Reverse Engineering 101

Presented at ekoparty 14 (2018), Sept. 28, 2018, 1:50 p.m. (120 minutes)

Any C/C++ compile code leaves a pattern perfectly recognizable in the assembler. Be it a for with its starting, comparison and increase. A function with its arguments and return values. Conditionals with comparisons and even virtual methods and objects, all of them leave a characteristic trace, that when you are auditing without the source code, would allow us to rebuild some parts. Small programmes in C and a glance of how they result in the executable together with a debugger like olly or a disassembler like r2, will be shown in the ppt. Finally, if there is still some time, different program functions like Chrome, Adobe PDF, or Micorosoft Office will be exposed to show that it is possible to implement this technique so as to rebuild part of the original code.

Presenters:

• Javier Aguinaga
  Javier Aguinaga is a reverse engineer that counts with more than 10 years of experience disassembling executables.

Links:

• http://ekoparty.org/workshop-reverse-engineering-101.php

Similar Presentations:

• TROOPERS18 (2018) / When Virtual Hell Freezes Over - Reversing C++ Code
• REcon Brussels 2018 / When Virtual Hell Freezes Over - Reversing C++ Code