🍗 Wiki

Software Reverse Engineering

Software Reverse Engineering

1. Peeking your target software

There are some "tracers" if you want to simply peeking your target software. These tools are powerful software for debugging and diagnosing programs, showing the internal logics and how it works.

2. Debuggers

Debuggers is used to track execution and monitor changes in computer resources while executing commands, one instruction or line by one, thus test the software and find the bugs in there.

Debugger is really useful if you want to track how the software works internally. For example there is a PDF parsing software which is not really works well. You can find out which functions are used to parse the pdf file structure, and you can track how the program exited if there is a crash, . Debugger is used to find the bugs in the software, so if you want to spot the bugs and find out it is really exploitable, you should be familiar with debuggers.

There are a lot of debuggers depends on the target architecture, environment, and language. For example, Python has the builtin function breakpoint(), Ruby also has the binding.irb to debug the script line by line. Good debugging environment can attract software developers, encourage them to work with the environment.

2.1. List of famous debuggers

  • GDB: The GNU Project Debugger

    • GDB has the server functionality.

    • There are lots of plugins works with the GDB, provides improved interfaces and extra commands.

  • QIRA the timeless debugger by geohot

  • radare2 is a reverse engineering framework, not a traditional debugger. But it has debugging feature.

  • IDA, the Interactive Dis-Assembler, has builtin debugger.

  • Binary Ninja has builtin debugger.

3. Decompilers

Decompilers can convert compiled executables to readable code. Now decompilers are essential tools in diagnosing and reverse engineering softwares, especially if you don’t have source code of target software.

Nowadays, the free and open source decompilers, like ghidra, have great performance and neat decompiled output. You might not want to purchase for the softwares, but you can still try some free options like Ghidra, cloud based HexRays decompiler shipped with IDA Free, and Binary Ninja Cloud.

And remember, these decompilers do not do magic spell for you. Without computer science basis, you can only use very limited feature of the tools. Decompiled output is quite ugly in cases, sometimes it generates totally wrong output.

I said it again, don’t rely on these tools.

3.1. List of Decompilers

Commercial
Open Source
(nearly) discontinued

The List above shows machine code decompilers, but there are so may language and platform specific decompilers.

If you’re not sure what to use, this link might be helpful: This site offers comparison of decompilers. https://dogbolt.org/

3.2. Other tools/plugins

  • Gx86Sync: A project for synchronizing Ghidra and x86/x64dbg

    • The developer is looking for better name.

    • There was the ret-sync project, but is nearly deprecated and outdated. The Gx86Sync project is a successor of it.

Binary Diffing

  • BinDiff by Google. Supports IDA Pro, Binary Ninja, and Ghidra.

  • Ghidriff for Ghidra.

    • I have very shallow knowledge and experience of using binary diffing, Bindiff in Ghidra was hard to install than Ghidriff.

Code Coverage

4. By Languages

4.1. C

4.2. C++

4.3. Go

4.4. Rust

4.5. Zig

4.6. WebAssembly

5. See Also