D
D
DollyPapper2017-06-03 13:40:06
reverse engineering
DollyPapper, 2017-06-03 13:40:06

The path of becoming a reverse engineer?

Gentlemen, this year I'm entering the institute for a programmer.

spoiler
Писал раньше на python,очень нравилось,но вот пришло время выбирать профессию,выбрал программиста,решил начать изучать новые языки.
Конкретно недавно попробовал, то, чем наверное занимались дети в 90-х."Зареверсил игру", и написал небольшую DLL,чтобы они автоматически добавляла патроны каждые 50 секунд.
Удивлению и наслаждению не было придела, когда оно заработало, а когда не работало было еще интересней.

Я понял, что так называемое "умение копаться в чужом коде", это мое.

I heard about the direction of the reverse engineer for a long time, and now I want to ask myself.
Where to begin?
What to teach?
What to read?
It is not necessary to talk about difficult topics now.

Well, the most famous is probably the reverse of all sorts of viruses, so that there is a specific example, let's take this direction.
Let's say what you need to know to get into the Kaspersky Lab?
To begin with, it is desirable in Russian, in order to enter the topic in your native language and not get confused in terms, then you can in English.

I would appreciate any information on where to start. Well, the most obvious advice does not need to be advised - "learn algorithms, learn PL, learn matan."

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
Dmitry, 2017-06-03
@DollyPapper

The recipe is simple to disgrace:
If you want to understand every feature, pick every new program, parse the format of its files, try to hack every new game, write a bot for it, cheat, etc. So this is yours, just keep doing what do.
If not, then no books will help. This job requires passion and great patience.
Nobody needs matan in reverse. The maximum solution of systems of linear equations will be needed.
Rather, non-standard thinking is important, the ability to brute-force a lot of options and approaches in your head. To do this, you need to know the technology. That is, literally, you need to know as much as possible. The more you know, the faster the problem will be solved. These are completely different areas: OS, networks, methods of encryption, compression, hashing, serialization; knowledge of databases and their query languages; knowledge of compilers in terms of how they generate code; knowledge of the implementation of the same standard library, understanding how the same code is compiled by different compilers, understanding how bytecode interpreters, virtual machines, etc. work.
This is about general technology. And there is such a thing as architectural patterns. They are usually used in application applications, malware rarely uses this. That is, you need to see in the code, for example, the Event pattern, various variants of the MVC pattern, etc. For example, you will reverse the product on Qt. To understand it, you need to know ... Qt, and be able to develop on it, read its source code, know what metaobjects are, how they are stored, used, called. And if, all of a sudden, it uses something interpreted, such as python or lua, then you not only need to know the languages ​​themselves, but also the implementation of their interpreters. And then there's JIT...
You also need to decide what you want to reverse. Malware and application applications diverge a bit. In malware, you need to know more non-standard things. Various options for anti-debugging, hiding activity, operating system bugs, antivirus behavior. Malware can be a botnet, for example. Botnets usually have a command and control server, which is quite difficult to calculate, it changes dynamically, somehow does not allow itself to be detected. To do this, you need to know how the Internet works, how dns works, and understand network protocols.
In short, for a reverser you need to learn everything . You don't need to filter for specific technologies, you will need all of them without exception. For everything that was created for computing systems is used in them, and accordingly, you will have to know this in order to reverse.
By the way, I almost forgot.
The best book on reverse in Russian.
And then there is the classic course of articles from Ricardo Narvaja: "Introduction to cracking from scratch using OllyDbg". Google it. If you master Yurichev's book and this course, you can calmly talk to Kaspersky. Although, believe me, there are things more interesting than Kaspersky.

1
15432, 2017-06-03
@15432

I looked into the LC for an interview on the reverse, they gave me a non-standard logical puzzle, then they asked me to tell what the virus does (they gave me a laptop with an open IDA). We talked a bit about work, in the end they dissuaded me :) they said that reversing hundreds of viruses sent by users is boring and does not stay in the "woodpeckers" for a long time.
If you are in Moscow, write ;)

S
sim3x, 2017-06-03
@sim3x

To begin with, it is desirable in Russian, in order to enter the topic in your native language and not get confused in terms, then you can in English.
wrong opinion. It is better to read in English and understand what is really what than to read literature that was translated by people who do not know the subject.
If English is completely 0 - first learn it
Let's say what you need to know to get into the Kaspersky Lab?
lx is not the top of evolution. Rather, it is an entry level. If you really don't mind reading a binary 40+ hours a week, then this could already give you a job.
learn algorithms, learn PL
learn C, learn tools for debugging, learn tools for automating your work
Matan in reverse will not help much

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question