Reverse Engineering 2021/2022
Subject lectured to the 1st year of the Masters in Cybersecurity, providing an entry into reverse engineering processes, tools and methodologies.
This edition will be lectured by professors Bernardo Cunha (email: f552@ua.pt), João Paulo Barraca (email: jpbarraca@ua.pt), and José Luis Azevedo (email: jla@ua.pt). Teaching staff will be available by email and MS Teams, especially during the allocated tutoring slots. The use of the MS Teams platform for direct communication is highly recommended. Official course information will be available in this page, while grades will be available through restricted areas (Elearning).
Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in either English and Portuguese.
Prospecting students should be aware that this subject requires some knowledge and comprehension of several topics in the areas of networking, software and operating systems, such as: x86/AMD64 assembly, Java, Android, Linux, Python, Virtual Machines, basic electronics. Although lacking specific knowledge is not critical, the tasks proposed expect you to have some base knowledge on those topics.
Important Dates
-
Final Exam: July 1st, 10h
-
Assignment 1 - April 17th, 23:59
-
Assignment 2 - May 27th, 23:59
-
Assignment 3 - June 30th, 23:59
Planning
According to the UA academic schedule, classes will be lectured from March 7th, until June 23rd. The subject is composed by a 3 hours of theoretical/practical lectures, and 1 hour of optional tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures and preparing the assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Please also use this times to validate the execution of the assignments.
The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.
# | Date | Topic |
---|---|---|
1 | March 11 | Course Guidelines |
2 | March 18 | File structure and Polyglots |
3 | March 25 | Android Application Structure |
4 | April 1 | Android Static Analysis |
5 | April 8 | Android Dynamic Analysis |
6 | Abril 12 | Binary objects - decompilation |
7 | April 22 | Static analysis and data structures |
8 | May 6 | Dynamic Analysis and emulation |
9 | May 13 | Obfuscation techniques |
10 | May 20 | Decomposition of hardware devices |
11 | May 27 | Communication interfaces |
12 | June 3 | Serial and JTAG interfaces |
13 | June 17 | I2C, SPI and CAN |
References
Software
The following list presents useful software for Reverse Engineering. There is no affiliation with any of the tools presented. Other curated lists software lists can be found here
Android
- Android Developer Studio: https://developer.android.com/studio
- APKTool: https://ibotpeaches.github.io/Apktool/
- Frida: https://frida.re
- dex2jar: https://github.com/pxb1988/dex2jar
- Bytecode Viewer: https://bytecodeviewer.com/
Binary Analysis
- Binary Analysis Platform: https://github.com/BinaryAnalysisPlatform/bap
- Angr: https://github.com/angr/angr
- Objdump: https://linux.die.net/man/1/objdump
- PEStudio: https://www.winitor.com/
- Cerebro: https://cerbero.io/
- ExplorerSuite: https://ntcore.com/?page_id=388
Debuggers
- WinDBG: https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk
- OllyDbg: http://www.ollydbg.de/
- x64dgb: https://x64dbg.com
- GDB: https://www.sourceware.org/gdb/ ** GEF: https://github.com/hugsy/gef
- Vivisect: https://github.com/vivisect/vivisect
- LLDB: https://lldb.llvm.org
Decompilers/Disassemblers
- Ghidra: https://ghidra-sre.org/
- Snowman: https://derevenets.com/
- RetDec: https://retdec.com/
- Capstone: https://www.capstone-engine.org/
- Radare: https://www.radare.org/r/
- Cutter: https://cutter.re/
- Hopper: https://www.hopperapp.com/
- JEB: https://www.pnfsoftware.com/jeb2/
- Binary Ninja: https://binary.ninja/
- IDA: https://www.hex-rays.com/ida-pro/
- Relyze: https://www.relyze.com/overview.html
- Procyon: https://github.com/mstrobel/procyon
- encompyle6: https://pypi.org/project/uncompyle6/
File Manipulation
- TrID: https://mark0.net/soft-trid-e.html
- file: https://linux.die.net/man/1/file
- LIEF: https://lief-project.github.io/
Hex Editors
- HxD: https://mh-nexus.de/en/hxd/
- 010 Editor: https://www.sweetscape.com/010editor/
- HExWorkshop: http://www.hexworkshop.com/
- HexFiend: https://hexfiend.com/
- ImHex: https://github.com/WerWolv/ImHex
Instrumentation and Emulation
- Qiling: https://github.com/qilingframework/qiling
- Unicorn Engine: https://www.unicorn-engine.org/
- Qemu: https://www.qemu.org/
Websites
- MalShare: https://malshare.com/
- Contagio Malware dump: https://contagiodump.blogspot.com/
- Reverse Engineering challenges: https://challenges.re/
- Crackmes Repository: https://github.com/ReversingID/Crackmes-Repository/
- Crackmes.one: https://www.crackmes.one/
- Reddit ReverseEngineering: https://www.reddit.com/r/ReverseEngineering/
- Reddit AskReverseEngineering: https://www.reddit.com/r/AskReverseEngineering/
- OpenRCE: http://www.openrce.org
- Malware Analysis Tutorials: https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
Books
- A. P. David, Ghidra Software Reverse Engineering for Beginners, Packt Publishing, 2021, ISBN: 9781800207974
- Bruce Dang, Alexandre Gazet, Elias Bachaalany, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014, ISBN: 9781118787311
- Eldad Eilam, Reversing: Secrets of Reverse Engineering, Willey, 2005, 9780764574818
- Dennis Andriesse, Practical Binary Analysis, ISBN-13: 9781593279127, 2018
- Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods, Practical IoT Hacking, No Starch Press, 2021