Skip to content

Instantly share code, notes, and snippets.

@trietptm
Created December 31, 2013 10:29
Show Gist options
  • Save trietptm/8195027 to your computer and use it in GitHub Desktop.
Save trietptm/8195027 to your computer and use it in GitHub Desktop.
A lot of valuable advice from Rolf Rolles http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
Bài phỏng vấn Rolf Rolles của HITB hay đến từng cm :D , đây mới đúng là hacker:
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
What are your favorite reverse engineering tools?
IDA, Resource Hacker, 010 Editor, VMWare, SoftICE, and those that I develop myself.
How would you describe the process of reverse engineering to a beginner?
Step 0: Pose a question (how is the program accomplishing X?).
Step 1: Find a portion of the code relevant to the inquiry via a variety of static and dynamic means.
Step 2: Analyze that code to obtain information; annotate the binary with what you have learned.
Step 3: Propagate the information out into “surrounding” code (meaning cross-references and spatial / temporal locality). Recurse into step 2.
Step 4: Is the question from step 0 answered? If so, stop. If not, go to step 1.
This is the procedure advocated in my training class.
Measure your progress in terms of projects completed (notice the project-centricity of my answer to the initial question). Pick big projects, and eventually see them through to completion. Ideally, unless your job is very mundane and tedious, your progression through reverse engineering will consist of a sequence of projects, each
one extrinsically harder than the last, but intrinsically easier due to your increased experience. Write reports documenting your findings; publish them if possible.
Code a medium-to-large application, say 15-20KLOC of C/C++. Once you’ve moved beyond introductory reversing, which is about understanding how small applications
(or small pieces of large applications) work, most serious reverse engineering deals with comprehending large systems. You will benefit immeasurably from understanding how large applications are constructed. To understand how software is structured and why, how tasks are generally accomplished in computer programs,
which programming practices are bad and why, object lifetimes, modularity, common algorithms and data structures, how C++ differs from C, specific programming technologies ... the list goes on forever. The more you understand, the less confused you are when encountering an unknown software system, and the more efficiently you can understand it.
Poke your nose into every “platform” you can find. I.e., spend an hour looking at that strange binary that you saw which was written in some unknown language that wasn’t C/C++, or compiled by some compiler that you’ve never seen before. Reverse engineer your gizmo’s firmware update software.
Try a little bit of everything. Find a variety of vulnerabilities using fuzzing, and/or static and dynamic analysis. Write exploits. Analyze various types of malware. Break
executable protections. Research rootkits. Reverse engineer embedded devices. Learn about cryptography. Research how processors work internally, and assembly
optimization techniques. Look into networking; operating systems; theoretical computer science; program analysis and formal verification. Keeping in mind the importance of breadth of knowledge, don’t be afraid to specialize. Computer security is a huge field; you simply can not master every subfield, but you can be king of your kingdom.
Protect your interests. Idealism does not exist in computer security, either in industry or in academia. Do not seek it, for ye shall not find it.
The balance between “loving the work” and “wanting a good career” is a delicate one. Too much of the former, and not enough of the latter, and you starve to death. Too much of the latter, and not enough of the former, you’re no longer a hacker. We all have to make our own decisions; do so judiciously.
Never forget how absurd computer security is. Intelligence agencies covertly hacking nuclear-related facilities, SCADA software exploits floating around openly, organized
crime and espionage (industrial and otherwise) around every turn in malware, WikiLeaks and anti-WikiLeaks, the Internet blacklist bill ... we live in interesting times.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment