Starting this journey over president's day gave me time to really dive in deep. After waking up one morning, my significant other asked me a question regarding my new quest. Here I will answer that same question as I believe it will show some of the progress I have made over the first two days.
What did you learn?
- Started off with From Zero to Zero Day from CCC
- Inspired by Jonathan Jacobi's talk
- Saw a slide in his presentation about liveoverflow's - website
- Watched Binary Hacking videos
- 0x04 - How a CPU works and Introduction to Assembler
- 0x05 - Reversing and Cracking first simple program
- 0x06 - Simple tools and Techniques for reversing a binary
- 0x07 - Uncrackable Programs? Key validations with Algorithm and Creating a Keygen
- 0x08 - Uncrackable Programs? Finding a Parser Differential in loading ELF
- Microcorruption Embedded CTF
Starting with Jonathan's talk from most recent Chaos Computer Club (CCC) conference, "From Zero to Zero Day", it really inspired me to set off on my own journey. He gives an overview of his experience into finding a Remote Code Execution (RCE) vulnerability in Microsoft's Edge browser. I highly recommend watching his talk as he speaks about some of the things he studied leading up to his finding.
From there I was able to extrapolate a high level plan of action from the material I wanted to cover. This led me to a website called liveoverflow.com. If you recall from my previous post, I needed to go back and brush up on some material. Liveoverflow had a series of videos under "Binary Hacking" which touch upon some of my needs, mainly around C/C++ review.
A quick dive in to CPU and Assemblers tutorial led me to reverse engineering (RE) a few simple programs. For me this was clutch! I was able to quickly get comfortable with some tools I haven't used in a while such as objdump, GDB, strace, and ltrace. While also getting introduced to some not so familiar disassemblers/debuggers such as Radare2. This section is important to understand because it will get you familiar with how machine code works while introducing terms such as registers, stack, syscalls, memory etc.
When approaching exercises 0x07 and 0x08 in the series, I was able to take some of the knowledge gained and solve both levels. Although LiveOverflow walks you through each challenge, it was an opportunity to get familiar with some of the tooling I would be utilizing from day to day. Both those challenges involved some basic deadlisting with objdump, debugging with gdb and some coding in python to generate a set of license keys to crack the programs. All these exercises are important to spend time on to really understand.
- You will learn how high level languages are compiled into machine code.
- You identify functions/routines in assembly that will later set you up for success to recognize code flow and patterns.
- While also understanding the importance of taking machine code and rewriting it in a higher level language for debugging/testing.
Once I felt a bit more comfortable with those exercises, LiveOverflow mentions a long running capture the flag (CTF) event in one of the videos called Microcorruption. The skills learned up until this point prepare you for debugging more assembly on similar embedded devices. I highly recommend partaking in this CTF as it builds upon each skill you learn and takes you to the next level. They provide an in browser based debugger to use when solving the challenges. This debugger will get you more familiar with terms and debugging techniques that you can use across most debuggers or disassemblers. DO NOT SKIP THE TUTORIAL!*
Overall I started off rusty but, it was nice to get my hands dirty and read some materials that were still relevant. I think one challenge I will face (as I already have) is not necessarily technical but making sure to be consistent with keeping precise, clean notes that I can transfer back into a blog post for all to consume.
Although this post does not go into details about each item learned, I hope this post inspires those looking to find guidance in their journey.
- https://matt.sh/howto-c (How to C as of 2016)