everything is open source if you can reverse engineer (try it RIGHT NOW!)
1,202,483
Published 2023-01-14
One of the essential skills for cybersecurity professionals is reverse engineering. Anyone should be able to take a binary and open it in their favorite disassembler or decompiler to figure out what the features are. ALSO, reverse engineering is a fun puzzle that I highly recommend everyone try out for themselves.
Follow along!: www.github.com/LowLevelLearning/babys-first-crackm…
Download IDA: hex-rays.com/ida-free/
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy/
📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down
🙌 SUPPORT THE CHANNEL 🙌 Become a Low Level Associate and support the channel at youtube.com/c/LowLevelLearning/join
🛒 GREAT BOOKS FOR REVERSE ENGINEERING 🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: www.linktr.ee/lowlevellearning
Follow me on Twitter: twitter.com/LowLevelTweets
Follow me on Twitch: twitch.tv/lowlevellearning
Join me on Discord!: discord.gg/gZhRXDdBYY
All Comments (21)
-
wanna learn more about computers? check out my courses at lowlevel.academy/ (there's a sale) 👌
-
"You don't need any programming experience" continues to show code and terms that only a programmer would understand.
-
"No coding experience needed", then dives straight into system level assembly.
-
This reminds me back in the nineties when I ran my own company. I found a bug in QuickBooks Pro where they assumed a value for one of the payroll deductions would be a constant number. In my case it turned out that it had to be another value that the programmers at Intuit hadn't coded for since they hadn't done their due diligence research into corporate payroll tax law. I then proceeded to look at the data file that they were keeping I found the two bytes that represented the number for the percentage deduction on the line and I manually modified it to be the new number it needed to be. I then was surprised when I informed Intuit of their bug that they threatened to sue me for modification of what they termed copyrighted data.
-
Although coding from a young age, 'decompiling' always felt like black-magic concept. Thanks for explaining it to me.
-
Also, for various reasons password checkers shouldn't execute like that. You can absolutely tell that if you hammer it that feeding it a letter `c` first takes twice as long as any other letter when entered into the password checking. And then another 10ms if you add an `a` you can end up solving the password based on the time it takes to accept or reject that password. Since each letter you get right delays the time to rejection.
-
I love Ghidra
-
I have been waiting man. Thank you! I don't wanna go down the conventional, tools first, path that is taught in most of the courses out there.
-
I never knew IDA before, I used to use GDB to do kinda reverse engineering but now I feel like it's something I should start relaying on. Thank you sir!
-
Amazing video. Just a small side note that IDA Freeware comes with a free online decompiler which generates (very *accurate*) pseude C code. Would love to see more of this kind of vids. Cheers.
-
The ABI is more like an agreement that writers of assembly language programs make with other assembly writers for the sake of code interoperability. (In this context, the writer is a compiler, but it could be a person as well.) The processor generally doesn't care; as long as it's valid machine code, it'll run, ABI be damned. You can return your own custom tuple with 2 ints, a short, and a char* if you want, but you can't expect a C program to understand.
-
I was having trouble understanding how memory call works on a computer. This video cleared that for me. Seeing it into action made so much sense. I can't thank you enough.
-
This was the BEST tutorial on IDA and disassembly I've heard on Youtube
-
The program `strings` is exactly why if I want to protect my own programs I just encode my own strings. I don't always write things that I want to protect, but it's still fun to play with different methods of encoding to stave off passive RE.
-
I definitely enjoyed the video. Although I think the title is a bit too much clickbait. Equaling reverse engineering to being open source code, is a long stretch in my opinion. Sure, this simple non optimized example is quite understandable when it’s reverse engineered. Now try a large program containing lots of templated code, with O3 optimization, inline functions, loops unrolled, SIMD optimizations etc and see how far the disassembly will bring you to what it is you’re trying to achieve. E.g., getting around a password check. It’s super hard and you definitely need programming and assembly experience to even begin to tackle that. Nice introduction though ☺️
-
Loving the content! A tutorial on learning C language from beginner to advanced maybe? Roadmaps for these kind of languages are always welcome by community and highly watchable, might pull in more new viewers!
-
I am so far 1 week into C#, granted this video went over my head a tiny bit, but I understood the fundamentals. Looks like I might dabble in this in the future.
-
Amazing video, king. One thing though, I think you forgot to put the download link for IDA you mentioned at 4:11. Also, the repo in the description is probably private.
-
Woah, super cool! And at 12:50, after he pointed out the 'g', you can actually see the rest of the password characters at the start of each section in the buffer. Crazy!
-
Nice demonstration! Except that when dealing with passwords no one just compares them char by char. They often are stored in hashes with salts, so you cannot decipher it w\out brute force
