Beyond reverse engineering, learning assembly made me appreciate what really goes on underneath the hood of my machine while I program in a higher level language such as C or Python. If you want a more comprehensive introduction to not only assembly, but the system as a whole, I cannot recommend this book enough: Computer System's from a programmer's perspective.
Self studying that book -- along with the free video lectures by the authors -- equipped me practical knowledge that's applicable as a software engineer who strives to grasp an understanding of the entire system.
I was taught assembler in my second year at school, It's kind of like construction work With a toothpick, for a tool
~ The Eternal Flame, by Bob Kanefsky
Writing down a high-level version of the assembly instructions in C is one of the best tricks when reverse engineering disassembled code.
When I started trying to interpret assembly instructions by keeping track of the registers, stack, and branches, but that ended up being way too much bookkeeping and didn't really give any more insight on what the code actually does.
Keeping a text file of C code though and adding lines as you go through the instructions is really fitting and practical. C is abstract enough to not care about most bookkeeping of registers and stack management, and branches can be written in nice nested if-else blocks that are familiar to most programmers and provide a visual structure that is compact and practical. On the other hand, C is low enough to deal with memory addresses almost directly, allowing you to easily transcribe any address arithmetic that happens, and if you're familiar with what stucts get compiled into, you can very nicely spot them in disassembled code and keep your high-level reverse engineered code structured and nice.
Very nice guide and a very good starting point in reverse engineering, especially if you have at least some experience with assembly.
...or spend like 4 hours playing around with godbolt. https://godbolt.org. You can thank me later.
One the most fun ways to learn assembly is on older systems like the Gameboy using something like the excellent no$gmb emulator and some of the really well developed docs. Full graphical debugging capabilities and an excellent tool for learning.
A lot less complex to start and you still learn the magic.
I don't know why people still use at&t syntax for x86(-64) asm, Intel syntax is so much easier to read
The syntax the author uses isn't even proper at&t or Intel, it's some weird hybrid of both.
A while back I had a side project I took on for a colleague that involved reverse engineering and bypassing the lockout mechanism on an old piece of kit that wanted to phone home. It was one of the most fun and engaging things I've ever done. There does seem to be a lack of really good free disassemblers though, none of the ones I tried could consistently handle relocation tables for some reason.
Almost ten years ago I worked on a reverse engineering project. It was very tedious work. Is it worth it to be good at reverse engineering, I mean are there good paying jobs for it now?
I often have trouble explaining reverse engineering to people without raising eyebrows. People think its hacking
This mirror of a Purism blog post to his personal blog looks pretty interesting but I'm having trouble accessing it on homelinux or puri.sm domains due to reputation.
Here's G cache: http://webcache.googleusercontent.com/search?q=cache:dH0AFM8...
The OP, afaict: https://puri.sm/posts/primer-to-reverse-engineering-intel-fs...
Thanks for sharing!
I've just in the past month or so started getting into intel assembly. For some reason I was a bit intimidated by it even though I have done some m68k, avr, pic and z80 asm in the past. After watching some Australian dudes tutorials on youtube though I quickly realized it was not bad at all. Also it's pretty great how easy it is to mix C code with asm and really helps you understand things like calling conventions. Now I have been playing around doing weird things like trying to implement a closure in C and smashing the stack to return to a different function than the one that was called.
Some useful links:
- https://github.com/radareorg/cutter (GUI for Radare2, free alternative to IDA)
- https://github.com/eteran/edb-debugger (debugger, free alternative for OllyDbg)
- http://hte.sourceforge.net/ (hex editor, disassembler, free alternative for Hiew) (open a binary, then press F6, select image format to get started, e.g: elf/image or pe/image)
- http://ref.x86asm.net/coder64.html List of x86-64 opcodes
- https://godbolt.org/ REPL that shows asm for given C/C++ code.
There is another one recently about intel reverse eng. he use crackme ...