Subject lectured to the 1st year of the Masters in Cybersecurity, providing an entry into reverse engineering processes, tools and methodologies.
This edition will be lectured by professors Bernardo Cunha (email: f552@ua.pt), João Paulo Barraca (email: jpbarraca@ua.pt), and José Luis Azevedo (email: jla@ua.pt). Teaching staff will be available by email and Discord, especially during the allocated tutoring slots. The use of the Teams platform for direct communication between students and with professors is highly recommended. Official course contents will be available on this page, while grades will be available through the University Elearning platform (Elearning).
Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in either English or Portuguese according to the student preference.
Prospecting students should be aware that this subject requires some knowledge and comprehension of several topics in the areas of computers, networking, software, operating systems and basic electronics, such as: x86/AMD64 assembly, Java, Android, Linux, Python, Virtual Machines, and digital signals. Although lacking specific knowledge is not critical, the tasks proposed expect you to have some base knowledge on those topics.
Important Dates
-
Final Exam: June 24th, 10h
-
Assignment 1 - March 21st, 23:59
-
Assignment 2 - May 9th, 23:59
-
Assignment 3 - June 16th, 23:59
-
Return of PCB Board and remaining equipment until June 18th 18:00 at IEETA.
-
Recoursal - Practical Assignments: July 7th 23.59
-
Recoursal - Exam: July 10th, 10:00
Planning
According to the UA academic schedule, classes will be lectured from February 14th, until June 5th. The subject is composed by a 3 hours of theoretical/practical lectures, and 1 hour of optional tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures and preparing the assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Please also use this times to validate the execution of the assignments.
The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.
| # | Date | Topic |
|---|---|---|
| 1 | February 16 | Intro to Reverse Engineering File Types |
| 2 | February 23 | Android Static Analysis |
| 3 | March 1 | Android Binary and Web Apps |
| 4 | March 8 | Android Dynamic Analysis |
| 5 | March 15 | Binary objects - decompilation |
| 6 | March 22 | Static analysis and data structures |
| 7 | April 5 | Dynamic Analysis and emulation |
| 8 | April 12 | Dynamic Analysis and emulation |
| 9 | April 19 | Obfuscation techniques |
| 10 | April 26 | Decomposition of hardware devices |
| 11 | May 10 | Communication interfaces |
| 12 | May 17 | Serial and JTAG interfaces |
| 13 | May 24 | I2C and SPI |
| 14 | May 31 | TBD |
References
Software
The following list presents useful software for Reverse Engineering. There is no affiliation with any of the tools presented. Other curated lists software lists can be found here
A Reverse Engineering Box will be kept in github: https://github.com/jpbarraca/revbox/tree/main
Android
- Android Developer Studio: https://developer.android.com/studio
- APKTool: https://ibotpeaches.github.io/Apktool/
- Frida: https://frida.re
- dex2jar: https://github.com/pxb1988/dex2jar
- Bytecode Viewer: https://bytecodeviewer.com/
Binary Analysis
- Binary Analysis Platform: https://github.com/BinaryAnalysisPlatform/bap
- Angr: https://github.com/angr/angr
- Objdump: https://linux.die.net/man/1/objdump
- PEStudio: https://www.winitor.com/
- Cerebro: https://cerbero.io/
- ExplorerSuite: https://ntcore.com/?page_id=388
Debuggers
- WinDBG: https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk
- OllyDbg: http://www.ollydbg.de/
- x64dgb: https://x64dbg.com
- GDB: https://www.sourceware.org/gdb/
- GEF: https://github.com/hugsy/gef
- Vivisect: https://github.com/vivisect/vivisect
- LLDB: https://lldb.llvm.org
- EDB Debugger: https://github.com/eteran/edb-debugger
Decompilers/Disassemblers
- Ghidra: https://ghidra-sre.org/
- Snowman: https://derevenets.com/
- RetDec: https://retdec.com/
- Capstone: https://www.capstone-engine.org/
- Radare: https://www.radare.org/r/
- Cutter: https://cutter.re/
- Hopper: https://www.hopperapp.com/
- JEB: https://www.pnfsoftware.com/jeb2/
- Binary Ninja: https://binary.ninja/
- IDA: https://www.hex-rays.com/ida-pro/
- Relyze: https://www.relyze.com/overview.html
- Procyon: https://github.com/mstrobel/procyon
- encompyle6: https://pypi.org/project/uncompyle6/
- JADX: https://github.com/skylot/jadx
File Manipulation
- TrID: https://mark0.net/soft-trid-e.html
- file: https://linux.die.net/man/1/file
- LIEF: https://lief-project.github.io/
- binwalk: https://github.com/ReFirmLabs/binwalk
- DiE: https://horsicq.github.io/
Hex Editors
- HxD: https://mh-nexus.de/en/hxd/
- 010 Editor: https://www.sweetscape.com/010editor/
- HExWorkshop: http://www.hexworkshop.com/
- HexFiend: https://hexfiend.com/
- ImHex: https://github.com/WerWolv/ImHex
Instrumentation and Emulation
- Qiling: https://github.com/qilingframework/qiling
- Unicorn Engine: https://www.unicorn-engine.org/
- Qemu: https://www.qemu.org/
- iNetSim: https://www.inetsim.org/
- Qiling Docker with useful rootfs: https://hub.docker.com/r/nasmre/rebox
Websites
- MalShare: https://malshare.com/
- Contagio Malware dump: https://contagiodump.blogspot.com/
- Reverse Engineering challenges: https://challenges.re/
- Crackmes Repository: https://github.com/ReversingID/Crackmes-Repository/
- Crackmes.one: https://www.crackmes.one/
- Reddit ReverseEngineering: https://www.reddit.com/r/ReverseEngineering/
- Reddit AskReverseEngineering: https://www.reddit.com/r/AskReverseEngineering/
- OpenRCE: http://www.openrce.org
- Malware Analysis Tutorials: https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
Books
- A. P. David, Ghidra Software Reverse Engineering for Beginners, Packt Publishing, 2021, ISBN: 9781800207974
- Bruce Dang, Alexandre Gazet, Elias Bachaalany, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014, ISBN: 9781118787311
- Eldad Eilam, Reversing: Secrets of Reverse Engineering, Willey, 2005, 9780764574818
- Dennis Andriesse, Practical Binary Analysis, ISBN-13: 9781593279127, 2018
- Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods, Practical IoT Hacking, No Starch Press, 2021