Reverse engineering is the process of discovering the technological principles of a human made device, object or system through analysis of its structure, function and operation.
21
votes
5answers
1k views
Why would malware try to remove other malware?
Recently my php-based website got infected with malware (probably by a stolen ftp password).
Basically, every 30 minutes a file frame_cleaner_php.php was uploaded, a HTTP-GET was done on it to execute ...
18
votes
5answers
1k views
How valuable is secrecy of an algorithm?
On the surface, the inadvisability of security through obscurity is directly at odds with the concept of shared secrets (i.e. "passwords"). Which is to say: if secrecy around passwords is valuable, ...
13
votes
8answers
2k views
Any comprehensive solutions for binary code protection and anti-reverse-engineering?
Does anyone know of good products with comprehensive binary hardening and anti-reverse-engineering features? Or better, has anyone seen an independent review comparing products that perform these ...
9
votes
1answer
322 views
What role does cryptography play in anti-piracy?
As a follow-up to Cipher for Product Registration, are there secure yet usable cryptographic standards/protocols for protecting software and data used by software? I'm interested in hardware and ...
8
votes
3answers
509 views
Vuln research: reverse engineering, debugging or fuzzing?
I wonder how hackers find vulnerabilities.
If they use fuzzing, security engineers do it, and it's probably that security engineers (that work in a firm) have more resources than a group of hackers.
...
8
votes
2answers
1k views
Facebook API : App Secret - possible misuse
I've recently find out that by simple quick look into compiled code of one of our applications, you can get both App ID (API Key) and App Secret for Facebook API
I suppose that we should really keep ...
6
votes
3answers
475 views
Reverse engineering and Java
Is java class file or jar file is easy to reverse engineer? Because java generates a class file after compilation and not exe files. Is jar and class files are easy to decompile compare to c# and C++? ...
6
votes
3answers
463 views
Global check of input/output of known hash functions
Is there a website, application, or script that will allow you to give an input/output for a hash function, run these against known functions, and return any matches?
Here's one attempt to list the ...
6
votes
2answers
150 views
Where can I find good resources on reversing web malware?
I am wondering where I can find a good site with resources on reversing web malware like javascript, flash, html5, and any other stuff that is designed to attack the clients.
Does anyone have any ...
5
votes
4answers
2k views
How to harden an iPhone/Android app so its tough to reverse-engineer it?
These are the following objectives I have in mind:
Make the app hard to crack, as the binary will hold some secret tokens.
If it still can be cracked, is there any way the app can tell someone or ...
5
votes
3answers
305 views
What methodologies are useful when reverse-engineering malware / shellcode?
Whilst I'm familiar with reverse engineering techniques from a technical standpoint, I've never found a good methodology for approaching and dissecting malware / shellcode. I've found hundreds of ...
4
votes
2answers
372 views
How would I go about rebuilding the IAT of a packed executable?
When executables are packed with a tool such as UPX, the real code and data sections are encrypted or obfuscated, then loaded into memory using an injected decrypter stub. This makes static analysis ...
4
votes
1answer
152 views
Reverse Engineering for .rtf files
I've received lately a .rtf attachment on my work email from an untrusted email account.
I suspect the attacker is exploiting "Microsoft Security Bulletin MS12-029" vulnerability.
What are the ...
3
votes
1answer
135 views
Recover file using Java RanNum Gen + Key
EDIT: Here is some more background. I am basically trying to reproduce this the method outlined here I have been able to hit everything up until the paragraph regarding the decrypting of the data file ...
3
votes
1answer
162 views
How to debug/reverse engineer java applets?
I need to analyze a java application (a .jar file) for a war game. I know java can be decompiled, but the coder apparently did a lot of obfuscation to prevent the reverse engineers from understanding ...
2
votes
4answers
1k views
Reverse engineering (decompiling) an .exe file in OSX
I am a complete newby in the reverse engineering world, and being able to decompile .exe files in my OSX is being a pain.
Does anybody know a good decompiler of .exe for OSX, or any hint about where ...
2
votes
2answers
438 views
how to make software reverse engineering difficult
In software reverse engineering, we use a dissembler, a debugger, and a code patcher. OllyDbg includes all. One of the differences between actual execution of a program and debugging through using ...
2
votes
1answer
178 views
What tricks can be used to prevent debugging?
What tricks can be used to prevent or hinder debugging?
Examples:
IsDebuggerPresent API on Windows
Exception handlers used for program flow.
GetTickCount / rdtsc checks.
Are there any good ...
2
votes
1answer
254 views
How to reverse engineer w32/malware!gemini?
How would you go about reverse engineering malware w32/malware!gemini. Recently I found it installed on my computer and would like to trace where the data is being sent. Thank you.
2
votes
1answer
120 views
Identifying strange Perl CGI script
Recently, while looking at some Perl CGI files, I came across this. I am not familiar enough with Perl to know exactly what it means, but I did attempt to base64 decode the string to no effect. Can ...
2
votes
1answer
164 views
Good tools for reverse engineering colaboratively?
Does anybody know a good set of tools for doing reverse engineering of binaries in a collaborative way?. My original idea is to disassemble a binary, allowing to add information about functions, ...
1
vote
1answer
299 views
where is the pe loader in windows?
I have read that the pe loader is responsible for loading executable images from disk. When and where is the control flow exactly transferred to the loader? The pe format is well documented but there ...
1
vote
1answer
50 views
Java applet authenticity problem
I implemented an applet in java to authenticate users at my website by the usage of MIFARE cards and everything is working good. However I am concerned about the applet's authenticity, in other words, ...
1
vote
2answers
811 views
Expected cost and time frame for black box pen testing?
I work for a major publicly traded company and we need some external black box pen testing done on a Win32 executable. This exe is used in a large client server infrastructure and is a central piece ...
1
vote
0answers
101 views
Embedded hardware training courses in the UK? [closed]
To be honest I struggled a little to find an appropriate exchange to put this question..!
I like to study 'hardware hacking' i.e. reverse engineering of both the hardware components and the firmware ...
0
votes
1answer
122 views
Good reading about windows architecture/reversing [closed]
I have a feeling that I need to get more knowledge about system programming and winapi/windows architecture in particular to be able to understand how lots of exploits work (like those exploiting ...
0
votes
0answers
104 views
Determine the encryption mechanism used to decrypt data [closed]
I have an input software. The data is stored in a file in C drive. The file is password protected. When I put in the password it asks whether I want to enable a content. I say yes. It says something ...
0
votes
0answers
88 views
Does this assembly packer is familiar, is used in wget? [closed]
I thought that wget is open source. I disassembled their .exe file and saw a pretty annoying packer, which I'll put here part of it to see if you are familiar with it.
I see that the wget's open ...
0
votes
0answers
171 views
Reverse engineering wargame which are recently released? [closed]
Can anyone give me some links of new reverse engineering wargames?
-1
votes
3answers
81 views
Is it possible to get the encryption key when you have the plaintext?
I have a question about SHA256. I know that this algorithm was used to encrypt a text, which I have. I also have the encrypted version of this text. My question is, can I somehow get to the encryption ...
