Monthly Archives: August 2012

Reversing: Secrets of Reverse Engineering


Reverse engineering is a skill, a craft, a creative process that cannot be learned from just reading a book.  With that said, Reversing: Secrets of Reverse Engineering offers great guidance into the process, and unlike other self proclaimed “hacker essentials,” this book delivers what it promises and then some. This book starts the reader off from the basics of compiled languages, explaining the intricacies of compiler optimized assembly output.  And proceeds to show various reversing sessions of native Windows API implementations.  Guiding the reader step by step in the process of turning the assembly code into higher level code.

The later chapters deal with inspecting malaware, with the author analysing a popular backdoor program, and tracing its functionality in order to discover the server it connects to, its password, and its command list.  The book also extensively covers anti-reversing, and anti-debugging techniques, dedicating a full chapter to these.

In its final chapters, the book introduces techniques for reversing vm-based implementations like Java and the .Net platform.  With the increasing popularity of this type of implementations, this is surely a skill that will become more useful as time goes by.  The appendix in this book is incredibly useful.  Appendix A is a quick reference guide for translating common high level constructs into assembly language.  Appendix B is a quick reference to common arithmetic as optimized by the compiler.  Appendix C gives an in-depth analysis of how data is laid out in the system, and how the many standard calling conventions are represented.

Overall Reversing: Secrets of Reverse Engineering is one of the most well-written, detailed, and useful books on the subject and it deserves a 9/10.  If you are looking for a fantastic book on the subject, look no further.

[JAVA] Bypassing Licensing Schemes Through Bytecode Modification

[Intro]

I have been meaning to write a bot for Objection!, a game whose purpose is to test your ability to identify objectionable questions during a simulated trial.  While I have a valid key, I am only allowed to install it in one computer at a time.  Since I use my laptop more often than anything else, I installed the game there so I have it handy when I wish to use it for its intended purpose.

In the meantime, I had to come up with a solution so I can use the game on my development machine to write my bot. When I attempted to decompile the code, modify the licensing part, and recompile the code, I was hit with a bunch of repeated declarations and other ambiguous code (about 300 or so errors).  Needles to say…I’m way too lazy to manually resolve all those problems to recompile.  The next best(laziest) option was to modify the bytcode of the compiled classes so that I can do the same thing, without having to worry about recompiling and fixing all the issues.