Example: tourism industry

Lecture 1: Introduction to Reverse Engineering - t …

Fotis Fotopoulos Boston, 2001 Table of Contents 2 Table of Contents Table of 2 1. 5 About the Course and Notes .. 5 5 Typical Examples .. 6 Hacking .. 7 Hiding Information from Public .. 7 Cell Phones .. 10 Computer Applications .. 10 Requirements .. 12 Scope .. 13 Ethics .. 13 Miscellaneous Information .. 14 2. Programming Processors .. 16 Programming Languages .. 16 Processor Arithmetic .. 18 Memory Structure .. 22 23 Unicode Strings .. 24 Pointers .. 24 3. Windows Anatomy .. 26 Windows 26 File System .. 27 File Anatomy .. 28 File 29 Into PE Format .. 31 The PE Header .. 34 Section Table .. 43 Commonly Encountered Sections .. 51 PE File Imports .. 59 Table of Contents 3 PE File Exports.

Chapter 1: Introduction to Reverse Engineering 8 Take for example the CueCat barcode scanner from Digital Convergence, which Radio Shack, Forbes and Wired Magazine have been giving away.

Tags:

  Lecture, Reserve, Introduction, Engineering, Reverse engineering, Lecture 1

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Lecture 1: Introduction to Reverse Engineering - t …

1 Fotis Fotopoulos Boston, 2001 Table of Contents 2 Table of Contents Table of 2 1. 5 About the Course and Notes .. 5 5 Typical Examples .. 6 Hacking .. 7 Hiding Information from Public .. 7 Cell Phones .. 10 Computer Applications .. 10 Requirements .. 12 Scope .. 13 Ethics .. 13 Miscellaneous Information .. 14 2. Programming Processors .. 16 Programming Languages .. 16 Processor Arithmetic .. 18 Memory Structure .. 22 23 Unicode Strings .. 24 Pointers .. 24 3. Windows Anatomy .. 26 Windows 26 File System .. 27 File Anatomy .. 28 File 29 Into PE Format .. 31 The PE Header .. 34 Section Table .. 43 Commonly Encountered Sections .. 51 PE File Imports .. 59 Table of Contents 3 PE File Exports.

2 62 4. Basic Concepts of 67 67 Flag .. 70 Memory .. 71 73 Interrupts .. 74 5. Assembly Commands .. 76 CMP: Compare Two Operands .. 76 76 76 Opcode Instruction Description .. 77 J cc: Jump if Condition Is Met .. 77 77 79 Opcode Instruction Description .. 79 PUSH: Push Word or Doubleword Onto the Stack .. 81 81 82 Opcode Instruction Description .. 83 POP: Pop a Value from the Stack .. 84 84 85 Opcode Instruction Description .. 88 AND: Logical AND .. 88 88 Operation and Example .. 88 Opcode Instruction Description .. 89 NOT: One's Complement Negation .. 90 90 Operation and Example .. 90 Opcode Instruction Description .. 90 Table of Contents 4 OR: Logical Inclusive OR .. 91 91 Operation and Example.

3 91 Opcode Instruction Description .. 92 XOR: Logical Exclusive OR .. 92 92 Operation and Example .. 92 Opcode Instruction Description .. 93 Other instructions .. 94 CALL: Call 94 ADD: 99 SUB: 99 MUL: Unsigned 99 DIV: Unsigned Divide .. 100 MOV: Move .. 100 6. SoftIce for Windows .. 103 Installing SoftIce .. 103 Configuring SoftIce .. 105 Resizing 105 106 Other Useful Settings .. 107 SoftIce Window .. 107 108 Breakpoints .. 109 Useful Functions .. 112 Navigation in 112 7. Hackman Editor .. 114 String Manipulation .. 114 Version Stamp .. 116 Date Stamp .. 117 Icon 118 Other Tools .. 119 Chapter 1: Introduction to Reverse Engineering 5 Chapter 1 1. Introduction About the Course and Notes The sole purpose of these Lecture notes is to provide an aid to the high school students attending the HSSP course C-01B Reverse Engineering in Computer Applications taught during Spring 2001 at the Massachusetts Institute of Technology.

4 The information presented hereby is on an as-is basis and the author cannot be possibly held liable for damages caused or initiated using methods or techniques described (or mentioned) in these notes. The reader should make sure to obey copyright laws and international treaties. No responsibility is claimed regarding the reliability and accuracy of the material discussed throughout the lectures. Definitions Programming language is a program that allows us to write programs and be understood by a computer. Application is any compiled program that has been composed with the aid of a programming language. Reverse Engineering (RE) is the decompilation of any application, regardless of the programming language that was used to create it, so that one can acquire its source code or any part of it.

5 The Reverse engineer can re-use this code in his own programs or modify an existing (already compiled) program to perform in other ways. He can use the knowledge gained from RE to correct application programs, also known as bugs. But the most important is that one can get extremely useful ideas by observing how other programmers work and think, thus improve his skills and knowledge! Chapter 1: Introduction to Reverse Engineering 6 Here are just a few reasons that RE exists nowadays and its usage is increasing each year: Personal education Understand and work around (or fix) limitations and defects in tools Understand and work around (or fix) defects in third-party products. Make a product compatible with (able to work with) another product.

6 Make a product compatible with (able to share data with) another product. To learn the principles that guided a competitor's design. Determine whether another company stole and reused some of source code. Determine whether a product is capable of living up to its advertised claims. Not all actions performed can be considered legal . Hence, extreme caution must be taken, not to violate any copyright laws or other treaties. Usually each product comes with a copyright law or license agreement. Typical Examples What comes in our minds when we hear RE, is cracking. Cracking is as old as the programs themselves. To crack a program, means to trace and use a serial number or any other sort of registration information, required for the proper operation of a program.

7 Therefore, if a shareware program (freely distributed, but with some inconveniences, like crippled functions, nag screens or limited capabilities) requires a valid registration information, a Reverse engineer can provide that information by decompiling a particular part of the program. Many times in the past, several software corporations have accused others for performing RE in their products and stealing technology and knowledge. RE is not limited to computer applications, the same happens with car, weapons, hi-fi components etc. Chapter 1: Introduction to Reverse Engineering 7 All major software developers do have knowledge of RE and they try to find programmers that are familiar with the concepts that will be taught during this class.

8 RE are well paid, sometimes their salaries are double or even more, depending on the skills they have. Hacking Hackers are able to penetrate into public or private servers and modify some of their parameters. This may sound exotic and rather difficult, but it is basically based on REing the operating system and seeking for vulnerabilities. Consider a server which is located at the web address When we log on this server with ftp, telnet, http, or whatever else this server permits for its users, we can easily find out what operating system is running on this server. Then, we Reverse engineer the security modules of this operating system and we look for exploits. An example is for Windows servers. A hacker reversed the module and discovered that the variable, which determines the number of open Command Prompts, is a byte (can vary from 0 to 255).

9 Therefore, if he could open 257 command prompt windows, we would crash the system! This vulnerability has been cured long time ago. The cures come with the form of patches or brand new releases. Each time a patch is created, old vulnerabilities vanish and new ones appear. As long as someone can find and exploit system s flaws like this, there ll always be hacking. Hiding Information from Public Companies are hiding a lot of things: their mistakes, security vulnerabilities, privacy violations and trade secrets. Usually, if someone finds out how a product works by Reverse Engineering , the product will be less valuable. Companies think they have everything to lose with Reverse Engineering . This may be true, but the rest of the world has much to gain.

10 Chapter 1: Introduction to Reverse Engineering 8 Take for example the CueCat barcode scanner from Digital Convergence, which Radio Shack, Forbes and Wired Magazine have been giving away. It scans small bar codes found in magazines and catalogs into your computer, then sends you to a Web site, which gives you more information. Linux programmers, ever eager to get a new device to work with the Linux operating system, took the thing apart. They Reverse engineered the encoding the device used and found out how it worked. This allowed them to write their own applications for the device. One of the better applications was one that allowed you to create a card catalog for your home library.


Related search queries