Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering
@4Well, I mean. You could go into NVDA and you could do:[1-9a-fA-F]([1-9a-fA-F]{4})And replace it with "Hex $1" or maybe "Hex \1", whichever is the right syntax for substituting. Or at least, i think NVDA has a syntax for substituting captures, but maybe it doesn't, in which case you'd want to probably start with a small PR.I don't know if this works. I don't do raw assembly often enough, and frankly I hope never to do so.
URL: https://forum.audiogames.net/post/561809/#p561809
--
Audiogames-reflector mailing list
Audiogames-reflector@sabahattin-gucukoglu.com
https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering
2020-08-15
Thread
AudioGames . net Forum — Developers room : Rastislav Kiss via Audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering Hello,technically, my goal is reverse engineering. Simply said, I want to be able to get a Jaws executable for example and modify it in such a way, that it will skip authorization and I will be able to use it without license. Of course, I don't need to do this, as I have a legally purchased license and neither want I use these techniques to crack programs for my benefit.I just want to be able to do it, so I have a better imagination how cracking and hacking works, as breaking into things is also often performed in similar way, like the specially modified files which were designed to crack a program for reading and working with genetic models.Then there is the question how to do it. Of course, reading a program instruction by instruction probably wouldn't be a good idea, as executables can contain Millions of them.So I thought, that may be debugger is used first to track a specific place in program and just surrounding instructions are checked.But I may be very well wrong on this assumption, as my experiences in this area are minimal. How do then tools like IDA work?How a normal, sighted guy approaches reverseengineering and is there a tool to do the same without sight?Of course in softwarre manner, doing a coldboot attack with transfering the physical memory between devices is another topic. Best regardsRastislav URL: https://forum.audiogames.net/post/561750/#p561750 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering I think it'd be helpful to separate the complexity in reading assembly from the specific challenges of doing so if you're using a screen reader, which I think is what the OP was asking about.I was never able to find a good way around the fact that the first column of disassembly on the command line is always a long hex address which you're forced to read through. I remember looking into this in the past and just concluded that its not something that a screen reader user is ever going to be able to be efficient with.For example, IDA has visual tools like a CFG which make it much easier for a sighted person to reverse engineer a program. That's not something that is accessible.I tried using an older version of IDA but the screen reader support isn't up to a level where you'd be comfortable relying on it for daily use. URL: https://forum.audiogames.net/post/561660/#p561660 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering
This post was long, sorry about that! But I have to agree with Camlorn on this one. Take for example this Lunh algorithm check digit verification code in C:static const int m[] = {0,2,4,6,8,1,3,5,7,9};
int CheckLuhn(const char* cc) {
int i = 0;
int odd = 1;
int sum = 0;
int len = 0;
while (cc[len] != '\0')
len++;
for (i = len; i--; odd = !odd) {
int digit = cc[i] - '0';
sum += odd ? digit : m[digit];
}
return sum % 10 == 0;
}Compare that against this generated assembly, with and without optimization:No optimization:m:
.long0
.long2
.long4
.long6
.long8
.long1
.long3
.long5
.long7
.long9
.text
.globlCheckLuhn
.defCheckLuhn;.scl2;.type32;.endef
.seh_procCheckLuhn
CheckLuhn:
pushq%rbp
.seh_pushreg%rbp
movq%rsp, %rbp
.seh_setframe%rbp, 0
subq$32, %rsp
.seh_stackalloc32
.seh_endprologue
movq%rcx, 16(%rbp)
movl$0, -4(%rbp)
movl$1, -8(%rbp)
movl$0, -12(%rbp)
movl$0, -16(%rbp)
jmp.L2
.L3:
addl$1, -16(%rbp)
.L2:
movl-16(%rbp), %eax
cltq
movq16(%rbp), %rdx
addq%rdx, %rax
movzbl(%rax), %eax
testb%al, %al
jne.L3
movl-16(%rbp), %eax
movl%eax, -4(%rbp)
jmp.L4
.L7:
movl-4(%rbp), %eax
cltq
movq16(%rbp), %rdx
addq%rdx, %rax
movzbl(%rax), %eax
movsbl%al, %eax
subl$48, %eax
movl%eax, -20(%rbp)
cmpl$0, -8(%rbp)
jne.L5
movl-20(%rbp), %eax
cltq
leaq0(,%rax,4), %rdx
leaqm(%rip), %rax
movl(%rdx,%rax), %eax
jmp.L6
.L5:
movl-20(%rbp), %eax
.L6:
addl%eax, -12(%rbp)
cmpl$0, -8(%rbp)
sete%al
movzbl%al, %eax
movl%eax, -8(%rbp)
.L4:
movl-4(%rbp), %eax
leal-1(%rax), %edx
movl%edx, -4(%rbp)
testl%eax, %eax
jne.L7
movl-12(%rbp), %ecx
movl$1717986919, %edx
movl%ecx, %eax
imull%edx
sarl$2, %edx
movl%ecx, %eax
sarl$31, %eax
subl%eax, %edx
movl%edx, %eax
sall$2, %eax
addl%edx, %eax
addl%eax, %eax
subl%eax, %ecx
movl%ecx, %edx
testl%edx, %edx
sete%al
movzbl%al, %eax
addq$32, %rsp
popq%rbp
ret
.seh_endprocWith optimization level 1:.text
.globlCheckLuhn
.defCheckLuhn;.scl2;.type32;.endef
.seh_procCheckLuhn
CheckLuhn:
.seh_endprologue
cmpb$0, (%rcx)
je.L8
leaq1(%rcx), %rax
movl$0, %r9d
jmp.L3
.L9:
movl%r8d, %r9d
.L3:
leal1(%r9), %r8d
addq$1, %rax
cmpb$0, -1(%rax)
jne.L9
testl%r8d, %r8d
je.L2
movslq%r9d, %r8
movsbl(%rcx,%r8), %eax
subl$48, %eax
leaq-1(%rcx,%r8), %rdx
movq%rdx, %r10
movl%r9d, %r9d
subq%r9, %r10
movl$0, %r8d
movl$1, %ecx
leaqm(%rip), %r11
jmp.L7
.L5:
subq$1, %rdx
movl%r9d, %ecx
.L7:
addl%eax, %r8d
testl%ecx, %ecx
sete%r9b
movzbl%r9b, %r9d
cmpq%r10, %rdx
je.L2
movsbl(%rdx), %eax
subl$48, %eax
testl%ecx, %ecx
je.L5
cltq
movl(%r11,%rax,4), %eax
jmp.L5
.L8:
movl$0, %r8d
.L2:
movl$1717986919, %edx
movl%r8d, %eax
imull%edx
sarl$2, %edx
movl%r8d, %eax
sarl$31, %eax
subl%eax, %edx
leal(%rdx,%rdx,4), %eax
addl%eax, %eax
cmpl%eax, %r8d
sete%al
movzbl%al, %eax
ret
.seh_endproc
.section .rdata,"dr"
.align 32
m:
.long0
.long2
.long4
.long6
.long8
.long1
.long3
.long5
.long7
.long9With optimization level 2:.text
.p2align 4,,15
.globlCheckLuhn
.defCheckLuhn;.scl2;.type32;.endef
.seh_procCheckLuhn
CheckLuhn:
.seh_endprologue
cmpb$0, (%rcx)
je.L7
xorl%eax, %eax
.p2align 4,,10
.L3:
movl%eax, %edx
addq$1, %rax
cmpb$0, (%rcx,%rax)
jne.L3
leaqm(%rip), %r11
movslq%edx, %r8
movsbl(%rcx,%r8), %eax
leaq-1(%rcx,%r8), %rdx
movl$1, %ecx
movq%rdx, %r10
subq%r8, %r10
xorl%r8d, %r8d
subl$48, %eax
jmp.L4
.p2align 4,,10
.L6:
movsbl(%rdx), %eax
subl$48, %eax
cmpl$1, %ecx
jne.L5
cltq
movl(%r11,%rax,4), %eax
.L5:
subq$1, %rdx
movl%r9d, %ecx
.L4:
movl%ecx, %r9d
addl%eax, %r8d
Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering In general, you're not going to really get looking at large amounts of compiler-generated assembly to any sort of point where you can read it and go "Yeah, wow, that's the algorithm". For instance setting a register to zero xors the register with itself, and integer division by a constant is translated into some multiplications and additions in common cases for efficiency, most functions will be inlined and then have redundant instructions removed, most math expressions won't be evaluated in the same order you wrote them, and variables are entirely removed when possible. In addition to all that, X86 alone has literally hundreds of instructions, and there's like a 500 page manual by Intel listing recommended transformations from the obvious instruction sequence to a faster but entirely nonobvious one that all the compilers implement from. And finally, the code size in terms of number of lines even for small C++ functions is anywhere from 10x to 100x what it was before it was compiled. there's simpler architectures like Arm, but even then most of these points still apply save for the size of the instruction set.If you just want to look at little chunks, GDB can do it. I forget specific commands because I haven't done it a lot or recently, but you can point it at a function and say "give me the disassembly". There's also a lot of different output options for gcc and clang that'll give you disassembly instead of a binary.I'd suggest coming at this from the other direction and finding an assembly tutorial, unless your goal is specifically learning to reverse engineer. Someone else on here might have better tools--in particular Ethin comes to mind--but just, in general, this runs up against the problem where no matter how accessible you make the table, there's just too much there. URL: https://forum.audiogames.net/post/561478/#p561478 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
The best accessible disassembler / debugger for reverse engineering
2020-08-14
Thread
AudioGames . net Forum — Developers room : Rastislav Kiss via Audiogames-reflector
The best accessible disassembler / debugger for reverse engineering Hi folks,I will say directly, that I've never considered myself a lowlevel programmer and most likely never will. Highlevel structured architectures, which one uses as building blocks to create an impressive, sometimes almost artistic buildings are far closer to my style than tons of computer generated instructions in one big mess, which one needs to slowly analyze, rebuild programßs behavior and then search for vulnerabilities or optimalizations in it.However, as both areas are important in programming, I want to have some skills in reverse engineering and disassembling as well, even though I won't be the best hacker in the world. I have already a solid knowledge of C++ and few other medium-level programming languages, so it should be just adding another layer of resolution on top, or may be better said bottom of those skills.But to the actual topic. What would you say is the best and accessible disassembler / debugger for us? Do you use it personally?I have read somewhere that IDA has special support for screenreaders and accessibility, although acquiring it legally due to its price is... a bit out of the question. But if you have experiences with it, I'll like to hear whether it's really true, IDA is from my Google research considered the best tool on the market, or at least was until Ghidra arriwed, comparisons between those two seem to be rather subjective.Speaking of which, I've tried Ghidra as well. Itßs a big pitty that it's made in Java, as the interface itself would be quite accessible, but it's very laggy, even with NVDA and there are places where it simply crashes when I'm crossing them.The third option I've tried was Radare2. A good thing on Radare is, that it's a command line tool, so one can control it rather by writing instructions than navigating around in interface. However, I had problems with navigating in its tables. For example, after disassembling the main function of a program, I've got a long list of assembler instructions, great. But the actual instruction was in second or third column of a table, while the firstone was address of the instruction. Thus when reading the table line by line, I was always forced to listen a long bunch of numbers first, and just then came the actual instruction, what is of course highly unpractical.I was thinking about writing a wrapper, which wouldn't act as a reverse engineering tool, but its purpose would rather be to join to Radare's stdout and inputs in such format transform to a real, acessible table, where they could be read confortably.But it was just an idea, I had other projects at that time, so I've never realized it. Radareßs ascii graphs could be possibly processed in this way too, but I didn't get that far to see, how hard would it be to make.I have also read and heard various statements about Radareßs quality, but as I don't have personal experiences, I can't verify them.So, which tool do you use as your primary disassembler / debugger? Is it accessible? Do you like it?Platform doesn't matter much, although Linux is my preferredone right now, but knowing about Windows options will be definitely useful too.Thank you in advance!Best regardsRastislav URL: https://forum.audiogames.net/post/561458/#p561458 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
The best accessible disassembler / debugger for reverse engineering
2020-08-14
Thread
AudioGames . net Forum — Developers room : Rastislav Kiss via Audiogames-reflector
The best accessible disassembler / debugger for reverse engineering Hi folks,I will say directly, that I've never considered myself a lowlevel programmer and most likely never will. Highlevel structured architectures, which one uses as building blocks to create an impressive, sometimes almost artistic buildings are far closer to my style than tons of computer generated instructions in one big mess, which one needs to slowly analyze, rebuild programßs behavior and then search for vulnerabilities or optimalizations in it.However, as both areas are important in programming, I want to have some skills in reverse engineering and disassembling as well, even though I won't be the best hacker in the world. I have already a solid knowledge of C++ and few other medium-level programming languages, so it should be just adding another layer of resolution on top, or may be better said bottom of those skills.But to the actual topic. What would you say is the best and accessible disassembler / debugger for us? Do you use it personally?I have read somewhere that IDA has special support for screenreaders and accessibility, although acquiring it legally due to its price is... a bit out of the question. But if you have experiences with it, I'll like to hear whether it's really true, IDA is from my Google research considered the best tool on the market, or at least was until Ghidra arriwed, comparisons between those two seem to be rather subjective.Speaking of which, I've tried Ghidra as well. Itßs a big pitty that it's made in Java, as the interface itself would be quite accessible, but it's very laggy, even with NVDA and there are places where it simply crashes when I'm crossing them.The third option I've tried was Radare2. A good thing on Radare is, that it's a command line tool, so one can control it rather by writing instructions than navigating around in interface. However, I had problems with navigating in its tables. For example, after disassembling the main function of a program, I've got a long list of assembler instructions, great. But the actual instruction was in second or third column of a table, while the firstone was address of the instruction. Thus when reading the table line by line, I was always forced to listen a long bunch of numbers first, and just then came the actual instruction, what is of course highly unpractical.I was thinking about writing a wrapper, which wouldn't act as a reverse engineering tool, but its purpose would rather be to join to Radare's stdout and inputs in such format transform to a real, acessible table, where they could be read confortably.But it was just an idea, I had other projects at that time, so I've never realized it. Radareßs ascii graphs could be possibly processed in this way too, but I didn't get that far to see, how hard would it be to make.I have also read and heard various statements about Radareßs quality, but as I don't have personal experiences, I can't verify them.So, which tool do you use as your primary disassembler / debugger? Is it accessible? Do you like it?Thank you in advance!Best regardsRastislav URL: https://forum.audiogames.net/post/561458/#p561458 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
