Ghidra An Open Source Reverse Engineering Tool Lars A. Wallenborn FrOSCon 2019, 10th August How the NSA open-sourced all software in 2019 Intro Since 2004 IT Freelancer 2013 Diploma in Mathematics @ Uni Bonn 2014 - 2015 Software Developer in Bonn Since 2015: Security Researcher at CrowdStrike whoami Lars A. Wallenborn [email protected] @larsborn 1 whoami Lars A. Wallenborn [email protected] @larsborn Since 2004 IT Freelancer 2013 Diploma in Mathematics @ Uni Bonn 2014 - 2015 Software Developer in Bonn Since 2015: Security Researcher at CrowdStrike 1 Overview 1. What is Reverse Engineering? 2. Why should I do it? 3. How do I do it? 2 What is Reverse Engineering • very general term: process of ”reversing” the production process of an artificial object • with the aim to reveal its designs, architecture, or – generally – to extract knowledge This Presenation We will focus on a very specific kind of Reverse Engineering: Binary Software Reverse Engineering What is Reverse Engineering • RE or reversing for short 3 process of ”reversing” the production process of an artificial object • with the aim to reveal its designs, architecture, or – generally – to extract knowledge This Presenation We will focus on a very specific kind of Reverse Engineering: Binary Software Reverse Engineering What is Reverse Engineering • RE or reversing for short • very general term: 3 • with the aim to reveal its designs, architecture, or – generally – to extract knowledge This Presenation We will focus on a very specific kind of Reverse Engineering: Binary Software Reverse Engineering What is Reverse Engineering • RE or reversing for short • very general term: process of ”reversing” the production process of an artificial object 3 This Presenation We will focus on a very specific kind of Reverse Engineering: Binary Software Reverse Engineering What is Reverse Engineering • RE or reversing for short • very general term: process of ”reversing” the production process of an artificial object • with the aim to reveal its designs, architecture, or – generally – to extract knowledge 3 We will focus on a very specific kind of Reverse Engineering: Binary Software Reverse Engineering What is Reverse Engineering • RE or reversing for short • very general term: process of ”reversing” the production process of an artificial object • with the aim to reveal its designs, architecture, or – generally – to extract knowledge This Presenation 3 What is Reverse Engineering • RE or reversing for short • very general term: process of ”reversing” the production process of an artificial object • with the aim to reveal its designs, architecture, or – generally – to extract knowledge This Presenation We will focus on a very specific kind of Reverse Engineering: Binary Software Reverse Engineering 3 Reverse Engineering Binary Software Reverse Engineering Compilation source code binary / executable 4 Binary Software Reverse Engineering Compilation source code binary / executable Reverse Engineering 4 Binary Software Reverse Engineering – More General X easy to read hard to read Reverse Engineering 5 Why should I do it? : Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance 6 • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? 6 : A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility 6 • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. 6 : Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes 6 • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. 6 : Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis 6 • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. 6 : Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development 6 • Cracking: How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? 6 : How to circumvent copy right protection? • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack. • Malware Analysis: Understand The Bad GuysTM. • Exploit Development: Are there bugs? Can I exploit them to make it behave in a way it was not intended? • Cracking 6 • Economic Espionage: How does it work with the goal to reimplement it and then sell it. I am not a lawyer But this is roughly sorted by how legal I think it is. In Germany. On a sunny day. Motivation • Quality Assurance: Does it do what it is supposed to do? • Interoperatibility: A wild undocumented binary blog appears. • Educational Purposes: Excuse to hack.