Reverse Engineering 2023/2024

Subject lectured to the 1st year of the Masters in Cybersecurity, providing an entry into reverse engineering processes, tools and methodologies.

This edition will be lectured by professors Bernardo Cunha (email: f552@ua.pt), João Paulo Barraca (email: jpbarraca@ua.pt), and José Luis Azevedo (email: jla@ua.pt). Teaching staff will be available by email and Discord, especially during the allocated tutoring slots. The use of the Teams platform for direct communication between students and with professors is highly recommended. Official course contents will be available on this page, while grades will be available through the University Elearning platform (Elearning).

Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in either English or Portuguese according to the student preference.

Prospecting students should be aware that this subject requires some knowledge and comprehension of several topics in the areas of computers, networking, software, operating systems and basic electronics, such as: x86/AMD64 assembly, Java, Android, Linux, Python, Virtual Machines, and digital signals. Although lacking specific knowledge is not critical, the tasks proposed expect you to have some base knowledge on those topics.

Important Dates

• Final Exam: TBD

• Assignment 1 - March 21st, 23:59

• Assignment 2 - May 9th, 23:59

• Assignment 3 - June 13th, 23:59

Planning

According to the UA academic schedule, classes will be lectured from February 14th, until June 5th. The subject is composed by a 3 hours of theoretical/practical lectures, and 1 hour of optional tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures and preparing the assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Please also use this times to validate the execution of the assignments.

The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.

References

Software

The following list presents useful software for Reverse Engineering. There is no affiliation with any of the tools presented. Other curated lists software lists can be found here

A Reverse Engineering Box will be kept in github: https://github.com/jpbarraca/revbox/tree/main

Android

• Android Developer Studio: https://developer.android.com/studio
• APKTool: https://ibotpeaches.github.io/Apktool/
• Frida: https://frida.re
• dex2jar: https://github.com/pxb1988/dex2jar
• Bytecode Viewer: https://bytecodeviewer.com/

Binary Analysis

• Binary Analysis Platform: https://github.com/BinaryAnalysisPlatform/bap
• Angr: https://github.com/angr/angr
• Objdump: https://linux.die.net/man/1/objdump
• PEStudio: https://www.winitor.com/
• Cerebro: https://cerbero.io/
• ExplorerSuite: https://ntcore.com/?page_id=388

Debuggers

• WinDBG: https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk
• OllyDbg: http://www.ollydbg.de/
• x64dgb: https://x64dbg.com
• GDB: https://www.sourceware.org/gdb/
• GEF: https://github.com/hugsy/gef
• Vivisect: https://github.com/vivisect/vivisect
• LLDB: https://lldb.llvm.org
• EDB Debugger: https://github.com/eteran/edb-debugger

Decompilers/Disassemblers

• Ghidra: https://ghidra-sre.org/
• Snowman: https://derevenets.com/
• RetDec: https://retdec.com/
• Capstone: https://www.capstone-engine.org/
• Radare: https://www.radare.org/r/
• Cutter: https://cutter.re/
• Hopper: https://www.hopperapp.com/
• JEB: https://www.pnfsoftware.com/jeb2/
• Binary Ninja: https://binary.ninja/
• IDA: https://www.hex-rays.com/ida-pro/
• Relyze: https://www.relyze.com/overview.html
• Procyon: https://github.com/mstrobel/procyon
• encompyle6: https://pypi.org/project/uncompyle6/
• JADX: https://github.com/skylot/jadx

File Manipulation

• TrID: https://mark0.net/soft-trid-e.html
• file: https://linux.die.net/man/1/file
• LIEF: https://lief-project.github.io/
• binwalk: https://github.com/ReFirmLabs/binwalk
• DiE: https://horsicq.github.io/

Hex Editors

• HxD: https://mh-nexus.de/en/hxd/
• 010 Editor: https://www.sweetscape.com/010editor/
• HExWorkshop: http://www.hexworkshop.com/
• HexFiend: https://hexfiend.com/
• ImHex: https://github.com/WerWolv/ImHex

Instrumentation and Emulation

• Qiling: https://github.com/qilingframework/qiling
• Unicorn Engine: https://www.unicorn-engine.org/
• Qemu: https://www.qemu.org/
• iNetSim: https://www.inetsim.org/
• Qiling Docker with useful rootfs: https://hub.docker.com/r/nasmre/rebox

Websites

• MalShare: https://malshare.com/
• Contagio Malware dump: https://contagiodump.blogspot.com/
• Reverse Engineering challenges: https://challenges.re/
• Crackmes Repository: https://github.com/ReversingID/Crackmes-Repository/
• Crackmes.one: https://www.crackmes.one/
• Reddit ReverseEngineering: https://www.reddit.com/r/ReverseEngineering/
• Reddit AskReverseEngineering: https://www.reddit.com/r/AskReverseEngineering/
• OpenRCE: http://www.openrce.org
• Malware Analysis Tutorials: https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html

Books

• A. P. David, Ghidra Software Reverse Engineering for Beginners, Packt Publishing, 2021, ISBN: 9781800207974
• Bruce Dang, Alexandre Gazet, Elias Bachaalany, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014, ISBN: 9781118787311
• Eldad Eilam, Reversing: Secrets of Reverse Engineering, Willey, 2005, 9780764574818
• Dennis Andriesse, Practical Binary Analysis, ISBN-13: 9781593279127, 2018
• Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods, Practical IoT Hacking, No Starch Press, 2021

Videos

• Philip Polstra, Reverse Engineering and Exploit Development, Infinite Skills 2015 (Video)