Demystifying Software: A Beginner's Guide to Reverse Engineering

Demystifying Software: A Beginner's Guide to Reverse Engineering (RE_Fako)

Farman Kosim

Lama Workshop: 2 Hari

Level Workhsop: Beginner-Intermediate 


This intensive 2-day course teaches beginner to intermediate security researchers and software developers how to analyze and manipulate programs without access to source code. Through interactive tutorials and hands-on exercises, attendees will learn:
● How to set up a reverse engineering environment using disassemblers like IDA Pro and Ghidra
● Techniques for in-depth static analysis of binaries including disassembly, code graphing, and pseudocode generation
● How to patch and modify executables to add new functionality or bypass copy protection schemes
● Dynamic analysis using debuggers like OllyDbg to trace programs and inspect runtime state
● How to unpack, disable anti-analysis methods, and analyze real-world software samples
● Strategies for cracking license checks, serial number validation, and other reverse engineering challenges

The workshop provides a full overview of reverse engineering concepts, tools, and workflows to enable students to start applying these skills in security research and software development roles.

 

Who is this workshop for?
● Software developers
● Security researchers and analysts
● IT professionals
● Students interested in reverse engineering


Prerequisites:
● Basic programming knowledge (any language)
● Familiarity with operating systems concepts
● Understanding of basic computer architecture
● Analytical mindset

 

Agenda
Day 1:


9:00 AM - 9:30 AM: Introduction to software reverse engineering
● What is reverse engineering? Reverse engineering is the process of analyzing software to understand how it works, without access to the original source code. It involves taking apart binaries and disassembling code.
● Why do we reverse engineer software? Typical reasons are security analysis, interoperability, debugging closed-source programs, or learning how something works.
● Legal and ethical considerations Most countries allow reverse engineering for interoperability purposes. But laws differ on reverse engineering for copyright circumvention. Always respect intellectual property.
● Types of reverse engineering
● Black box: analyzing software inputs and outputs only
● White box: full access to source code
● Gray box: partial source code access, with reverse engineering


9:30 AM - 10:30 AM: Setting up a reverse engineering environment
● Introduction to IDA Pro and Ghidra Overview of the two most popular interactive disassemblers. Explain features and differences.
● Downloading and installing Guide students through evaluating trial versions and free licenses. Help install tools.
● Configuring disassembler settings Show important options like syntax, output format, analysis depth, etc.
● Loading binaries Demonstrate opening executables and libraries in various formats.
● Exploring interface Tour the basic code windows, hex view, strings, exports, etc.
● Demo basic static analysis Show simple disassembly, graphing, xrefs, commenting, etc.


10:30 AM - 10:45 AM: Break


10:45 AM - 12:00 PM: Basic static analysis using IDA Pro or Ghidra
● Disassembling code
Explain the disassembly process. Show decoding machine code into assembly instructions.
● Examining strings Demonstrate finding human-readable strings and why it's useful.
● Identifying functions Explain how functions are recognized. Use graphing to clarify boundaries.
● Commenting code Add comments to explain the purpose of code sections. Help identify data structures.
● Understanding assembly Explain common instructions, registers, stack, calling convention.
● Exploring hex dump Demo navigating file contents in hex versus disassembly.
● Visualizing code flow Use graphs to clarify program structure and visualize function calls.
● Hands-on exercise Students disassemble a binary with guidance.


12:00 PM - 1:00 PM: Lunch break


1:00 PM - 2:30 PM: In-depth static analysis
● Cross referencing Demo navigating xrefs to track data usage and function calls.
● Identifying libraries Explain recognizing common library functions. Use FLIRT signatures.
● Recovering code structures Show determining loops, if statements, functions from disassembly.
● Using pseudocode Demonstrate decompiling assembly into higher level pseudocode.
● Decrypting/unpacking Explain unpacking encrypted or packed executable code.
● Data flow analysis Track tainted data through program execution.
● Program patching Overview editing disassembly for dynamic analysis.
● Hands-on exercise In-depth reverse engineering of binary with guidance.


2:30 PM - 2:45 PM: Break


2:45 PM - 4:00 PM: Patching binaries using IDA Pro or Ghidra
● Editing assembly Demo directly modifying disassembled code.
● Editing data Explain modifying program data like strings, constants, etc.
● Introducing code Show adding new code for analysis purposes.
● Bypassing checks Patch code to disable license checks, time limits, etc.
● Hands-on exercise Students patch CrackMe binary with guidance.


4:00 PM - 4:30 PM: Q&A and wrap-up

Day 2:


9:00 AM - 10:30 AM: Dynamic analysis using debuggers like OllyDbg
● Attaching to processes Demo finding target process and attaching debugger to it.
● Setting breakpoints Explain software and hardware breakpoints. Show setting at function calls or instructions.
● Stepping through code Demonstrate executing one instruction at a time to trace functionality.
● Examining registers Show viewing register values like EIP, EAX, etc. as code executes.
● Examining memory Explain dumping and searching process memory in real-time.
● Examining stack Demo viewing stack contents including function arguments.
● Tracing code flow Relate executing assembly to higher level source constructs.
● Identifying anti-debugging Explain common defensive techniques like IsDebuggerPresent API.
● Debugging challenges Students debug binaries with anti-re techniques.
● Sample binaries Crackmes or CTF binaries with anti-debugging and unpacking.


10:30 AM - 10:45 AM: Break


10:45 AM - 12:00 PM: Dynamic analysis using debuggers like OllyDbg


● Examining memory Explain dumping and searching process memory in real-time.
● Examining stack Demo viewing stack contents including function arguments.
● Tracing code flow Relate executing assembly to higher level source constructs.
● Identifying anti-debugging Explain common defensive techniques like IsDebuggerPresent API.
● Debugging challenges Students debug binaries with anti-re techniques.
● Sample binaries Crackmes or CTF binaries with anti-debugging and unpacking.


12:00 PM - 1:00 PM: Lunch break


1:00 PM - 2:30 PM: Reverse engineering CrackMes
● Unpacking Use OllyDbg or x64dbg to unpack runtime compression.
● Disassembling Load CrackMe into IDA/Ghidra for static analysis.
● Understanding code Trace registration check logic and fail cases.
● Patching NOP out branches, fix conditions to succeed.

2:30 PM - 2:45 PM: Break


2:45 PM - 4:00 PM: Reverse engineering CrackMes
● Solving keygens Analyze algorithm to generate proper serials.
● Hands-on challenges Students reverse and patch CrackMes.
● Sample CrackMes KeyGenMes, serial checks, activation routines.


4:00 PM - 4:30 PM: Capture the flag and wrap-up

 

Tentang Fako

 

 

  • - Work at GDP Labs
  • - Reverse engineering freak
  • - IDSECCONF CTF problem setter (reversing)
  • - 5 times Flare-On winner

 

 

 

 

Contact Us

Phone :

+62-851-7330-1337

Fast Response:

Mention/dm di twitter/IG,
@idsecconf

Email :

info[at]idsecconf.org