Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering @4Well, I mean. You could go into NVDA and you could do:[1-9a-fA-F]([1-9a-fA-F]{4})And replace it with "Hex $1" or maybe "Hex \1", whichever is the right syntax for substituting. Or at least, i think NVDA has a syntax for substituting captures, but maybe it doesn't, in which case you'd want to probably start with a small PR.I don't know if this works. I don't do raw assembly often enough, and frankly I hope never to do so. URL: https://forum.audiogames.net/post/561809/#p561809 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering
2020-08-15
Thread
AudioGames . net Forum — Developers room : Rastislav Kiss via Audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering Hello,technically, my goal is reverse engineering. Simply said, I want to be able to get a Jaws executable for example and modify it in such a way, that it will skip authorization and I will be able to use it without license. Of course, I don't need to do this, as I have a legally purchased license and neither want I use these techniques to crack programs for my benefit.I just want to be able to do it, so I have a better imagination how cracking and hacking works, as breaking into things is also often performed in similar way, like the specially modified files which were designed to crack a program for reading and working with genetic models.Then there is the question how to do it. Of course, reading a program instruction by instruction probably wouldn't be a good idea, as executables can contain Millions of them.So I thought, that may be debugger is used first to track a specific place in program and just surrounding instructions are checked.But I may be very well wrong on this assumption, as my experiences in this area are minimal. How do then tools like IDA work?How a normal, sighted guy approaches reverseengineering and is there a tool to do the same without sight?Of course in softwarre manner, doing a coldboot attack with transfering the physical memory between devices is another topic. Best regardsRastislav URL: https://forum.audiogames.net/post/561750/#p561750 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering I think it'd be helpful to separate the complexity in reading assembly from the specific challenges of doing so if you're using a screen reader, which I think is what the OP was asking about.I was never able to find a good way around the fact that the first column of disassembly on the command line is always a long hex address which you're forced to read through. I remember looking into this in the past and just concluded that its not something that a screen reader user is ever going to be able to be efficient with.For example, IDA has visual tools like a CFG which make it much easier for a sighted person to reverse engineer a program. That's not something that is accessible.I tried using an older version of IDA but the screen reader support isn't up to a level where you'd be comfortable relying on it for daily use. URL: https://forum.audiogames.net/post/561660/#p561660 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering This post was long, sorry about that! But I have to agree with Camlorn on this one. Take for example this Lunh algorithm check digit verification code in C:static const int m[] = {0,2,4,6,8,1,3,5,7,9}; int CheckLuhn(const char* cc) { int i = 0; int odd = 1; int sum = 0; int len = 0; while (cc[len] != '\0') len++; for (i = len; i--; odd = !odd) { int digit = cc[i] - '0'; sum += odd ? digit : m[digit]; } return sum % 10 == 0; }Compare that against this generated assembly, with and without optimization:No optimization:m: .long0 .long2 .long4 .long6 .long8 .long1 .long3 .long5 .long7 .long9 .text .globlCheckLuhn .defCheckLuhn;.scl2;.type32;.endef .seh_procCheckLuhn CheckLuhn: pushq%rbp .seh_pushreg%rbp movq%rsp, %rbp .seh_setframe%rbp, 0 subq$32, %rsp .seh_stackalloc32 .seh_endprologue movq%rcx, 16(%rbp) movl$0, -4(%rbp) movl$1, -8(%rbp) movl$0, -12(%rbp) movl$0, -16(%rbp) jmp.L2 .L3: addl$1, -16(%rbp) .L2: movl-16(%rbp), %eax cltq movq16(%rbp), %rdx addq%rdx, %rax movzbl(%rax), %eax testb%al, %al jne.L3 movl-16(%rbp), %eax movl%eax, -4(%rbp) jmp.L4 .L7: movl-4(%rbp), %eax cltq movq16(%rbp), %rdx addq%rdx, %rax movzbl(%rax), %eax movsbl%al, %eax subl$48, %eax movl%eax, -20(%rbp) cmpl$0, -8(%rbp) jne.L5 movl-20(%rbp), %eax cltq leaq0(,%rax,4), %rdx leaqm(%rip), %rax movl(%rdx,%rax), %eax jmp.L6 .L5: movl-20(%rbp), %eax .L6: addl%eax, -12(%rbp) cmpl$0, -8(%rbp) sete%al movzbl%al, %eax movl%eax, -8(%rbp) .L4: movl-4(%rbp), %eax leal-1(%rax), %edx movl%edx, -4(%rbp) testl%eax, %eax jne.L7 movl-12(%rbp), %ecx movl$1717986919, %edx movl%ecx, %eax imull%edx sarl$2, %edx movl%ecx, %eax sarl$31, %eax subl%eax, %edx movl%edx, %eax sall$2, %eax addl%edx, %eax addl%eax, %eax subl%eax, %ecx movl%ecx, %edx testl%edx, %edx sete%al movzbl%al, %eax addq$32, %rsp popq%rbp ret .seh_endprocWith optimization level 1:.text .globlCheckLuhn .defCheckLuhn;.scl2;.type32;.endef .seh_procCheckLuhn CheckLuhn: .seh_endprologue cmpb$0, (%rcx) je.L8 leaq1(%rcx), %rax movl$0, %r9d jmp.L3 .L9: movl%r8d, %r9d .L3: leal1(%r9), %r8d addq$1, %rax cmpb$0, -1(%rax) jne.L9 testl%r8d, %r8d je.L2 movslq%r9d, %r8 movsbl(%rcx,%r8), %eax subl$48, %eax leaq-1(%rcx,%r8), %rdx movq%rdx, %r10 movl%r9d, %r9d subq%r9, %r10 movl$0, %r8d movl$1, %ecx leaqm(%rip), %r11 jmp.L7 .L5: subq$1, %rdx movl%r9d, %ecx .L7: addl%eax, %r8d testl%ecx, %ecx sete%r9b movzbl%r9b, %r9d cmpq%r10, %rdx je.L2 movsbl(%rdx), %eax subl$48, %eax testl%ecx, %ecx je.L5 cltq movl(%r11,%rax,4), %eax jmp.L5 .L8: movl$0, %r8d .L2: movl$1717986919, %edx movl%r8d, %eax imull%edx sarl$2, %edx movl%r8d, %eax sarl$31, %eax subl%eax, %edx leal(%rdx,%rdx,4), %eax addl%eax, %eax cmpl%eax, %r8d sete%al movzbl%al, %eax ret .seh_endproc .section .rdata,"dr" .align 32 m: .long0 .long2 .long4 .long6 .long8 .long1 .long3 .long5 .long7 .long9With optimization level 2:.text .p2align 4,,15 .globlCheckLuhn .defCheckLuhn;.scl2;.type32;.endef .seh_procCheckLuhn CheckLuhn: .seh_endprologue cmpb$0, (%rcx) je.L7 xorl%eax, %eax .p2align 4,,10 .L3: movl%eax, %edx addq$1, %rax cmpb$0, (%rcx,%rax) jne.L3 leaqm(%rip), %r11 movslq%edx, %r8 movsbl(%rcx,%r8), %eax leaq-1(%rcx,%r8), %rdx movl$1, %ecx movq%rdx, %r10 subq%r8, %r10 xorl%r8d, %r8d subl$48, %eax jmp.L4 .p2align 4,,10 .L6: movsbl(%rdx), %eax subl$48, %eax cmpl$1, %ecx jne.L5 cltq movl(%r11,%rax,4), %eax .L5: subq$1, %rdx movl%r9d, %ecx .L4: movl%ecx, %r9d addl%eax, %r8d
Re: The best accessible disassembler / debugger for reverse engineering
Re: The best accessible disassembler / debugger for reverse engineering In general, you're not going to really get looking at large amounts of compiler-generated assembly to any sort of point where you can read it and go "Yeah, wow, that's the algorithm". For instance setting a register to zero xors the register with itself, and integer division by a constant is translated into some multiplications and additions in common cases for efficiency, most functions will be inlined and then have redundant instructions removed, most math expressions won't be evaluated in the same order you wrote them, and variables are entirely removed when possible. In addition to all that, X86 alone has literally hundreds of instructions, and there's like a 500 page manual by Intel listing recommended transformations from the obvious instruction sequence to a faster but entirely nonobvious one that all the compilers implement from. And finally, the code size in terms of number of lines even for small C++ functions is anywhere from 10x to 100x what it was before it was compiled. there's simpler architectures like Arm, but even then most of these points still apply save for the size of the instruction set.If you just want to look at little chunks, GDB can do it. I forget specific commands because I haven't done it a lot or recently, but you can point it at a function and say "give me the disassembly". There's also a lot of different output options for gcc and clang that'll give you disassembly instead of a binary.I'd suggest coming at this from the other direction and finding an assembly tutorial, unless your goal is specifically learning to reverse engineer. Someone else on here might have better tools--in particular Ethin comes to mind--but just, in general, this runs up against the problem where no matter how accessible you make the table, there's just too much there. URL: https://forum.audiogames.net/post/561478/#p561478 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
The best accessible disassembler / debugger for reverse engineering
2020-08-14
Thread
AudioGames . net Forum — Developers room : Rastislav Kiss via Audiogames-reflector
The best accessible disassembler / debugger for reverse engineering Hi folks,I will say directly, that I've never considered myself a lowlevel programmer and most likely never will. Highlevel structured architectures, which one uses as building blocks to create an impressive, sometimes almost artistic buildings are far closer to my style than tons of computer generated instructions in one big mess, which one needs to slowly analyze, rebuild programßs behavior and then search for vulnerabilities or optimalizations in it.However, as both areas are important in programming, I want to have some skills in reverse engineering and disassembling as well, even though I won't be the best hacker in the world. I have already a solid knowledge of C++ and few other medium-level programming languages, so it should be just adding another layer of resolution on top, or may be better said bottom of those skills.But to the actual topic. What would you say is the best and accessible disassembler / debugger for us? Do you use it personally?I have read somewhere that IDA has special support for screenreaders and accessibility, although acquiring it legally due to its price is... a bit out of the question. But if you have experiences with it, I'll like to hear whether it's really true, IDA is from my Google research considered the best tool on the market, or at least was until Ghidra arriwed, comparisons between those two seem to be rather subjective.Speaking of which, I've tried Ghidra as well. Itßs a big pitty that it's made in Java, as the interface itself would be quite accessible, but it's very laggy, even with NVDA and there are places where it simply crashes when I'm crossing them.The third option I've tried was Radare2. A good thing on Radare is, that it's a command line tool, so one can control it rather by writing instructions than navigating around in interface. However, I had problems with navigating in its tables. For example, after disassembling the main function of a program, I've got a long list of assembler instructions, great. But the actual instruction was in second or third column of a table, while the firstone was address of the instruction. Thus when reading the table line by line, I was always forced to listen a long bunch of numbers first, and just then came the actual instruction, what is of course highly unpractical.I was thinking about writing a wrapper, which wouldn't act as a reverse engineering tool, but its purpose would rather be to join to Radare's stdout and inputs in such format transform to a real, acessible table, where they could be read confortably.But it was just an idea, I had other projects at that time, so I've never realized it. Radareßs ascii graphs could be possibly processed in this way too, but I didn't get that far to see, how hard would it be to make.I have also read and heard various statements about Radareßs quality, but as I don't have personal experiences, I can't verify them.So, which tool do you use as your primary disassembler / debugger? Is it accessible? Do you like it?Platform doesn't matter much, although Linux is my preferredone right now, but knowing about Windows options will be definitely useful too.Thank you in advance!Best regardsRastislav URL: https://forum.audiogames.net/post/561458/#p561458 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
The best accessible disassembler / debugger for reverse engineering
2020-08-14
Thread
AudioGames . net Forum — Developers room : Rastislav Kiss via Audiogames-reflector
The best accessible disassembler / debugger for reverse engineering Hi folks,I will say directly, that I've never considered myself a lowlevel programmer and most likely never will. Highlevel structured architectures, which one uses as building blocks to create an impressive, sometimes almost artistic buildings are far closer to my style than tons of computer generated instructions in one big mess, which one needs to slowly analyze, rebuild programßs behavior and then search for vulnerabilities or optimalizations in it.However, as both areas are important in programming, I want to have some skills in reverse engineering and disassembling as well, even though I won't be the best hacker in the world. I have already a solid knowledge of C++ and few other medium-level programming languages, so it should be just adding another layer of resolution on top, or may be better said bottom of those skills.But to the actual topic. What would you say is the best and accessible disassembler / debugger for us? Do you use it personally?I have read somewhere that IDA has special support for screenreaders and accessibility, although acquiring it legally due to its price is... a bit out of the question. But if you have experiences with it, I'll like to hear whether it's really true, IDA is from my Google research considered the best tool on the market, or at least was until Ghidra arriwed, comparisons between those two seem to be rather subjective.Speaking of which, I've tried Ghidra as well. Itßs a big pitty that it's made in Java, as the interface itself would be quite accessible, but it's very laggy, even with NVDA and there are places where it simply crashes when I'm crossing them.The third option I've tried was Radare2. A good thing on Radare is, that it's a command line tool, so one can control it rather by writing instructions than navigating around in interface. However, I had problems with navigating in its tables. For example, after disassembling the main function of a program, I've got a long list of assembler instructions, great. But the actual instruction was in second or third column of a table, while the firstone was address of the instruction. Thus when reading the table line by line, I was always forced to listen a long bunch of numbers first, and just then came the actual instruction, what is of course highly unpractical.I was thinking about writing a wrapper, which wouldn't act as a reverse engineering tool, but its purpose would rather be to join to Radare's stdout and inputs in such format transform to a real, acessible table, where they could be read confortably.But it was just an idea, I had other projects at that time, so I've never realized it. Radareßs ascii graphs could be possibly processed in this way too, but I didn't get that far to see, how hard would it be to make.I have also read and heard various statements about Radareßs quality, but as I don't have personal experiences, I can't verify them.So, which tool do you use as your primary disassembler / debugger? Is it accessible? Do you like it?Thank you in advance!Best regardsRastislav URL: https://forum.audiogames.net/post/561458/#p561458 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector