DEV Community

Cover image for RE Week 1
pirateducky
pirateducky

Posted on • Updated on

RE Week 1

I decided to start taking reverse engineering more serious as it is something that I have always wanted to understand. I will be using resources online, mostly free ones with the exception of a few things. (Thanks to dee-see & lillost for the windows vm link)

I found this workshop which seems like a good introduction, called begin.re. At the end of the workshop I will attempt to do the following CTFs:

I want to be able to complete both of these two challenges by the time I'm done with the begin.re workshop. I will be releasing a blog post every Sunday highlighting what I have learned as well as sharing resources I learn about, if you have any please share them in the comments.


Welcome

The first session in Preparations Assignments called Welcome, is a primer for x86 assembly, it referenced this doc:

  • registers
    • general registers: EAX, EBX,ECX,EDX
    • index registers: ESI, EDI, EBP, EIP, ESP
  • stacks
    • data structure (FILO)
    • keep track of the point to which an active subroutine should return when it finished executing
    • local data storage
    • parameter passing
  • instructions
    • usually fall into 3 categories
    • data movement
    • arithmetic/logic
    • control flow
  • memory and addressing modes
    • modern x86 processors are capable of addressing 2^32 bytes of memory

Installing FlareVM

Installing FlareVM is recommended to complete the zombieland CTF by the author, this makes sense for me since most of the material I want to learn will be Windows relates because I want to use what I learn at work. The process was easy once I found the right blog about how to install the script needed to set up the whole thing. If you want to follow along use this link which is from FireEye the creators of the FlareVM.

To use FlareVM you will need a Windows VM, for this I used the VMs available from widows here (I'm using Virtual Box). You can select which VM to use from the dropdown, I went for the MSEdge on Windows 10. Once I downloaded the VM, I followed the instructions from the Fire Eye blog and just followed along, the process did take around 2 hours for me, since I'm running Virtual Box on a potato. Once the script finished, I checked it out and I had all the tools needed to start, list of tools included here


Thoughts

begin.re - welcome

Good primer, I've tried learning x86 before so this helped me, I spent the week reading through the primer and started on the next section which goes more in depth into what a stack is and what it does.

FlareVM

Easy to install if you follow the right directions, took a while but that's mostly because . I can't wait to start messing with the software and understand how the tools work.

Resources

FlareVm Installation
x86 RE Cheat Sheet
begin.re
OpenSecurityTraining
Malware Analysis VM Setup Tutorial

cover image

Top comments (0)