My First Article(!!) on Reverse-Engineering
Here is my First Article on Reverse-Engineering. I am going to write how I started with reverse-engineering as a complete newbie (u will come across this word a lot, if u venture out to reverse-engineering, it just means novice)
I assume that the reader have basic programming knowledge, and know basic Assembly language (just a little, for starters).
Ok first the Disclaimer: I am not responsible if you use whatever you learn for illegal purpose.
Now to get started u have to know some basic terminologies used in the reversing arena..
Note that here after u must think in Hex values, because all the data or the code we will reverse are going to be in HEX, because we are going to work with executables and we don’t have the source code for the target program.
Crackmes- A program, normally a username/serial type, which u are going to crack. The program may employ different methods to generate a serial for the given user name, u’r goal is to find the algorithm which is used to generate the serial, and write u’r own key generator.
Key Generator- After u reverse the serial generating algorithm ,u re-write the algorithm or rip it from the target program and write a program which will give the correct serial for the given username.
Patching- Patching is nothing but altering the Hex bytes in an executable are any other file. Usually we will patch a crackme such that it will say correct serial if u enter any serial for a given username.
PE Header- Present in all Windows Executable,it tells the OS how to load the exe and execute it. PE Header is a vast topic and a very important one,u must read about PE Headers at MSDN site or use Google to find the Paper by Icezlion or a more detailed and a very good paper by LUEVELSMEYER
Tools needed in our trade..
Debugger- Used to trace the target program line by line. I use OllyDbg, will be useful for beginners, because it is Ring 3 debugger, another powerful debugger is Softice by Numega ,but it is a Ring 0 debugger. I started with Softice though, but I recommend OllyDbg.
What is a Ring??
The architecture of the Intel x86 processor defines four privilege levels (known as rings). Windows uses privilege level 0 (or ring 0) for kernel-mode and privilege level 3 (or ring 3) for user-mode. The reason Windows uses only two levels is that some of the hardware architectures that were supported in the past (such as Compaq Alpha and Silicon Graphics MIPS) implemented only two privilege levels.
Disassembler- It is used to represent the exe files as a set of asm code. It is static when compared to a debugger which is dynamic one, meaning we can execute a asm statement in a debugger and not in a disassembler. W32Dasm is a famous disassembler,u can also use PVDasm, but I recommend IDA Pro which is a powerful disassembler with lot of features
Hex Editor- Used for modifying Target files. Hex Workshop is a good tool, Hiew is a better one.
Some program may be packed, which means modifying the PE Header or encrypting the PE header.such program cannot be debugged or disassembled
Other useful tools are ..
Resource Workshop by Borland to modify GUI windows attributes, PEid to check whether a program is packed and what compiler the program was compiled. And unpackers for packed binary executables.
Ok next register u’r self at Crackmes.de. Crackmes.de contains lots of crackmes to play around.
U can check my Profile at Crackmes.de, by searching for neo_theone,this is the name I have registered there, and I am revealing it here because I don’t do any illegal stuff and then who cares…
Next u must register u’r self at community.reverse-engineering.net, a forum where u can ask any doubts regarding programming,reversing or if u have any trouble cracking a crackme downloaded from Crackmes.de u can ask for help here.
Here I conclude my First Article(its not a article).Any way in coming days I will write about how to crack a example crackme.
