> There are more alternatives to IDA Pro. Hopper Disassembler is one. Binary Ninja (binja) is another.
Sure, but radare2 is open source which cuts both ways I suppose. IDA feels significantly more polished than r2, but I've had fun implementing a not-so-common-anymore architecture as a set of r2 plugins.
There's also the free version of IDA (x86 only though).
Reverse engineering has been a constant interest for me but I've never managed to get it to "click" for me. I don't particularly need the skill, but it's one I'd like to have (at least to the extent of being able to do simple crackmes).
My earliest exposure to computers was the ZX Spectrum, an 8-bit home-computer from the 80s, which was insanely populare in the UK.
Having few games, and little budget for more, most of the kids around would swap home-copied games. I used to have fun removing protection, or hacking the games for infinite lives. At the time I was 12-15 and it was very much a case of trial or error.
Assuming a game started with 3 lives I would look for every occurance of "LD A,3", and change the 3 to 5. If that didn't work I'd eventually replace every occurance of 3 with a different number. As you can imagine this was a tedious process!
If I was lucky enough to find the right "starting value" I'd then go on to look which memory-address the value was saved in. That would then let me search for that same address in the rest of the program, and hopefully spot something like:
LD A,(addr)
DEC A
LD (addr),A
At that point I was done. Removing the decrement would stop the lives-counter from being decreased - giving you as many as you wanted.
Later I moved to the PC, and I found +fravia's site very educational. There are still mirrors which show how you could remove protection from commercial software - and oftentimes I'd be reminded of my previous attempts. Sometimes it is very simple, and sometimes not. Educational regardless.
The main reason I stopped this work? Few programs on Linux prompt you for license keys! But a good disassembler is a worthwhile thing to explore, whether for debugging your own code, or randomly exploring crackmes.
My first and only hacks were at the age of 12 where i "patched" the copy protection keywords from the first XWing in 1993 [0].
I only knew 1 password and searched for it in a hex editor. I found it and recognized a pattern with similar words.
Replacing them with the Ascii Space resulted in "press return to pass" password checks :D Damn i was proud.
At the same age, i rewrote the Story Text of "The Adventures of Robin Hood" (1991)[1] via hex and "Try and Errored" all Ascii combinations to develop my own Ascii chart.
You can imagine what a 12 year old rewrote a love story to... my older brother was quite happy :D
I later tried to patch Dune2 Level files to create my own but did not understand a thing.
Now i write medical software and sometimes feel the same ;)
My enjoyment of fravia's philosophizing led me to try my hand at the crackmes and other stuff. I could get a few but never really got the hang of it, it was a great educational exercise.
I highly recommend anyone who's interested (particularly people who don't remember a pre-Google, pre-Facebook internet) in bold (and crazy) ideas about technology reading his work.
Edit: I suppose many if not most of the essays aren't strictly "pre-Google" but they are from its much earlier days when it was a very different service.
Random aside: I'm constantly impressed by the output of the HCU folks and sorely wish that both the community around HCU and +Fravia were still around.
It's a tricky art. It's helpful to learn some of the basics such as how variables are passed to a function on the stack for x86 or as registers with x64. Beyond that it takes practice. Things that have helped me are writing c code and dissassembling it, stepping through code with GDB and working on crackmes and CTFs.
Yeah, writing simple C programs using various constructs (switch/if/for statements, structs, different APIs, etc.) and then looking at the produced assembly is a good way to learn.
Another thing I like to do is to rewrite complex parts of the disassembly in pseudo-C (though radare has an option to do this automatically), which makes the overall logic easier to see (and is, of course, the entire point of decompilers like Hex-Rays).
This works. Be sure to try different compilers and optimization levels.
You can become a better programmer this way. You start to get a real feel for what the compiler can and can't optimize. For example, you can see how a do...while loop is usually the best kind of loop, but without seeing the assembly you might assume they are all the same.
I was given a short intro to GDB, +1 for PEDA making it a lot easier to understand (or at least, giving you enough context to know what's happening at a particular moment)
You're doing "God's Work". I wish I was even remotely qualified to do this sorta thing because I'm pretty interested in it, but I'm pretty far removed from it (large scale infrastructure architecture).
Do you mind if I email you some questions as far as good ways to start tracking in that direction? (though you pretty much enumerated them in the transferable skills part)
Ugh I read your job post months ago and I’m so interested in what you’re doing. I’m not aligned in any of the skills, just really interested about the actual work. What can you share?
I've been watching the ecosystem of radare2 GUIs for a while now. I've loved IDA for its long-standing support of numerous architectures, as well as its built-in interpreter for running Python/IDC scripts with ease, however the price is nearly inhibitive for the average student or weekend hacker. IMO, the one major reason that radare isn't as widely adopted in the RE industry is simply because of a lack of GUIs that aren't either web-based or half-baked and partially broken. In many ways, the radare2 plugin architecture is far superior to IDAs, and I hope this project can start to bridge the gap between functionality and ease-of-use.
On an entirely separate note, I'd love to see a port of this for Android :)
> In many ways, the radare2 plugin architecture is far superior to IDAs, and I hope this project can start to bridge the gap between functionality and ease-of-use.
I think one of the most difficult things for me with r2 is that there is no stable API and minimal detection for the internal stuff. If you're merely working on top of well supported architectures (e.g. arm, x86) you're probably going to do just fine with the "pipe" interface.
However, for more advanced features (e.g. new architectures) it's less fun. For instance, when the python bindings break the general response is "fix it yourself and submit a pull request because we don't want to maintain python bindings". Which would be great if the APIs weren't a constantly moving target.
The lack of clear documentation hurts the APIs themselves as it's not necessarily clear which parts are deprecated and which represent best practices. Hopefully with the growing community we'll see some of the cruft get cleaned up.
I looked into buying IDA Pro a while back and the experience was like buying enterprise software in 1997. There's not much of a reason for me to have it but it'd be a fun thing to have and toy with in spare time but I'm not really willing to pay an insane subscription price on a sketchy website.
Sure, but it's not really the type of tool you play with during the weekends. It's high powered and the industry standard.
I, and many of my colleagues, would gladly play 4 or 5 times the price for IDA and Hex Rays. Though, any decent security company will purchase a subscription for it's employees.
>it's not really the type of tool you play with during the weekends
I am not so sure I agree. I can take another example, CAD software. There are high powered industry standard softwares which I would love to use on weekends and maybe even use in side projects for profit, but there's no way I can pay $2k/year and justify that. A $2k permanent license? Sure, it's a stretch but I'd probably go for it. 180/month though, whatever I'm doing would have to be really serious before I could justify that.
And I won't ever start at that price so the deal is dead.
There's a parallel in 3d printing. Not so long ago 3d printers were insanely expensive and only accessible to professionals. Now consumer grade machines are starting to replace machines that cost 10-100x more.
It's a frustrating thing about the economy where power tools that could enable a lot of people to do a lot of things are priced so that only a few people who can pay a lot can have access to them. I get that the people making them need to make a livelihood, but the frustration remains.
Oh yes there's plenty of free CAD (for example, FreeCAD), but there are some truly excellent but insanely expensive tools out there too.
I would be happy to spend a large sum of money for a copy, but you can't any more. You have to buy a subscription.
If I can buy something excellent and know that I'll be able to use it, even if outdated, in 10 years, there's real value to an investment like that.
If I'm throwing several dollars a day into a hole for something I'll probably only use sometimes, and at that, perhaps taking years between uses, I can't justify the expense.
Something like how I bought the best cordless drill I could find. Not because I use it every day, or even every month, but because I wanted my drilling experience to be good every time I used it.
If you have good tools you're more likely to do things and do them well.
People give the same advice about guitars. Don't buy a cheap guitar if you want to pick up the skill. It will be difficult to tune, it won't keep a tune, and it won't sound great whatever you do. Buy a good guitar and what you do will sound better and encourage you to keep it up and get better.
A lot of free software tools are the same. They can do what they do, but their flaws discourage use and make failure as a beginner a lot more likely.
There is probably an optimum there. Not so refined as to be too expensive to be accessible to most people and not so rudimentary as to turn away people who try with low success.
> Fusion 360 is free for hobbiests. Not just students.
Fusion is a whole other ball of wax. I was referring to the rest of the Autodesk suite. You can certainly find cracked versions of whatever, but (ab)using the student licensing will at least be some insurance against malware.
The way I look at it (and I'm obviously not a representative of Autodesk in any way, shape, or form): if it's making you money, pay for it. If it's not, don't. If you pirate it to learn how to use it, that's one thing. If you wanted to start selling whatever you're designing that would be the time to pay.
Autodesk, like Adobe, is making a huge push towards subscription licensing. I detest that stuff, but it's at least less of a hit initially unlike IDA.
They won't do unlimited licenses or subscriptions at all, but you can get group licenses (with license server) and support subscriptions. Your three choices are:
a. license server
b. licensed to a specific person
c. licensed to a specific computer
They are indeed pretty unpleasant about the process. They've been burned by license violations.
More than unpleasant. I bought a license, missed the (2 week or something?) deadline to install/activate, and their support ghosted me, leaving my repeated pleas to open another window unanswered. $1k down the drain.
I'm not very experienced with RE, but for my limited use-case Cutter/radare2 is usually as good as free IDA version. For this one old MFC4.2 app, Cutter was actually better than IDA at demangling the symbols!
It's very exciting to have such a great tool available. IDA might actually be detrimental in the long run. We desperately need more pentesters/infosec folks, and this generation's exposure is more high-level. So open-source RE tooling is essential to get people interested and messing about with this stuff (IMO).
I discovered Radare2 some years ago, and found that Cutter strongly lowers the learning curve of r2.
On that note, I used to play (as a n00b) to some crackmes and ctf, but not having kept up to date I can't find a live replacement for crackmes.de (or .cf today...still an archive though).
Any suggestions of current resources to "play" with r2 and Cutter?
TIS-100 by Zachtronics is a game based around a very small instruction set assembly language on an interesting architecture.
Shenzhen I/O is also meant to be good, but I haven't played it.
Neither are even close in complexity or sheer number of instructions to x86, but then I get the sense that x86 tends to put people off assembly in a way that simpler architectures don't.
TIS-100 is a neat programming puzzle game. A lot of the programming challenges revolve around the limited nature of the CPU nodes in each system (two registers, no memory, very limited space for assembler source code). It's a fun game if you love to program. However, I found the later challenges somehow too frustrating and I haven't finished the game.
I learned to use Radare2 a bit during our company's last CTF, and while it's super awesome in terms of capabilities, the GUI story is terrible: if you start investigating, it seems there's a long debris trail of half-done GUIs where someone said, “Hey, this would be easier if there were a GUI”. Even the visual mode inside radare2 has completely different commands from the non-GUI mode, and you almost certainly need to switch back and forth.
If radare2 found a couple of undergrad usability students to contribute and then focused on consistency and bug-fixing, it would be able to live up to its truly amazing potential.
Radare, in my opinion, is mostly lacking on the user-experience sides. IDA is easier to pick-up and use. Also, I feel Radare's decompilers don't fare as-well as Hex-Rays. I equate this to Windbg - your best Windows debugger, which unfortunately is relatively tough to pick up (I'd argue, mostly due to poor UI choices). Forgoing that, Radare is absolutely packing.
I've moved on to reverse most of my projects with Radare. I'm still missing a handful of small features/plugins from IDA, but it's not a big issue.
There are more alternatives to IDA Pro. Hopper Disassembler is one. Binary Ninja (binja) is another.
Here is an independent review of Binary Ninja: https://www.trailofbits.com/research-and-development/binja/
Here is the project itself: https://binary.ninja/
I happen to know most of the people involved in Binary Ninja. They do great work. They really understand security and the need to operate off-line.
BTW, if disassembly is a career interest for you, see https://news.ycombinator.com/item?id=17208556 for my "Ask HN: Who is hiring? (June 2018)" comment.