Preface
Reverse engineering focuses on the reverse engineering techniques of analyzing and understanding computer programs, binaries, or other software. In CTF competitions, contestants typically receive one or more binaries, programs, firmware, or other types of software, and their task is to analyze these files to identify potential vulnerabilities or security issues.
To learn reverse engineering, you need to know cryptography, assembly language, python, and c language.
Environment installation
Static analysis tools
Static analysis does not require actually executing the program. It examines a program's structure, syntax, data flow, and control flow to identify potential problems, vulnerabilities, errors, or security issues. This analysis is usually performed during the program compilation or interpretation phase without actually running the program
IDA PRO
IDA Pro is a powerful disassembly tool that can statically and dynamically analyze programs. Download address:
https://hex-rays.com/ida-free/
Guide
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. The framework includes a full-featured set of high-end software analysis tools that enable users to analyze compiled code on a variety of platforms, including Windows, macOS, and Linux. Features include disassembly, assembly, decompilation, drawing and scripting, and hundreds of other features. Ghidra supports a variety of processor instruction sets and executable formats, and can run in user-interactive and automated modes. Users can also develop their own Ghidra extensions and/or scripts using Java or Python.
Download address:
https://github.com/NationalSecurityAgency/ghidra/releases
I have written a tutorial on the installation and use of Ghidra before.
https://blog.csdn.net/qq_45894840/article/details/124556441?spm=1001.2014.3001.5502
Dynamic analysis tools
Dynamic analysis is a method used to analyze the behavior of a computer program, application, or system by running the actual program and monitoring its execution to collect information and data. Unlike static analysis, dynamic analysis involves the actual execution of a program to gain a deeper understanding of its behavior, performance, and potential problems
x64dbg
x64dbg is an open source debugger used to analyze and debug binary files on Windows operating systems, including applications and system processes. Download address:
https://x64dbg.com/
gdb
gdb is a Linux dynamic debugger that can debug various binary files
Installation:
apt install gdb
We also need to install the pwndbg plug-in to facilitate debugging the program
git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh
cd ..
mv pwndbg ~/pwndbg-src
echo "source ~/pwndbg-src/gdbinit.py" > ~/.gdbinit_pwndbg
After successfully installing the plug-in, using the gdb debugger will display the plug-in name
Android analysis tools
jadx is a tool used to decompile DEX files of Android applications into readable Java source code. Download address:
https://github.com/skylot/jadx/releases/tag/v1.4.7
DLL analysis tools
dnSpy is an open source .NET assembly decompiler and debugger, used to analyze and modify the assembly files of .NET Framework and .NET Core applications. Download address:
https://github.com/dnSpy/dnSpy/releases/tag/v6.1.8
JAVA analysis tools
JD-GUI is a free open source tool for decompiling Java bytecode files. Download address:
https://java-decompiler.github.io/
Summarize
These are the commonly used tools at present, and practical teaching will begin later.