Subject lectured to the 1st year of the Masters in Cybersecurity, providing an entry into reverse engineering processes, tools and methodologies.
This edition will be lectured by professors João Paulo Barraca (email: jpbarraca@ua.pt), and José Luis Azevedo (email: jla@ua.pt). Teaching staff will be available by email and Discord, especially during the allocated tutoring slots. The use of the Teams platform for direct communication between students and with professors is highly recommended. Official course contents will be available on this page, while grades will be available through the University Elearning platform (Elearning).
Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in either English or Portuguese according to the student preference.
Prospecting students should be aware that this subject requires some knowledge and comprehension of several topics in the areas of computers, networking, software, operating systems and basic electronics, such as: x86/AMD64 assembly, Java, Android, Linux, Python, Virtual Machines, and digital signals. Although lacking specific knowledge is not critical, the tasks proposed expect you to have some base knowledge on those topics.
Important Dates
-
Final Exam: June TBD
-
Assignment 1 - March TBD
-
Assignment 2 - May TBD
-
Assignment 3 - June TBD
-
Return of PCB Board and remaining equipment until June TBD 18:00 at IEETA.
-
Recoursal - Practical Assignments: July TBD (1 day before exam)
-
Recoursal - Exam: July TBD
Planning
According to the UA academic schedule, classes will be lectured from February 14th, until June 6th. The subject is composed by a 3 hours of theoretical/practical lectures, and 1 hour of optional tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures and preparing the assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Please also use this times to validate the execution of the assignments.
The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.
| # | Date | Topic |
|---|---|---|
| 1 | February 13 | Intro to Reverse Engineering, File Types |
| 2 | February 20 | Android Static Analysis |
| 3 | February 27 | Android Binary and Web Apps |
| 4 | March 6 | Android Dynamic Analysis |
| 5 | March 13 | Binary objects - decompilation |
| 6 | March 20 | Static analysis and data structures |
| 7 | March 27 | Dynamic Analysis and emulation |
| 8 | April 17 | Dynamic Analysis and emulation |
| 9 | April 24 | Obfuscation techniques |
| 10 | May 8 | Decomposition of hardware devices |
| 11 | May 15 | Communication interfaces |
| 12 | May 22 | Serial and JTAG interfaces |
| 13 | May 29 | I2C and SPI |
References
Software
The following list presents useful software for Reverse Engineering. There is no affiliation with any of the tools or companies presented. Other curated lists software lists can be found here
A Reverse Engineering Box will be kept in github: https://github.com/jpbarraca/revbox/tree/main
Android
- Android Developer Studio: https://developer.android.com/studio
- APKTool: https://apktool.org/
- Frida: https://frida.re
- dex2jar: https://github.com/pxb1988/dex2jar
- Bytecode Viewer: https://bytecodeviewer.com/
Binary Analysis
- Binary Analysis Platform: https://github.com/BinaryAnalysisPlatform/bap
- Angr: https://github.com/angr/angr
- Objdump: https://linux.die.net/man/1/objdump
- PEStudio: https://www.winitor.com/
- Cerebro: https://cerbero.io/
- ExplorerSuite: https://ntcore.com/?page_id=388
- PEiD: https://www.aldeid.com/wiki/PEiD
- Detect-It-Ease: https://github.com/horsicq/Detect-It-Easy
- TrID: https://mark0.net/soft-trid-e.html
- file: https://linux.die.net/man/1/file
- LIEF: https://lief-project.github.io/
- binwalk: https://github.com/ReFirmLabs/binwalk
Debuggers
- WinDBG: https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk
- OllyDbg: http://www.ollydbg.de/
- x64dgb: https://x64dbg.com
- GDB: https://www.sourceware.org/gdb/
- GEF: https://github.com/hugsy/gef
- Vivisect: https://github.com/vivisect/vivisect
- LLDB: https://lldb.llvm.org
- EDB Debugger: https://github.com/eteran/edb-debugger
Decompilers/Disassemblers
- Ghidra: https://ghidra-sre.org/
- RetDec: https://retdec.com/
- Radare: https://www.radare.org/r/
- Cutter: https://cutter.re/
- Hopper: https://www.hopperapp.com/
- JEB: https://www.pnfsoftware.com/
- Binary Ninja: https://binary.ninja/
- IDA: https://www.hex-rays.com/ida-pro/
- Relyze: https://www.relyze.com/overview.html
- Procyon: https://github.com/mstrobel/procyon
- encompyle6: https://pypi.org/project/uncompyle6/
- JADX: https://github.com/skylot/jadx
Hex Editors
- HxD: https://mh-nexus.de/en/hxd/
- 010 Editor: https://www.sweetscape.com/010editor/
- HExWorkshop: http://www.hexworkshop.com/
- HexFiend: https://hexfiend.com/
- ImHex: https://github.com/WerWolv/ImHex
Instrumentation and Emulation
- Qiling: https://github.com/qilingframework/qiling
- Unicorn Engine: https://www.unicorn-engine.org/
- Qemu: https://www.qemu.org/
- iNetSim: https://www.inetsim.org/
- Qiling Docker with useful rootfs: https://hub.docker.com/r/nasmre/rebox
- containerlab: https://containerlab.dev/
Websites
- MalShare: https://malshare.com/
- Contagio Malware dump: https://contagiodump.blogspot.com/
- Reverse Engineering challenges: https://challenges.re/
- Crackmes Repository: https://github.com/ReversingID/Crackmes-Repository/
- Crackmes.one: https://www.crackmes.one/
- Reddit ReverseEngineering: https://www.reddit.com/r/ReverseEngineering/
- Reddit AskReverseEngineering: https://www.reddit.com/r/AskReverseEngineering/
- OpenRCE: http://www.openrce.org
- Malware Analysis Tutorials: https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
Books
- David Álvarez Pérez, Ravikant Tiwari, Ghidra Software Reverse Engineering for Beginners - Second Edition, Packt Publishing, 2024, ISBN: 978-1-83588-982-4
- Bruce Dang, Alexandre Gazet, Elias Bachaalany, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014, ISBN: 9781118787311
- Eldad Eilam, Reversing: Secrets of Reverse Engineering, Willey, 2005, 9780764574818
- Dennis Andriesse, Practical Binary Analysis, ISBN-13: 9781593279127, 2018
- Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods, Practical IoT Hacking, No Starch Press, 2021