Open in app

Sign in

Write

Sign in

How to reverse engineer your first binary

Kenny Wolf
Geek Talk
Published in
6 min readApr 25, 2024
Reverse Engineering Cover — Binary Code

Have you ever wondered how hackers can crack a program?

Imagine the following scenario: You have an executable file, but not the source code. The program needs a password/license key to use it, but you don’t have it. Luckily you know some assembly and can reverse engineer the executable and find out the password.

In this article I give you a brief overview on how reverse engineering works and give you some helpful tools on the way.

At the end there is an example program with which you can crack your first binary yourself.

What is a Binary

A binary file is a special file that can be interpreted by a program or a processor.

Both the program and the processor must know and support the format of the binary file. Every program that requires certain information from the binary file must therefore know exactly where to find it. The data within the file must therefore be structured exactly according to a predefined scheme so that it can be processed.

Binary files are often also referred to as executable files. They are therefore usually given file extensions such as “.exe” for “executable” or “.bin” for binary.

Compiling with C

A program written in C can be compiled using the following command.

gcc myFile.c -o myBinary

I will not explain the exact process here. But basically, if necessary, other C libraries are pulled, linked and then compiled into a file, in assembly language.

Reverse Engineering Explained

Reverse engineering is the process of analyzing a product or technology to understand how it works without having access to the original plans or designs.

Existing products are taken apart in order to research their structure, components and functionality and, if necessary, reproduce or improve them.

In our case we have a binary file without the source code which is structured in assembly code. So in order to reverse engineer it, we need to inspect the file and analyze the assembly code, to find out how the program works.

Inspect the File

Everything is Open Source, if you can read assembly. — lowlevellearning

To inspect a file we first want to find out some meta information about the file.

File Command

The output of the `file` command gives you information about the type of file and its properties. Here is an example output:

file crackme
// output
crackme: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=d07e86f0beb78924ca2bbc1e9dc445f09037d4a7, for GNU/Linux 3.7.0, not stripped
  • ELF 64-bit LSB pie executable: This tells you that it is an executable file in ELF format compiled for 64-bit architectures.
  • ARM aarch64: This means that the file has been compiled for the ARM architecture in 64-bit mode. This is a commonly used architecture in mobile devices and embedded systems.
  • Dynamically linked: The file is dynamically linked, which means that it calls libraries at runtime and these are not statically embedded in the file.
  • for GNU/Linux 3.7.0: The file is designed to run on GNU/Linux version 3.7.0 or higher.

Strings Command

You can of course view the file via cat command or with an editor.

Screenshot of cat command of binary file with output.

This, in turn, will spit out a lot of gibberish that is confusing and unreadable. But you will see that it has some normal text in it. To filter out the texts we need the strings command.

This command prints all the texts in the stdout.

strings crackme | less
Screenshot of strings command with output.

Xxd Command

To better assess the file structure we can make use of the xxd command.

This makes a hexdump of the file, whereby you can see the address, the hex values and the content in ascii for each line.

xxd crackme | less
Screenshot of xxd command with output.

Objdump Command

And last but not least, there is a command that shows us the whole thing in assembly.

With the objdump command, we can see the binary in its original form in assembly.

objdump -d -Mintel crackme | less
Screenshot of objdump command with output.

IDA for better Investigation

We now have a good overview of our binary and have been able to gain a lot of information from it.

But there is an even better way to analyze our binary. Namely with the IDA tool. IDA is a binary code analysis tool with very powerful features. For example structure overview or control flow.

You can download a free version here: https://hex-rays.com/ida-free/

Screenshot of IDA program.

Similar to objdump, IDA gives us a structured overview of the assembly code.

What is nicer here is that the various snippets that belong together are grouped together. Furthermore, we have a navigation on the left with which we can navigate through the entire file.

Screenshot of IDA program with Hexview.

As with xxd, IDA also gives us a hex view of the program.

Screenshot of IDA program with control flow manager.

A very powerful feature of IDA is the Control Flow Manager.

There are various Jump commands in assembly. Reading a file and its control flow is difficult. But with the Control Flow Manager you can see where the program continues, depending on the value that is checked for the jump.

This is indicated in IDA with the green and red arrows.

Reverse Engineering

With the help of the tools mentioned above, I have given you the most important tools on the way to creating your first binary reverse engine.

That’s it already? There is no walkthrough?

No, I have to disappoint you. You won’t really learn how to reverse engineer a program if I chew you through every step.

But I have written you a simple program that you can use to practice your reverse engineering skills.

Here is a link to a Github repository with a binary file and (because I am so kind) the source code (written in C).

Link to repo: https://github.com/kirillwolkow/Easy-CrackMe-Binary?tab=readme-ov-file

Here are some tips for cracking the binary:

  • Run the program on your environment (note: it was compiled for Linux) and see how it works
  • Analyze the file with the commands and tools I have shown you
  • Try to understand the control flow to find out the password

Important: Only look at the source file if you really can’t get any further. But first try to solve the problem yourself.

If you need a little more support, take a look at this great video from lowlevellearning. He makes a whole walkthrough on reverse engineering a simple binary: https://www.youtube.com/watch?v=gh2RXE9BIN8&t=638s

Summary

In this article you have learned about important tools for reverse engineering a binary.

You also have an example of how you could solve your first binary. Finally, I want to give you an important tip along the way. Start with simple challenges and work your way up.

Use platforms like picoCTF to practice and train reverse engineering challenges. You can be stubborn when it comes to solving the problem, but you can also look at hints.

Because it’s important that you learn something during the process and it’s okay to look at hints or ask for help.

If you could crack the program, write in the comments “I’m a Cracker”.

Reverse Engineering
Binary
Hacking
Idą
Assembly

--

--

Kenny Wolf
Geek Talk

Written by Kenny Wolf

43 Followers
Editor for

I write about tech, software development and hacking for non-techies and geeks 🤓 | Software Developer 👾 | Interested in pentesting 👹

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams