Reverse engineering is the process of discovering the technological principles of a human made device, object or system through analysis of its structure, function and operation.
Questions tagged [reverse-engineering]
235 questions
9
votes
1 answer
Computer Virus Phylogenies algorithms - pseudocode?
I've collected a large number of "Web Shell by oRb" (a.k.a. "FilesMan" backdoor, a.k.a. antichat backdoor) files by running a WordPress honeypot, and searching pastebin. The code in the variants is obviously related. I'd like to figure out a…
Bruce Ediger
- 4,552
- 2
- 25
- 26
8
votes
3 answers
Global check of input/output of known hash functions
Is there a website, application, or script that will allow you to give an input/output for a hash function, run these against known functions, and return any matches?
Here's one attempt to list the…
blunders
- 5,052
- 4
- 28
- 45
8
votes
2 answers
Where can I find good resources on reversing web malware?
I am wondering where I can find a good site with resources on reversing web malware like javascript, flash, html5, and any other stuff that is designed to attack the clients.
Does anyone have any good resources on this?
Chris Dale
- 16,119
- 10
- 56
- 97
8
votes
3 answers
Is initializing variable to NULL or 0 or -1 a bad practice from security standpoint?
I'm trying to learn little bit about armoring application against reverse engineering. In one article I read that initializing variables to NULL or 0 or -1 is as secure (vs RE) as using common passwords in applications. In short, it is said we…
StupidOne
- 2,802
- 21
- 35
8
votes
1 answer
Protection against Android Reverse Engineering
I have been particularly trying to find the most effective measures to protect an apk from Reverse engineering and abusive use.
While continuing my research I came across various top rated apps and one of them which garnered most of my attention(as…
Akash Gorai
- 189
- 2
8
votes
1 answer
Exploitation: EIP refuse to jump to the stack although it's executable
I wrote a program in C that is exploitable to BOF.
TL;DR - My payload (NOP-sled + shellcode + return address) overrides EIP but I can't set EIP to point to the
address of my payload, although I can set EIP to
be anywhere else outside the Stack…
api pota
- 81
- 2
7
votes
2 answers
What are ways I can analyze malware in an infected machine, not just clean it?
I often run into infected devices in my environment and would like to learn more about the specific infections that have gotten in. What are the best tools and techniques I could use to do this? I was thinking of taking an image of the device and…
user3622268
- 103
- 1
- 6
6
votes
1 answer
Difference Between Binary Exploitation and Reverse Engineering?
I am a beginner in Reverse Engineering and am trying to improve my skill by participating in any CTF's I can and solving CrackMe's. I am trying to find out why Binary Exploitation and Reverse Engineering are always separated as two different…
bi0s.kidd0
- 203
- 2
- 7
6
votes
3 answers
What methodologies are useful when reverse-engineering malware / shellcode?
Whilst I'm familiar with reverse engineering techniques from a technical standpoint, I've never found a good methodology for approaching and dissecting malware / shellcode. I've found hundreds of tutorials on the technical aspects of analysing…
Polynomial
- 132,208
- 43
- 298
- 379
6
votes
3 answers
Why Youtube, or any other Google services use account binded authorization key plain in the url?
in the past I expirmented with Google available api tools, like the Drive and Youtube api's.
The way it works is after you purchase a deveopler account, you are granted to many of Google services through api's, which in order to use, you need a…
Nadav96
- 193
- 6
6
votes
7 answers
Reverse engineering (decompiling) an hackme challenge .exe file in OSX
I am a complete newbie in the reverse engineering world, and being able to decompile .exe files in my OSX is being a pain.
Does anybody know a good decompiler of .exe for OSX, or any hint about where I can find one? Have I got any conceptual mistake…
Palantir
- 313
- 2
- 3
- 7
6
votes
3 answers
Disabling android application debug mode as a security practice
There's a security practice which says you should not publish your android application with debug mode enabled.
While an attacker can use apktool to decompile your application, enable the debug flag in AndroidManifest.xml and recompile it, how does…
Silverfox
- 3,369
- 2
- 19
- 39
5
votes
1 answer
How is the file overlay read by an exe/virus?
According to what I know ,Overlay is the part of PE file that is not covered by the PE header and therefore isn't part of the virtual image in the Loaded PE.
My question is if the overlay is not loaded along with all other code of the PE…
rebel87
- 205
- 4
- 11
5
votes
2 answers
Reverse-engineering password salts
Lets set out a scenario, a database has been dumped and all the passwords are hashed.
You notice that some users seemed to have signed up twice and have the same hash.
You run these hashes through your hash cracking program and nothing comes up,…
user32045
- 61
- 1
- 3
5
votes
2 answers
Finding out whether a website uses unsalted MD5 for password hashing
I'm working on a project where websites are analyzed and rated according to password security (factors like min/max password length, alphabet size and more are then calculated into a score).
A great factor to know would be whether a site uses…
Danilo Bargen
- 336
- 1
- 4
- 11