Reverse Engineering Training

Have you always wondered how to take a piece of software apart and understand its inner workings? Have you wondered how to extract useful information from a binary file? The Reverse Engineering training for software applications aims to do just that.

During this training you will learn how to understand the functionality of compiled code by combining static and dynamic analysis analysis techniques. During the training we focus on the ARM platform. To build the skill required for RE, we use a hands on approach. To test and consolidate your new skills, for the third day of the training we prepared a wargame with 8 challenges of varied difficulty.

What will you learn?

After this training, you will be equipped with the necessary knowledge to perform reverse engineering of ARM binary code in order to understand its functionality. You will have experience with state-of-the-art tooling to perform such analysis, and understand how high-level code translates into binary. After a short introduction, we delve into the following core modules:

  • Reverse Engineering ARM binary code by using static and dynamic analysis techniques.
  • Identification of high level language constructs in binary code (e.g. structures, loops, functions, classes, etc.).
  • Identification of common data structures in binary code (e.g. arrays, linked-lists, trees, etc.).
  • Identification of typical vulnerability patterns in binary code.

How is the training organized?

We combine theoretical introductions to the topic and hands-on experience in the form of small reverse engineering problems, in order for the students to get a solid grasp of the concepts and develop their skills. The hands-on problems provide experience on the following aspects:

  • Usage of standard unix tools to perform initial investigation of binary code (e.g. file, readelf, objdump, strace, ltrace, etc.)
  • Usage of IDA to perform static analysis of ARM binaries.
  • Usage of debuggers (e.g. GDB, IDA) and emulators (Unicorn) to perform dynamic analysis of ARM binaries.
  • Usage of common IDA plugins and scripts in order to improve efficiency.

The acquired knowledge is further assimilated during a full-day wargame. To this end, we have developed a set of challenges that trainees attempt to solve in exchange for points. During the wargame, our trainers are available to help the students progress whenever they get stuck, without fully revealing the solution to the challenges (and thus spoiling the fun!).

Pre-requisite knowledge

  • Ability to understand source code in C/C++ language.
  • Basic understanding of assembly languages, preferably the ARMv7 architecture.
  • Basic understanding of computing systems, memory organization, etc. is desirable.
  • Ability to program in Python is desirable, since it will be used to illustrate how to script IDA and how to emulate code using the Unicorn Engine.

A list of appropriate reading material can be provided to trainees before the training.

Riscure will provide laptops with the required software, including Riscure's licenses for IDA Starter.

Course content

Day 1

Initial analysis

  • Introduction of main reverse engineering techniques
  • Basic static analysis of executable files
  • API and system call tracing (ltrace, strace)

Static Analysis of ARM code

  • ARM assembly recap
  • Introduction to IDA
  • Recognizing high-level code constructs
  • Recognizing data structures

Day 2

Advanced IDA features

  • Improving IDA's disassembly by using structure and object definitions
  • Using code signatures to recognize standard library functions
  • Using plugins and scripts to extend IDA's capabilities

Dynamic Analysis

  • Debugging ARM applications with GDB and IDA debuggers
  • Emulating ARM applications using QEMU
  • Emulating ARM applications using Unicorn

Software vulnerabilities

  • Introduction to the main classes of software vulnerabilities in native code

Day 3

War game (8h)

After registration you will receive an invoice which is due before the training. Riscure further reserves the right to cancel the training if insufficient people registered. In that case we will refund the money or propose to you a rescheduled training.