Introduction to Software Reverse Engineering with Ghidra

Download 1,24 Mb. Pdf ko'rish
bet	1/4
Sana	15.05.2024
Hajmi	1,24 Mb.
	#235321

1 2 3 4

Bog'liq
session-1

Introduction to Software
Reverse Engineering with Ghidra
Session 1
Hackaday U
Matthew Alt
Hackaday U
–
Introduction to Software Reverse Engineering
7/19/2020
1

#whoami
•
Reverse engineer focused on embedded systems
•
Security researcher for Caesar Creek Software
•
Provide training and assessments through VoidStar
•
voidstarsec.com
•
@wrongbaud
•
wrongbaud.github.io
7/19/2020
Hackaday U
–
Introduction to Software Reverse Engineering
2

#Outline
•
What is Software Reverse Engineering (SRE)?
•
Software Engineering Review
•
SRE 101
•
Extracting Information from Compiled Programs
•
Disassembly / x86 ASM Refresher
•
Ghidra 101:
•
Installation
•
Basic Usage and Navigation
•
Exercises:
•
Challenge 1/2
•
Conclusion / Questions
7/19/2020
Hackaday U
–
Introduction to Software Reverse Engineering
3

#What is SRE?
•
Analyzing a software system to extract information
•
Source code not available
•
Used to recreate and understand functionality
•
Also used to find bugs!
•
Often started from the lowest layer of abstraction
•
Machine code
•
We will be focusing on x86_64 ELF binaries for Linux
7/19/2020
Hackaday U
–
Introduction to Software Reverse Engineering
4

#Software Engineering Review
•
Developers write code in high level languages such as C/C++
•
This code is then compiled into machine code
–
sequences of bytes
that the CPU can interpret
•
Disassembly is the process of converting these byte sequences into
assembly instructions
•
As reverse engineers, these byte sequences will be our starting point
7/19/2020
Hackaday U
–
Introduction to Software Reverse Engineering
5

#Compilation Review
•
Compiling a program is a multi-stage process*
•
Preprocessing
•
Compilation
•
Assembly
•
Linking
•
The result is machine code that is run on the CPU
•
These steps are all typically performed automatically
•
After going through these steps, an executable is produced
* Disclaimer: These are all extremely complex fields of research, and we’re only covering a very high level view
7/19/2020
Hackaday U
–
Introduction to Software Reverse Engineering
6

#Compilers
•
Compiling is phase two of “compilation”
•
Preprocessing passes over the source code, performing:
•
Comment removal
•
Macro Expansion
•
Include Expansion
•
Conditional Compilation (IFDEF)
•
Compiling converts the output of preprocessor into assembly
instructions
7/19/2020
Hackaday U
–
Introduction to Software Reverse Engineering
7