Getting started with Reverse Engineering with no prior experience

I’d start off this post with a small story about a massive ransomware attack that caused worldwide mayhem in May 2017. Heres how the story goes, Imagine you’re working in a hospital in UK and one day you saw the infamous wannacry logo on screen saying that all your files are encrypted and for getting them back, you need to pay a ransom otherwise all your files are gone and you can’t just decrypt it because they use sophisticated RSA encryption algorithm, you can’t decrypt it using normal computers, so there’s no point. So now all the files are at stake and you can’t access patients records, I know this is worse than getting robbed in broad day light except this is happened over the internet.

Heres the whole breakdown of wannacry if you wanna see: https://www.youtube.com/playlist?list=PLniOzp3l9V83Yf52IXJTvW9rjstdqkduP

Though the ransomware attack itself didn’t stopped but some maverick found a kill switch in the code after “reverse engineering” it and registered a domain, effectively halting the entire ransomware operation.

Perhaps stories like this sounds fascinating, even i got fascinated with hearing how security researchers are always one step ahead of bad guys. And always come out as heros. This is just one example, there are countless instances where law enforcement hunt down big ransomware members of groups like REvil, Gameoverzeus, Sandworm, NotPetya, LockBit I can honestly go on and on the list is endless were arrested and brought to justice.
https://www.bleepingcomputer.com/news/security/russia-arrests-revil-ransomware-gang-members-seize-66-million/

FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva

As much as these stories fascinate me, it also encourage me to learn how to stop these cyber attacks, and how to make this world safe by bad guys who want nothing but money and power and cause disruption. So the best way to learn how a malicious actor makes a virus (let’s say) we’ve to reverse engineer it, as we know we don’t have access to source code, we’ll only have access to binary or executable and that’s all the thing that we need to work with and put together pieces and identity the weaknesses to stop an intrusion or at least mitigate it.

So to get started in reverse engineering, you need to be good at C and assembly, why C, as you might ask, it is because C is the system-level programming language and is widely used to write malicious software so that’s why, although there are other languages that can cause similar effects here we gonna stick with C. And why assembly? As you might know, assembly is the higher level abstraction of machine code that a human can read, and it’s what we gonna see in disassemblers a lot, I know it makes no sense here but as we go ahead it will. So stick with me.

So in my experience, the best way to understand programs is to simply get the binary of it, without source code, and use some disassembler to disassemble it you can use any disassembler you want but in my experience, it’s better to get comfortable with one, and explore others, no disassembler is better than other, each one has its own pros and cons.
Here's a list of disassemblers you might wanna try.

• IDA Free
• IDA Pro
• Ghidra
• Hopper
• x64dbg
• OllyDbg
• Radare2
• Binary Ninja
• GDB: This is a debugger and used to debug C programs and not to as efficient as disassemblers and less powerful.

When I started, I used ghidra and ida free version and used it for extensive period of time then jumped on radare2, x64dgb, hopper and binary ninja. If you’ve 0 experience, I’d recommend try this playlist on ghidra, you’ll know how it works.

Another thing to mention, you can make your own program and compile it and get the binary and load that in gdb to see the assembly code and set breakpoints and crack basic things, it’s a debugger so you can imagine it doesn’t have many features as “disassemblers” have.

So, in the reverse engineering community, we use something called crackmes, these are challenges made by security professionals to educate newbies and there are several sites that offer crackmes, the ones that I find the most useful are:

• https://pwn.college/
• https://pwnable.tw/challenge/
• http://pwnable.kr/play.php
• https://crackmes.one/
• https://challenges.re/
• https://overthewire.org/wargames/vortex/vortex0.html
• https://www.smashthestack.org/
• https://exploit.education/protostar/
• https://ropemporium.com/

Don’t get confused by looking at this, you can start off with crackmes.one and solve these ones (I’ve made a list of beginners level crackmes), If you’re confused you can always look for solutions on these 2 websites, they’re pretty good.

• https://johannesbader.ch/projects/solutions-to-crackmes/
• https://tuts4you.com/download.php?list.61

Apart from all these if you want to read books about reverse engineering, my recommadation would be

• Reversing: Secrets of Reverse Engineering
• Practical Malware Analysis
• The Ghidra Book: The Definitive Guide

There are many but these are the ones I can think of for now and they’re pretty good in my opinion. And there are free courses too by Opensecuritytraining you can find them here https://opensecuritytraining.info/IntroX86.html.

Summing up:

If I say you’d become professional reverse engineer by just doing these courses, i’d be lying to you, reverse engineering and malware analysis is a big thing, you can’t become professional by just following courses, it requires years and years of practice and passing obsticles to become pro in this. The things that I’ve covered here is just tip of the iceburg. and as you know each architecture have their own assembly and own set of instructions, so you can imagine, a human can’t learn literally all architectures. But anyways, Learn what you need and what you find interesting. In upcoming posts I’ll solve some crackmes so stay tuned.

Anyways, thanks a lot for reading my blog, I hope y’all have a great day, happy hacking :)