenced in code. Use to find strings like hardcoded passwords, important messages (“Wrong license”). Double click on string will takes you to referencing instruction. Helps you to build mind model quickly. Rightclick->Find references to->Address constant... will find references to particular memory elsewhere in the code – use when you like to know where in code the memory is set, changed or otherwise used. Ctrl+F1... Help on Win32 API (WIN32 API help file already prepared in OllyDbg directory (WIN32.HLP)). Use to get meaning of the parameters pushed to stack just before the API function is called. ;... add or edit your comment for specific code line. Use to write down things you already understand. Use classic paper as well (program mind model) Rightclick->Copy to executable->All modifications (or Selection) … make changes permanent. New window with modified code is opened. Rightclick- >Save file to write patched binary to disk. | PV204: Rootkits, RE

5 Homework 5 – Crackme disassembling Reverse engineer supplied crackme file pv204.exe –Obtain information about its behavior (OllyDbg) –Make crackme to continue successfully without error message by a)Patching (modification of control routine, submit patched file) b)Creating valid license info (submit license file) Produce short (1xA4) text description of solution –How you performed analysis, what you learned, how you solved Bonus: More principally different solutions for the same problem might be awarded by extra points Submit before: 6.5. 6am (full number of points) –Every additional started day (24h) means 1.5 points penalization 5 | PV204 Security technologies - Labs

Download ppt "PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University."

Similar presentations

Utilizing the GDB debugger to analyze programs Background and application.

Utilizing the GDB debugger to analyze programs Background and application.
Procedures and Stacks. Outline Stack organization PUSH and POP instructions Defining and Calling procedures.

Procedures and Stacks. Outline Stack organization PUSH and POP instructions Defining and Calling procedures.
Lab6 – Debug Assembly Language Lab

Lab6 – Debug Assembly Language Lab
Programming The Development Environment and Your First C Program.

Programming The Development Environment and Your First C Program.
The IDE (Integrated Development Environment) provides a DEBUGGER for locating and correcting errors in program logic (logic errors not syntax errors) The.

The IDE (Integrated Development Environment) provides a DEBUGGER for locating and correcting errors in program logic (logic errors not syntax errors) The.
Laboratory 1 – ENCM415 Familiarization with the Analog Devices’ VisualDSP++ Integrated Development Environment.

Laboratory 1 – ENCM415 Familiarization with the Analog Devices’ VisualDSP++ Integrated Development Environment.
1 Gentle Introduction to Programming Tirgul 2: Scala “hands on” in the lab.

1 Gentle Introduction to Programming Tirgul 2: Scala “hands on” in the lab.
OllyDbg Debuger.

OllyDbg Debuger.
DEBUGGERS For CS302 Data Structures Course Slides prepared by TALHA OZ (most of the text is from

DEBUGGERS For CS302 Data Structures Course Slides prepared by TALHA OZ (most of the text is from
1 Introduction to 68000 Programming Environment Using MetroWerks CodeWarrior and Palm Emulator.

1 Introduction to Programming Environment Using MetroWerks CodeWarrior and Palm Emulator.
Parts of a Computer Why Use Binary Numbers? Source Code - Assembly - Machine Code.

Parts of a Computer Why Use Binary Numbers? Source Code - Assembly - Machine Code.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
© Copyright 1992–2005 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Tutorial 2 - HelloWorld Application: Introduction to.

© Copyright 1992–2005 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Tutorial 2 - HelloWorld Application: Introduction to.
Debugging applications, using properties Jim Warren – COMPSCI 280 S2 2015 Enterprise Software Development.

Debugging applications, using properties Jim Warren – COMPSCI 280 S Enterprise Software Development.
P.1ECE 331, Prof. A. Mason Professor Andrew Mason Michigan State University Spring 2013 ECE 331: PC Lab 1: Using HC12 ASM Simulators.

P.1ECE 331, Prof. A. Mason Professor Andrew Mason Michigan State University Spring 2013 ECE 331: PC Lab 1: Using HC12 ASM Simulators.
CS2311 - Tutorial 1 Getting Started with Visual Studio 2012 (Visual Studio 2010 are no longer available on MSDNAA, please choose Visual Studio 2012 which.

CS Tutorial 1 Getting Started with Visual Studio 2012 (Visual Studio 2010 are no longer available on MSDNAA, please choose Visual Studio 2012 which.
Keith Elder Microsoft MVP

Keith Elder Microsoft MVP
Debugging Projects Using C++.NET Click with the mouse button to control the flow of the presentation.

Debugging Projects Using C++.NET Click with the mouse button to control the flow of the presentation.
Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.

Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Similar presentations

Ads by Google