Introduction to Reverse Engineering and Software Cracking
Posted by Spyros in Reverse Engineering / Cracking, tags: cracker, cracking, fravia, orc, reverse engineering, reverser, reversing, software cracking, software reversing
Reverse Engineering has actually been the main reason why i first began learning more about computers. The days when i would go about opening up hiew editor in order to change that little 74 opcode to 90 seem hilarious at the time of writing this text, but i can understand all those people who just begin learning more about software cracking.
In this little post, i will be explaining some of the important aspects of the trade. In the next posts to come at this blog, i will also be taking some hands on approach, showing you how to crack real protections. For starters, though, i want to make a short introduction to the history of this fascinating scene and then i will describe the tools needed in order to crack efficiently and also what knowledge you would need to obtain to do so.
A brief History About Reverse Engineering on My Time
I started learning reverse engineering about 10 years ago. At that time, the scene was pretty much scarce due to the fact that the awesome +Fravia website has been frozen. In case you don’t know about it, +Fravia was one of the most important figures in the reverse engineering world (sadly he died some months ago). He created what was the greatest reverse engineering website with tons of information about reverse engineering and really transformed this trade to an art. After some years of worldwide success, one of the contributors and creators of this community, +ORC, vanished from the scene and +Fravia froze his website and created a new one about online searching techniques. Luckily, you can still find the incredibly knowledge of the +Fravia’s website as a mirror, courtesy of Woodmann.
Some years later, professor Thorsten Schneider (aka Zero), along with other great reversers like +Q and Daemon, created REA, the reverse engineering academy that was actually a contest of incredible crackmes and reversemes that crackers would solve to gain points in a hall of fame system. I must admit that this academy was really a state of the art creation and taught me many things along the way and also gave me the chance to work along these great people in order to prepare the Reverse Engineering Academy 2. Unluckily, a sudden turn on profit didn’t really allow REA 2 to be a hit.
How to Begin to Learn Reverse Engineering – Knowledge You Need
Learning to reverse engineer is a long going process. Do not expect to learn every possible technique in a couple of months. Becoming a good reverser takes lots of time and practise and would definately need more than a couple of years before you feel really confident with any protection scheme.Luckily for new reversers, there are some steps that they can follow in order to start on the right track.
1. The First and Most Important Thing is to Master The Assembly Language
You will be doing lots of assembly debugging and you need to know the ins and outs of assembly code. As you learn more things about it, you will be more efficient in understanding the flow of code and thus more easily reversing protection schemes. A great online resource that you can use to learn more about assembly is the incredible Art of Assembly Language Programming by Randall Hyde.
2. You Will Need to Know How to Program
You may be wondering why you need to know how to program in order to be a reverser. The truth is that the more things you know about computer programming, the more competent a reverser you will be. This is mainly true because a programmer knows about the logical structure of programs and easily recognizes the important API functions that are responsible for protecting a certain binary.
3. You Need to Learn Windows Internals
If you will be reversing in the Windows operating system(which is highly likely the case), you will need to have a deep understanding of Windows internals in order to bypass some protections. For instance, in order to unpack an executable, you would need to know about the PE file format and Import Table Rebuilding (an advanced technique used to reconstruct a broken import table, usually dumped from memory). Then, you would also need to know about Structured Exception Handling (a trend in today’s protections). The list can keep growing easily with more generic knowledge such as cryptography or genetic algorithms. The more you know, the more efficient you will become.
The Tools of The Trade
In order to begin, you need to get a hand on the tools needed to do the job. There are literally dozens of tools that you can use for your reversing deeds, but luckily only a handful of them are really important. What you definately need is 4 things. A debugger, a disassembler, a pe editor and a hex editor.
1. The Debugger
When it comes to debugging there are actually 2 choices. Softice or OllyDbg. When i started learning more about reversing, Ollydbg was not created and the only choice was Softice, the popular system level debugger. While it still is a pretty good choice, people have turned to Ollydbg for lots of reasons. First of all, it is a GUI based user level debugger that is much easier to handle and is more convenient for usage from the reverser’s point of view.
2. The Disassembler
Again, the first disassembler that a new reverser uses, is most times Win32Dasm by Peter Urbanik. Then, as you begin to learn more, you need to use something more powerful. And when it comes to power, there is nothing better than the Interactive DisAssembler, the so called Datarescue’s IDA.
3. PE editor
For a PE editor, you can just choose to use whichever you like. Just make a search for “PE editors” and suit yourself.
4. Hex Editor
There are two popular choices for this. Hiew and Hex Workshop. The first is a command line based one, while the second one is a GUI based one. At my times, Hiew was the hex editor of choice but Hex Workshop is increasingly popular nowadays.
This concludes this introduction about reverse engineering. Hope that i managed to tell you some of the important things you will need to know in order to start learning about this fascinating art. If you feel like asking anything, please drop a comment below.
Loading ...
Entries (RSS)
what if you’re on linux
well, linux is a totally different story. You’d have to be acquainted with gdb. While it’s not particularly difficult, working with a shell debugger is not my best. Even a simple stack overflow can be quite weird to analyze with gdb. For instance, disassembling the actual injected shellcode can go as much as “disas startoffset endoffset”. It is generally a quite tedious procedure and there have actually been times that i thought of writing a gui port for gdb.
Please help me about software cracking.
Sure, i’d love to help, but do you have any particular question ?
Try securitytube.net It has some great Assembly Primer videos for linux and windows.
Can you plz help me cracking tridef 3d softwares?
Niladri, i can help with some particular question but not crack something for you, sorry.
i need help. i see lots of things about image base ,some kernel32.dll ,offsets etc etc. where can i extract all these information? windows internals? PE? you have any book to recommend?
Hello nore, yes all this information is specific to a PE file. You should get a PE Editor and checkout those values and i would also suggest that you take a close look at the portable executable specification and more importantly understand how the import table works.
thanks a lot Spyros.and if you are greek : Euxaristo poli.
and something else.i read that book “art of assembly” (some parts, not all) but i dont recommend it so much because its some high lvl version of assembly and its only usefull to those that will program with assembly and they want to make a faster application with less code writing but of course i have not read it all so i dont know how this will help much better than any else book in “pure” assembly for reverse engineering. for example we extract a dissassembly representation of a binary code and we taking a look inside to all those details, function prologues/epi.. , switch statements , loops and all that and is not so similar to the assembly of randall’s books with macros. i know many ppl recommend this book in forums and all that but i saw a specific article in stack overflow that this is book is just another flavor of assembly with macros ,nasm,tasm.
so my question is : are you sure that we need to read this book?have you read it?is it better than others in the subject?
and again thanks a lot for this usefull information.
Hello nore yes i’m greek
Parakalo !
I know what you say about high level assembly. However, i am not talking about this book. Randall Hyde has previously written an older about that is plain assembly. I wouldn’t recommend HLA for any reason, i agree with you. I don’t really know if the older Art of Assembly is available, but this one was a masterpiece.
I’m talking about this one : http://maven.smith.edu/~thiebaut/ArtOfAssembly/artofasm.html
If you have the time and want to learn more about assembly, by all means read it. I’ve actually read like 3/4 of AOA when i was a kid ( i was kinda passionate about asm and reversing).
And when you feel competent with asm and an assembler like nasm or masm, be sure to check +Q’s article about dynamic lock and unlock of functions using masm macros. It will inspire you a lot
It would be nice to have this discussion in a separate place, i really have to create a forum to discuss such interesting matters.
you ROCK mate. thanks a lot for replying.im already on my way for reverse engineering so if you are about to create a forum on the subject plz let me know.
perfect thanks a lot i will.