#Post Title #Post Title #Post Title #Post Title #Post Title
Wednesday, January 8, 2014

Reverse Engineering Tutorial 1 - Introduction to Reverse Engineering


Hello Firends, As I posted on my Facebook Page “Bangash Hacker” that I will start tutorials on ‘Reverse Engineering’ or ‘Software Cracking’ so this is the first tutorial on Reverse Engineering and this it’s title is ‘Introduction to Reverse Engineering’.In this tutorial I will teach you that what is Reverse Engineering and what types of tools is used in Reverse Engineering.
Note: If you have any question or query related to Reverse Engineering you can post you question on my Facebook or Google+ Page.You can also post comment here but I will prefer to post you question on Facebook or Google+ Page.
My Facebook Page: Bangash Hacker
My Google+ Page: Bangash Hacker
So lets start Reverse Engineering.

What is reverse engineering?

Reverse engineering is the process of taking a compiled binary and attempting to recreate (or simply understand) the original way the program works. A programmer initially writes a program, usually in a high- level language such as C++ or C# or Visual Basic (or God forbid, Delphi) etc. Because the computer does not inherently speak these languages, the code that the programmer wrote is assembled into a more machine specific format, one to which a computer does speak. This code is called, originally enough, machine language. This code is not very human friendly,  and often times requires a great deal of brain power to figure out exactly what the programmer had in mind.

What is reverse engineering used for?

Reverse engineering can be applied to many areas of computer science, but here are a couple of generic categories;
  1.  Making it possible to interface to legacy code (where you do not have the original code source). 
  2. Breaking copy protection (ie. Impress your friends and save some $$ like Cracking IDM). 
  3. Studying viris and malware.
  4. Evaluating software quality and robustness. 
  5.  Adding functionality to existing software.
d    The first category is reverse engineering code to interface with existing binaries when the source code is not available. I will not be discussing this much, as it is boring.
The second category (and the biggest) is breaking copy protection. This means disabling time trials, defeating registration, and basically everything else to get commercial software for free. This we will be discussing at great length.
The third category is studying virus and malware code. Reverse engineering is required because not a lot of virus coders out there don’t send instructions on how they wrote the code, what it is supposed to accomplish, and how it will accomplish this (unless they are really dumb). This is a pretty exciting field, but requires a great deal of knowledge. We will not discuss this much until later on.
The fourth category is evaluating software security and vulnerabilities. When creating large (think Windows Operating Systems), reverse engineering is used to make sure that the system does not contain any major vulnerabilities, security flaws, and frankly, to make it as hard as possible to allow crackers to crack the software.
The final category is adding functionality to existing software. Personally, I think this is one of the most fun. Don’t like the graphics used in your web design software? Change them. Want to add a menu item to encrypt your documents in your favorite word processor? Add it. Want to annoy your co-workers to no end by adding derogatory message boxes to Windows calculator? Let’s do it. This we will be getting into later in the series.

What knowledge is required?

As you can probably guess, a great deal of knowledge is necessary to be an effective reverse engineer. Fortunately, a great deal of knowledge is not necessary to ‘begin’ reverse engineering, and that’s where I hope to come in. That being said, to have fun with reversing and to get something out of these tutorials you should at least have a basic understanding of how program flow works (for example, you should know what a basic if…then statement does, what an array is, and have at least seen a hello world program). Secondly, becoming familiar with Assembly Language is highly suggested; You can get thru the tutorials without it, but at some point you will want to become a guru at ASM to really know what you are doing. In addition, a lot of your time will be devoted to learning how to use tools. These tools are invaluable to a reverse engineer, but also require learning each tool’s shortcuts, flaws and idiosyncrasies. Finally, reverse engineering requires a significant amount of experimentation; playing with different packers/protectors/encryption schemes, learning about programs originally written in different programming languages (even Delphi), deciphering anti-reverse engineering tricks…the list goes on and on. At the end of this tutorial I have added a ‘further reading’ section with some suggested sources. If you really want to get good at reversing, I highly suggest you do some further reading.

What kinds of tools are used?

There are many different kinds of tools used in reversing. Many are specific to the types of protection that must be overcome to reverse a binary. There are also several that just make the reverser’s life easier. And then some are what I consider the ‘staple’ items- the ones you use regularly. For the most part, the tools fit into a couple categories:
1. Disassemblers
Disassemblers attempt to take the machine language codes in the binary and display them in a friendlier format. They also extrapolate data such as function calls, passed variables and text strings.  This makes the executable look more like human-readable code as opposed to a bunch of numbers strung together. There are many disassemblers out there, some of them specializing in certain things (such as binaries written in Delphi). Mostly it comes down to the one your most comfortable with. I invariably find myself working with IDA (there is a free version available http://www.hex-rays.com/), as well as a couple of lesser known ones that help in specific cases.

2. Debuggers
Debuggers are the bread and butter for reverse engineers. They first analyze the binary, much like a disassembler  Debuggers then allow the reverser to step through the code, running one line at a time and investigating the results. This is invaluable to discover how a program works. Finally, some debuggers allow certain instructions in the code to be changed and then run again with these changes in place. Examples of debuggers are Windbg and Ollydbg. I almost solely use Ollydbg (http://www.ollydbg.de/), unless debugging kernel mode binaries, but we’ll get to that later.

3.Hex editors
Hex editors allow you to view the actual bytes in a binary, and change them. They also provide searching for specific bytes, saving sections of a binary to disk, and much more. There are many free hex editors out there, and most of them are fine. We won’t be using them a great deal in these tutorials, but sometimes they are invaluable.

4. PE and resource viewers/editors
Every binary designed to run on a windows machine (and Linux for that matter) has a very specific section of data at the beginning of it that tells the operating system how to set up and initialize the program. It tells the OS how much memory it will require, what support DLLs the program needs to borrow code from, information about dialog boxes and such. This is called the Portable Executable, and all programs designed to run on windows needs to have one.
In the world of reverse engineering, this structure of bytes becomes very important, as it gives the reverser needed information about the binary. Eventually, you will want to (or need to) change this information, either to make the program do something different than what it was initially for, or to change the program BACK into something it originally was (like before a protector made the code really hard to understand). There are a plethora of PE viewers and editors out there. I use CFF Explorer (http://www.ntcore.com/exsuite.php) and LordPE (http://www.woodmann.com/collaborative/tools/index.php/LordPE), but you can feel free to use whichever you’re comfortable with.
Most files also have resource sections. These include graphics, dialog items, menu items, icons and text strings. Sometimes you can have fun just by looking at (and altering    ) the resource sections. I will show you an example at the end of this tutorial.

5. System Monitoring tools
When reversing programs, it is sometimes important (and when studying virii and malware, of the utmost importance) to see what changes an application makes to the system; are there registry keys created or queried? are there .ini files created? are separate processes created, perhaps to thwart reverse engineering of the application? Examples of system monitoring tools are procmon, regshot, and process hacker. We will discuss these later in the tutorial.

6. Miscellaneous tools and information
There are tools we will pick up along the way, such as scripts, unpackers, packer identifiers etc. Also in this category is some sort of reference to the Windows API. This API is huge, and at times, complicated. It is extremely helpful in reverse engineering to know exactly what called functions are doing.

7. Enjoy.....

This was simple introduction to Reverse Engineering and on my next tutorial I will show how crack Windows default Calculator and change the menus and buttons etc and impress you friends that you can change & crack software......

Further Reading

1.Assembly Language. Assembly Language For Intel Based Computers is the de-facto book on it . You can also check out some web sites that offer a tremendous amount of downloads , instruction, sample code , and help. Another good resource is “The Art of Assembly”. I will be including this in one of the next tutorials, but you can also download it here.

2. The PE file structure. One of the best resources is from Microsoft themselves: “An in-depth look into the Win32 Portable Executable File Format“. Another good document (with lots of pretty pictures) is “PE File Structure“.   It is a downloadable PDF.

3.Windows Operating System Internals. The de-facto book is “Microsoft Windows Internals” by Mark Russinovich. It’s about as exciting as women’s baseball, but it is THE resource.


If you have any question or query then post comment on my Facebook or Google plus Page or post here.


[ Read More ]
Saturday, January 4, 2014

IDM 6.18 Build 11 Final for 2014



Hello Friends , As many of friends comment and send email about IDM(Internet Download Manager), As I post about IDM before but that version is now old and may not work for someone so Now I am post IDM 6.18 which will work on all browsers.
Installation is simple.

Step 1: Download IDM 6.18 Build 11 with Crack. Click here to Download
Step 2: If you have already install IDM which is not 6.18 version then uninstall that and install the downloaded IDM.
Step 3: When IDM is intalled the just Copy IDMan.ex which is in Crack folder and paste it into IDM installation directory where you install idm.
Step 4: Now Run reg.reg file
Step 5: Run IDM and enjoy.......


If you have any question or query then post comment here or post comment in my Facebook Page or Google+ Page.
Bangash Hacker
[ Read More ]
Friday, January 3, 2014

Unhide Hidden Files & Folders in USB(Flash) caused by Virus




Hello everyone, I am sorry for not posting any article on my website due to my study and other reasons, so now I am back and will write about Ethical Hacking and Computer Tricks & Tips. As I have received many emails and comments from users for Bangash FB Hacker  software and I will send this to all users and may be I have to change the software to web based then it will be easy to use and get the software.
Any way today I am just posting about a virus solution which "unhide hidden files and folders in Flash", most of you know about this virus.Actually this virus hide all the files or folders in USB(Flash) automatically and you can't unhide it and also anti-virus can't unhide these files or folders,
Below is the example of hidden file or folder:

Hidden System Files

 so today I am sharing a trick with you which unhide these files and folders.Follow the below steps to learn how this tips or trick works.
Step 1: Click on the start button and type cmd in the search box
Step 2: Click on cmd and it will open a black DOS window
Step 3: Type the following command there and press enter.
(Note: Change the 'J' with your own USB Flash drive name, in my case it's J drive)
  • attrib -H -S J:\*.* /S /D /L

Step 4: Finally it will show the hidden files and folders in your flash drive.(If the command give some error like 'access denied' ect then leave it because it is for system information folder and you folder and files will be unhided).
Enjoy and please comment and share....


If you have any question then comment here.
Bangash Hacker

[ Read More ]
Related Posts Plugin for WordPress, Blogger...
 
 

Create Free Store

Followers

Contributors