Reverse Engineer thread

Name
Email
Subject
Comment *
File	Select/drop/paste files here
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Embed	(replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Password	(For file and post deletion.)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 12 MB. Max image dimensions are 10000 x 10000. You may upload 2 per post.

File (hide): 1434453031520.jpg (18.29 KB, 259x194, 259:194, download.jpg) (h) (u)

[–]

▶Reverse Engineer thread Anonymous 06/16/15 (Tue) 11:10:31 84cbd0 (1) No.2602 [Watch Thread][Show All Posts]

Didn't see one in the catalog.

Let's talk about

>what we're working on

>tools we're using

>essential reads

>our favorite architectures

>other fun things

Also a reminder that REing isn't the dark art some people claim it is, as long as you have a decent understanding of programming, and know some low-level things (how data is stored in memory, how a processor executes code, basic knowledge about different file formats..) you could start reverse engineering today! Especially with tools like IDA and Hex-Rays which make it a lot easier than it was years ago.

▶Anonymous 06/18/15 (Thu) 21:56:41 b6045b (2) No.2636>>2655 >>2859 >>2901 >>3059

I'm working with RE'ing files from a game.

I've always wanted a small language that represents the structure of data in a file. It'd be a quick way to extract a packed data blob into something more readable. Any ideas?


using PNGType.rev;

type levelType
{
uint32 title_length;
string[title_string_length] title;
customPNGType() theThumbnail;
}

▶Anonymous 06/20/15 (Sat) 08:59:51 c9113c (1) No.2655>>2669 >>2859

>>2636

>I've always wanted a small language that represents the structure of data in a file.

there is a language for doing exactly that.

sadly i can't remember anything about it, not even its name or in which context i heard about it.

it's been ages since i played around with game files, now i don't want to waste any time and energy on proprietary shit anymore.

either it works or trash.jpg

i'm glad though that others are taking up the fight to free the data.

▶Anonymous 06/22/15 (Mon) 05:37:07 b6045b (2) No.2669

>>2655

I found a tool exactly describing what I mean in the hex editor known as 010, which is (wait for it) closed source and paid.

▶Anonymous 07/20/15 (Mon) 16:42:52 ab17e5 (1) No.2857

Reading beginners.re book. lena151 tuts teached me the basics through practical examples, but I think this book is good next step (and also has arm/mips, 64bit covered)

▶Anonymous 07/20/15 (Mon) 19:36:24 8604b0 (1) No.2859

>>2636

>>2655

I know I'm a month late, but Erlang does exactly that very well.

It sucks for a lot of other things (anything involving strings), and is purely functional, but its packing and unpacking syntax is a dream.

http://www.erlang.org/documentation/doc-5.6/doc/programming_examples/bit_syntax.html

▶Anonymous 07/22/15 (Wed) 13:16:10 31c432 (1) No.2874>>3059

this code


void f()
{
char *buf=(char*)alloca (600);
snprintf (buf, 600, "hi! %d, %d, %d\n", 1, 2, 3); 
puts (buf);
};

when compiled should be


.LC0:
.string "hi! %d, %d, %d\n"
f:
push    ebp
mov     ebp, esp
push    ebx
sub     esp, 660
lea     ebx, [esp+39]
and     ebx, -16
; align pointer by 16-bit border
mov     DWORD PTR [esp], ebx
; s
mov     DWORD PTR [esp+20], 3
mov     DWORD PTR [esp+16], 2
mov     DWORD PTR [esp+12], 1
mov     DWORD PTR [esp+8], OFFSET FLAT:.LC0 ; "hi! %d, %d, %d\n"
mov     DWORD PTR [esp+4], 600
; maxlen
call    _snprintf
mov     DWORD PTR [esp], ebx
; s
call    puts
mov     ebx, DWORD PTR [ebp-4]
leave
ret

my question is, why is there lea ebx, [esp+39] and not just lea ebx, [esp] ?

▶Anonymous 07/26/15 (Sun) 11:06:53 d105ea (1) No.2901

>>2636

Sounds like good use case for a common lisp macro.

▶Anonymous 07/29/15 (Wed) 03:11:24 0b1290 (2) No.2923>>2924 >>2925

How the fuck do I obfuscate javascript?

▶Anonymous 07/29/15 (Wed) 03:11:45 0b1290 (2) No.2924

>>2923

de-obfuscate javascript rather

▶Anonymous 07/29/15 (Wed) 07:43:10 01f339 (1) No.2925

>>2923

Use stuff people are less likely to know about I suppose like & 1 instead of % 2. Use the ternary conditional operator ?:. Eg:

Number.prototype.isOdd = function() {

return this & 1 === 1?true:false;

};

Still not particularly difficult to read though.

▶Anonymous 08/09/15 (Sun) 02:14:35 1cdb02 (1) No.2998>>3091

File (hide): 1439086475544.webm (7.37 MB, 640x360, 16:9, blue-tutu-of-death.webm) (h) (u) [play once] [loop]

I got a pretty long list of what I've done with the game, but sometimes I think the code I inject is a bit obtuse.

Character in the webm is only supposed to have 1 set of those swords (as seen after the level transition) before I started spawning more.

▶Anonymous 08/17/15 (Mon) 21:36:15 127935 (1) No.3059

>>2636

you can do that with 010 Editor. it's a really good hex editor for reversing file formats. it costs money but is really easy to crack. it's for windows though.

>>2874

i would assume that you need to do that because when you align the pointer you need a certain amount of space to make sure that the aligned pointer doesnt shrink the buffer. you're pretty much always going to have a little bit of the buffer left over at the end after the alignment but youre always guaranteed the size that you requested to be allocated.

lea ebx, [esp+39] gives you that breathing room for the alignment. since the stack address isn't known at compile time you need to do that for the and operation.

▶Anonymous 08/20/15 (Thu) 23:31:02 4f3ea7 (1) No.3091

>>2998

That's pretty awesome. I'd love to see more.

/prog/ - Programming★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters