Remix.run Logo
palata 3 hours ago

Taking the opportunity to ask: are there nice recommended resources for a beginner to start with reverse engineering (ideally using Ghidra)? Let's say for an experienced developer, but not so experienced in reverse engineering?

I guess one issue I have is that I don't have good ideas of fun projects, and that's probably something I need to actually get the motivation to learn. I can find a "hello world", that's easy, but it won't help me get an idea of what I could reverse engineer in my life.

For instance I have a smartspeaker that I would like to hack (being able to run my own software on it, for fun), but I don't know if it is a good candidate for reverse engineering... I guess I would first need to find a security flaw in order to access the OS? Or flash my own OS (hoping that it's a Linux running there), but then I would probably want to extract binary blobs that work with the buttons and the actual speaker?

baby_souffle 2 hours ago | parent | next [-]

> Taking the opportunity to ask: are there nice recommended resources for a beginner to start with reverse engineering (ideally using Ghidra)? Let's say for an experienced developer, but not so experienced in reverse engineering?

The good news is that there has never been MORE resources out there. If you want to use this learning expedition as an excuse to also build up a small electronics lab then $100 on ali express to buy whatever looks cheap and interesting and then tear it apart and start poking around to find where the firmware lives. Pull the firmware, examine it, modify it and put it back :)

This guy has a discord server with a specific "book club" section where they all choose a cheap $thing and reverse engineer it: https://www.youtube.com/@mattbrwn/about

I can't help much with "traditional" app/software RE work, sorry.

palata 24 minutes ago | parent [-]

Oh, it feels like it may be what I want! Find some cheap electronic device and hack it!

Thanks a lot!

unleaded 2 hours ago | parent | prev | next [-]

Somewhat unconventional (and i'm not really a seasoned reverse engineer so take it with some salt) but I started by hacking old video games (nes, gameboy, arcade.. that kind of thing). You could start with making basic action replay RAM cheats to e.g. give Mario infinite lives, then you can use breakpoints, the debugger, and a 6502 ISA reference to edit instructions and make ROM patches.

from then you can use things like Ghidra (which supports a lot of those old CPU arches) for more advanced analysis and make the game do almost whatever the hell you want if you have the patience.

I think a lot of the skills will transfer quite well (obviously not 1:1, you will need to learn some things) to the more employable side of RE if that's what you're interested in

palata 26 minutes ago | parent [-]

Thanks! I have been "hacking" with games in the past (getting infinite lives and such) or bypassing some licence check (back then it was with OllyDbg).

I guess I'm struggling to transfer that to "real-life" scenarios. Like getting something useful out of reverse engineering (getting infinite lives is interesting to see that I can tamper with the game, but it's not exactly useful).

brynnbee 33 minutes ago | parent | prev | next [-]

I personally learn best by doing which is why I love learning with LLMs. They're going to be wrong a lot, and give bad advice, and do things in silly ways. I learn well from the process of working with them, seeing them fail constantly, then learn the tool yourself by researching what it's doing wrong to fix it. I just attempted to use Ghidra to reverse engineer the game Shenmue from Dreamcast. I was previously unfamiliar with Ghidra and I mostly did it as a learning exercise, but it wasn't really the right tool for the job. However the project itself made lots of progress without it:

https://www.newyokosuka.com/

quux0r 3 hours ago | parent | prev | next [-]

So a couple things. Bruce Dang’s book, while a little old, is still a great spot to get started. Another great book is Blue Fox by Maria Markstedter for ARM. From there, finding small binaries and just trying to get the “flow” is a good next step, for me this is largely renaming functions and variables and essentially trying to work the decompiled code into something readable, then you can find flaws.

So for the second thing, pulling the data off chips like that typically involves some specialized hardware, and you have to potentially deal with a bunch of cryptographic safeguards to read from the chip’s memory. Not impossible though, and there are not always good safeguards, but might be worth checking out some simpler programs and working up to it, or learning some basic hardware hacking to get an idea of how that process works.

palata 23 minutes ago | parent [-]

Interesting! Yeah maybe my first step is on the hardware side, which I guess is what is blocking me right now.

0x54MUR41 3 hours ago | parent | prev | next [-]

If you are into the book, I would recommend The Ghidra Book from No Starch publisher https://nostarch.com/ghidra-book-2e.

The book is designed for beginner and advance users.

ramuel 2 hours ago | parent | prev | next [-]

https://pwn.college has really good modules/dojos that cover a bunch of reverse engineering concepts.

an hour ago | parent | prev | next [-]
[deleted]
gray_charger 3 hours ago | parent | prev | next [-]

You can start here to learn reverse engineering.

https://beginners.re/

ActorNightly an hour ago | parent | prev [-]

>are there nice recommended resources

I often wondered why people asks this in the age of LLMs, and I think i know why now.

When you ask this question, you are not asking for resources, you are asking for "what is a guide that I can just follow mindlessly without thinking that will enable me to do said thing"

You will never learn anything this way, or be anywhere decent at it.

If you actually want to learn, you have to be curious. And if you are curious, you are able to ask questions. And for questions, you have LLMs.

If you are still clueless on what questions to ask, then start by learning how to actually learn.

palata 32 minutes ago | parent | next [-]

Since we're judging each other, I'm genuinely wondering how bad you are at making friends. I mean, non-LLM friends. Relatives don't count.

megraf an hour ago | parent | prev | next [-]

How interesting.

Anyway, I would recommend YouTube. Find a series you can follow along. Best of luck!

el_benhameen 14 minutes ago | parent | prev | next [-]

God forbid someone pose an interesting question on a discussion board.

salawat 19 minutes ago | parent | prev [-]

I often wonder why on this forum of alleged hacker types, there seems to be such an impetus to push what all VC's are desperately bought into at the moment, whether it be crypto, or AI nonsense.

Oh wait... Right.

Asking for resources or asking "does anyone know where I can start?" Followed by a description of "here's where I'm at" has been table stakes for the uninitiated since time immemorial.

When I see "ask the LLM", all I hear is "prop up my investment portfolio".

To this OP in particular: try playing around with different binaries you already have source to, and using the RE tools to get a feel for their post compilation structure and flow; start by compiling with no compiler optimization. You'll want an understanding of what the structural primitives of "nothing up my sleeve" code reads and looks like post-compilation to build off of. Then start enabling different layers of optimization, again, to continue familiarizing yourself with output of modern compilers when dealing with fundamentally "honest" code.

Once you can eyeball things and get an intuitive sense for that sort of thing is where you jump off into dealing with dishonest code. Stuff put through obfuscators. Stuff designed to work in ways that hide what the actual intent of the code is, or things designed in ways that make it clear that the author had something up their sleeve.

It'll be a lot of work and memorization and pattern recognition building, and you'll have to put in the effort to get to know the hardware and memory architecture, and opcodes and ISA's, and virtual machines you're reversing for, but it will click eventually.

Just remember; odds are it won't make you money, and it will set time on fire. I cut my teeth on reversing some security firm's snake oil, and just trying to figure out why the code I wrote was acting weird after the compiler got done with it. (I have cursed at more compiler writers than about anyone but myself).

Then just remember that if someone got it to run, then it's gotta eventually make sense. The rest is all persistence on your part of laying bare their true, usually perverted motivations (generally boiling down to greed, job security, or wasting your goddamn time).

Would the world be nicer if that wasn't the case? Absolutely. I lived through a period where a lot of code wasn't "something up my sleeve" code. Now is not so much that time anymore. We've made programming too accessible to business types that now the interests of organization's at securing their power has a non-trivial distortion on how code gets written; which generally means user hostile in one way or another.