Top products from r/ReverseEngineering

We found 40 product mentions on r/ReverseEngineering. We ranked the 37 resulting products by number of redditors who mentioned them. Here are the top 20.

Next page

Top comments that mention products on r/ReverseEngineering:

u/rolfr · 57 pointsr/ReverseEngineering

I started from scratch on the formal CS side, with an emphasis on program analysis, and taught myself the following starting from 2007. If you're in the United States, I recommend BookFinder to save money buying these things used.

On the CS side:

  • Basic automata/formal languages/Turing machines; Sipser is recommended here.
  • Basic programming language theory; I used University of Washington CSE P505 online video lectures and materials and can recommend it.
  • Formal semantics; Semantics with Applications is good.
  • Compilers. You'll need several resources for this; my personal favorites for an introductory text are Appel's ML book or Programming Language Pragmatics, and Muchnick is mandatory for an advanced understanding. All of the graph theory that you need for this type of work should be covered in books such as these.
  • Algorithms. I used several books; for a beginner's treatment I recommend Dasgupta, Papadimitriou, and Vazirani; for an intermediate treatment I recommend MIT's 6.046J on Open CourseWare; for an advanced treatment, I liked Algorithmics for Hard Problems.

    On the math side, I was advantaged in that I did my undergraduate degree in the subject. Here's what I can recommend, given five years' worth of hindsight studying program analysis:

  • You run into abstract algebra a lot in program analysis as well as in cryptography, so it's best to begin with a solid foundation along those lines. There's a lot of debate as to what the best text is. If you're never touched the subject before, Gallian is very approachable, if not as deep and rigorous as something like Dummit and Foote.
  • Order theory is everywhere in program analysis. Introduction to Lattices and Order is the standard (read at least the first two chapters; the more you read, the better), but I recently picked up Lattices and Ordered Algebraic Structures and am enjoying it.
  • Complexity theory. Arora and Barak is recommended.
  • Formal logic is also everywhere. For this, I recommend the first few chapters in The Calculus of Computation (this is an excellent book; read the whole thing).
  • Computability, undecidability, etc. Not entirely separate from previous entries, but read something that treats e.g. Goedel's theorems, for instance The Undecidable.
  • Decision procedures. Read Decision Procedures.
  • Program analysis, the "accessible" variety. Read the BitBlaze publications starting from the beginning, followed by the BAP publications. Start with these two: TaintCheck and All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution. (BitBlaze and BAP are available in source code form, too -- in OCaml though, so you'll want to learn that as well.) David Brumley's Ph.D. thesis is an excellent read, as is David Molnar's and Sean Heelan's. This paper is a nice introduction to software model checking. After that, look through the archives of the RE reddit for papers on the "more applied" side of things.
  • Program analysis, the "serious" variety. Principles of Program Analysis is an excellent book, but you'll find it very difficult even if you understand all of the above. Similarly, Cousot's MIT lecture course is great but largely unapproachable to the beginner. I highly recommend Value-Range Analysis of C Programs, which is a rare and thorough glimpse into the development of an extremely sophisticated static analyzer. Although this book is heavily mathematical, it's substantially less insane than Principles of Program Analysis. I also found Gogul Balakrishnan's Ph.D. thesis, Johannes Kinder's Ph.D. thesis, Mila Dalla Preda's Ph.D. thesis, Antoine Mine's Ph.D. thesis, and Davidson Rodrigo Boccardo's Ph.D. thesis useful.
  • If you've gotten to this point, you'll probably begin to develop a very selective taste for program analysis literature: in particular, if it does not have a lot of mathematics (actual math, not just simple concepts formalized), you might decide that it is unlikely to contain a lasting and valuable contribution. At this point, read papers from CAV, SAS, and VMCAI. Some of my favorite researchers are the Z3 team, Mila Dalla Preda, Joerg Brauer, Andy King, Axel Simon, Roberto Giacobazzi, and Patrick Cousot. Although I've tried to lay out a reasonable course of study hereinbefore regarding the mathematics you need to understand this kind of material, around this point in the course you'll find that the creature we're dealing with here is an octopus whose tentacles spread in every direction. In particular, you can expect to encounter topology, category theory, tropical geometry, numerical mathematics, and many other disciplines. Program analysis is multi-disciplinary and has a hard time keeping itself shoehorned in one or two corners of mathematics.
  • After several years of wading through program analysis, you start to understand that there must be some connection between theorem-prover based methods and abstract interpretation, since after all, they both can be applied statically and can potentially produce similar information. But what is the connection? Recent publications by Vijay D'Silva et al (1, 2, 3, 4, 5) and a few others (1 2 3 4) have begun to plough this territory.
  • I'm not an expert at cryptography, so my advice is basically worthless on the subject. However, I've been enjoying the Stanford online cryptography class, and I liked Understanding Cryptography too. Handbook of Applied Cryptography is often recommended by people who are smarter than I am, and I recently picked up Introduction to Modern Cryptography but haven't yet read it.

    Final bit of advice: you'll notice that I heavily stuck to textbooks and Ph.D. theses in the above list. I find that jumping straight into the research literature without a foundational grounding is perhaps the most ill-advised mistake one can make intellectually. To whatever extent that what you're interested in is systematized -- that is, covered in a textbook or thesis already, you should read it before digging into the research literature. Otherwise, you'll be the proverbial blind man with the elephant, groping around in the dark, getting bits and pieces of the picture without understanding how it all forms a cohesive whole. I made that mistake and it cost me a lot of time; don't do the same.
u/fuckingbagre · 6 pointsr/ReverseEngineering

That is a great list, just a few random comments.

Basics for discrete math, 6.042 is a nice resource, it has a free full open text book. While it's actually simpler than most of your links it actually gives a nice introduction to some of the formalisms you'll run into later.

CLRS is an amazing reference for just about anything you need. It's not a nice introduction to things but it will easily save your behind as a reference in a pinch.

My one real disagreement is your suggestion of abstract algebra book, I'm a fan of Algebra by artin. It's a bit rough, but you can usually pick up older versions fairly cheap and it comes with course notes. It can come with it's ocw counterpart. It's how I learned, and i personally think it's one of the better resources out there.

The more mature version of cousot's class is 6.820 which is a fairly good class but can actually take a while to get through the material if you don't have a friend to do it with. If you get through it, you will have one hell of a base.

For crypto, since i do love crypto probably a bit different, Stanford is a great class I suggest looking at My suggestions, start with

  • Technically before Pitfalls by schneier, giving what the hell can go wrong.

  • 6.857 it's got good course notes and will teach you the basics, and some notation. It also goes over the simple groups and osme older algorithms


  • Matthew Green's blog is a great place to read about some concepts in simpler terms. It's more protocol based than it is algorithm based, but presents information in a digestible format.

  • Understanding cryptography keeps on this and goes further than 857 does and continues on this journey

  • A bit older but schneiers self study is an interesting set of reads. It gives you papers that help you build up to where to go next, what things will actually occur again and again.

  • A bit more advanced cryptography course It goes further in depth than the stanford course, or 857. It goes further into ZKP than I believe really is needed but goes into some of the other concepts pretty well.

  • This is my off the wall suggestion, Elliptic Curves
    Number Theory and Cryptography
    is one of the best books I've read on EC yet. It's approachable and actually does an amazing job. If you want checks with it, try the psets here


    Just a few supplementary suggestions.

    You gave a great list, an absolutely a amazing roadmap
u/emtuls · 3 pointsr/ReverseEngineering

If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.

The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out


For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:


  • Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.

  • Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course

  • Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.

  • The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.

    Hands On:


  • Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!

  • Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.

  • Crackmes These are more of challenges once you start to have a little understanding down

    Courses:

    Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:


  • Basic Dynamic Analysis
  • Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.


    Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
u/SoCo_cpp · 2 pointsr/ReverseEngineering

To make a long story short, at a quick glance I see:

He has created a hashing function by shuffling the character map used in a base64 encoding.

He proposes running a file containing a list of your literal string list through this application command line app, which outputs a header file, like this, ready to include containing the encoded strings and decryption key (Base64 character map) defined as macros.

The generated macros defines take this format:

define INTRO_STRING GetDecryptedString("UCcFEN/FEN/cMv19EmJpl4kpEm1NgYiGebj3")


Critique:

This looks to accomplish it's task of providing obfuscation literal strings. There could be a number of different ways to accomplish this with varying pros and cons. Other strategies may already exist, be easier, and have polished tools.

One pro of this approach is that the strings are not decrypted until used. That could also be a con since each string must be decrypted each time it is accessed.

Another possible con is that the key must be kept with the encoded hashes, but possibly the whole idea was to just withhold the key, but this would likely make the code uncompilable or function incorrectly depending on how the strings are used and handling is done without a key.

Securely encrypted strings seems to not be a requirement of this project. Since that is the case, it seems the shuffling of the base64 seems a pointless step that merely forces possessors of the code to do more than just plot the string in an online base64 decoder. One could more easily just plop plain base64 in there and avoid the extra complication or just escaping the strings in an escaped hex representation Like this:

"\x32\xA9\xD9" see MSDN C++ Character Constants

Good enough security is all we can hope to obtain{1}, so if it accomplishes the security requirements needed, then it is a success.

Qualifications:

I have been programming C++ for nearly 20 years and working as a C/C++ Windows, Linux, and embedded device programer for more than 10 years. Probably not a very good critiquer.

{1} Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk

u/milkeater · 1 pointr/ReverseEngineering

I think most is kind of a rough statement. Granted there were some truly gifted people in the 70's that rocked our world.

I think we have a LOT of research papers that we sift through and the legacy papers tend to stay highlighted in time. I can imagine if you sifted through everything that existed back then, you may be saying something similar.

I've found a few great ones and if you are heavy into software engineering, you may share the enthusiasm towards a book that came out several years ago: Greg Wilson - Making Software: What Works and Why we Believe it

He also has a talk where he references some of those papers: Greg Wilson talk

He comes off strong, but he backs it with research which I appreciate. It's more about bringing data to the table if you have something you'd like to discuss. Somewhat heavy handed, but there are good papers that I've read referenced there.

The continual evaluation of Conways law and it's research still holding true today is something that I continually enjoy (Although originating from a 1967 study reinforcing your point of seminal papers from that era)

u/karmakit · 3 pointsr/ReverseEngineering

I agree with Centurion89, but as an addition — if you want a good old fashioned book — check out Hacking: The art of exploitation by Jon Erickson. The title put me off at first, as it sounded a bit script kiddy-ish, but after having read a bit I find it very good.

Its focus is not reverse engineering per se, but it walks you through writing your first C program, disassembling it, explaining what happens where in memory. Very well explained. It has a lot of networking stuff that might not be that interesting from a reversing perspective, though.

I've skipped ahead while reading in the bathroom, legs falling asleep, and I found a part where you write a small web server and exploit it. What I found a bit impressive (Well, I might be easily impressed) is how the author walks you through improving the exploit.

At first, it gives you a shell, but leaves obvious lines in the server log and hijacks the main loop, refusing more connections. It is shown how to fix that, integrating manipulation of the log writing code and making the exploit code jump back to the main loop after doing it's dirty deal so the web server can start accepting connections again.

Disclaimer: I'm obviously very new to this too, and there probably are better books for reversing, but I think basic principles shared in this book also might be useful from a reversing perspective.

u/NickCano · 2 pointsr/ReverseEngineering

Thanks for the shoutout! The link is dead, but the official is here and Amazon is here.

@OP hacking games is what ignited my passion for coding. It allowed me to make things which were in line with my hobby--gaming--and quickly became my hobby itself. Whether or not you're a gamer, it's important to apply coding to whatever grabs your attention. When you go that route, you can be sure you'll have the drive to get better and make coding a way of life. Luckily for gamers who aspire to hack, game hacking is a popular industry and the techniques have reverse engineering baked right in, so it is a double whammy.

u/WellThenScrewIt · 9 pointsr/ReverseEngineering

Learn to write simple C programs. Then debug your own C programs, preferably in OS X or Linux using gcc/gdb. Then disassemble your own C code (learn how to disable optimization in the compiler; try it with no optimizaiton and then with increasing levels). Then look at C++ and (gasp) Visual BASIC and such. Turns out a ton of malware is written in these languages, and the snarl of garbage that you'll uncover that is just part of the auto-generated message handling stuff for VB will astound you, so don't start there...but it's important to understand those structures when you see them.

Then follow tutorials about reversing other programs. There are great books on this.

It helps a lot to know assembly language, but you'll tend to pick it up as you go.

You'll want better tools than just command-line disassemblers. I prefer IDA Pro.

There's a great book that uses IDA Pro with many examples to address precisely your questions.

Here's another great book on malware analysis that covers all kinds of tricks you might bump into when working on real targets.

I see all this as a long-term iterative exercise. It's fascinating.


u/serious_face · 1 pointr/ReverseEngineering

I'm in a similar position (besides having a nice cert ;), and what I'm going through right now is a combination of Lena's tutorials, and Reversing - Secrets of Reverse Engineering. The book actually seems like a really good "foundation" kind of book, since it spends the first 4 chapters or so going over the basics of compilers, operating systems, memory, etc. As for Lena's tutorials, it's hard for me to say because I've only finished a few, but I've heard good things about them. Good luck.

u/bestseeker · 1 pointr/ReverseEngineering

I'll tell it like it is. Most colleges don't really teach useful things these days in favor of giving you a broad education and emptying your wallet. You'd probably only have one or two courses on reverse engineering, if that. The best thing to do is probably learn it on your own and take whichever major of those you enjoy more. I recommend checking out this book for software RE. http://www.amazon.com/gp/product/0764574817/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0764574817&linkCode=as2&tag=viewsite-20

u/ivanmm · 3 pointsr/ReverseEngineering

I have some knowledge on assembly and RE (Win32), but I never really got that much deep into it. I learned things as I needed in order to do my stuff.
I think the important thing here is to have a solid understanding of the architecture you're working on (for example x86/x86_64), the OS internals, and C. Without this you are going to have a very unpleasant and even painful experience.
If you don't have it yet, take the time and learn it, and then go back to RE. It will be worth it and save you a lot of effort. If you already have it, then things shall come easier to you.
If you are using Windows, I highly recommend David A. Solomon's and Mark Russinovich's Windows Internals book. It's an unmatched resource about Windows and will help you greatly.

u/devinvisible · 1 pointr/ReverseEngineering

Hewardt also made the Advanced .NET Debugging book which is pretty great for that type of debugging.

https://www.amazon.com/Advanced-NET-Debugging-Mario-Hewardt/dp/0321578899

u/feedingzur · 2 pointsr/ReverseEngineering

Given you're a CS student, I'll assume you have at least a passing enjoyment of video games. /u/nickcano has a great book on game hacking if you're looking for an avenue to intersect learning with an existing hobby.

https://www.amazon.com/Game-Hacking-Developing-Autonomous-Online/dp/1593276699&ved=0ahUKEwi4lq_2y5rZAhURM6wKHfXOB98Q5OUBCF0wBw&usg=AOvVaw18ufFhR9oBAwJTzgMW9gA3

u/joxeankoret · 4 pointsr/ReverseEngineering

"Source code fuzzers". Wow. Unless you're fuzzing a compiler/interpreter, it doesn't make any sense at all. Really, you should start by finding in Google about the subject.

In any case, I recommend you to read the book "The art of software security assessment" [1] and a Bug Hunter's Diary[2].

[1] http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426

[2] http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851

u/waka324 · 2 pointsr/ReverseEngineering

Voltage is important. You could be looking at "real" RS232 or something like TTL/CMOS UART. Additionally, there is no guarantee that the pins will be wired as they are in the cables you linked (especially if going to JST). Best practice would be to check ground continuity (while off) and voltage levels (while on) and use a logic analyzer on the inputs (eg. Haven't used this exact one, but it is a popular Chinese clone https://www.amazon.com/HiLetgo-Analyzer-Ferrite-Channel-Arduino/dp/B077LSG5P2/ref=mp_s_a_1_1?ie=UTF8&qid=1555138013&sr=1-1&pi=AC_SX236_SY340_FMwebp_QL65&dpPl=1&dpID=41wZsMYKyUL&ref=plSrch). Note that if you do find voltages in excess of 5 v, you are probably working with spec RS232 voltages and you should use a different logic analyzer than the one that I linked.

u/ap0x · 12 pointsr/ReverseEngineering

Chapter 3 - Windows fundamentals; Secrets of Reverse engineering by Eldad Eilam should be an easy high level overview of the subject. The rest of the book is a great resource too.

u/cHoco- · 1 pointr/ReverseEngineering

I'm in a similar situation and some resources that I'm finding really eye opening are Trailofbits CTF Guide and the book [The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities] (http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426).
I also find other people exploits and presentations inspiring in a sense :)

u/agelastic · 2 pointsr/ReverseEngineering

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation https://www.amazon.com/dp/1118787315 is very good and has a huge ARM part

u/wither88 · 1 pointr/ReverseEngineering

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

I rarely just recommend one source, since often authors have a specific take (say, a book might be targetted towards the academics, people who use a specific tool, or people who are doing some specific task) - but https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 is absolutely incredible from every angle.

Follow that with learning kernel syscall/monitoring tools [procexp,procmon,the sysinternals suite], disassembly tools[IDA/radare/whatever], and a debugger[WinDBG] + Mark's book on Windows Internals 6th edition both volumes (it's long but its worth it). And youre well on your way.

For Linux/BSD, look at kernelnewbies for Linux and the online handbook for at least FreeBSD, ktrace/ptrace/truss/strace for the syscall analysis type stuff, IDA/radare/hopper all are cross platform so you're golden there, and perhaps calling conventions (cdecl vs what-not).

u/HexCC · 2 pointsr/ReverseEngineering

Thanks for the list. I've been recommended Reversing: Secrets of Reverse Engineering by a friend but it didn't make this list. Does anyone know why?

u/baordog · 2 pointsr/ReverseEngineering

I suppose you could just read Practical Reverse Engineering. The typical methods are explained there for reverse engineers. It's kind of an "arms race", so I doubt any one place will have a full set of up to date info. Also, companies who do this sort of thing will not usually be willing to outline exactly what they do and how they do it. Obviously, disclosing that would only help crackers.


http://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315/ref=sr_1_1?ie=UTF8&qid=1406820088&sr=8-1&keywords=practical+reverse+engineering

u/_o7 · 1 pointr/ReverseEngineering

Took the course in December, studying and reading further in Practical Malware Analysis currently. Planning on sitting the exam sometime late February.

u/Grazfather · 2 pointsr/ReverseEngineering

Hah. Just got my order of "Reversing: Secrets of Reverse Engineering" in recently. I'll have to finish that, first.