As a kid fumbling around proprietary Windows binaries, I felt liberated by the ideas of Fravia and +ORC. They taught me that I deserve to know what goes on underneath the software I use. Softice, IDA and w32dasm were the tools of the trade. But most of it were limited to finding where the MessageBox with the trial message pops up and reversing the conditional jump just before it. Here is a small tutorial teaching how to reverse and remove the trial limitation of an ancient version of UltraEdit : http://71.6.196.237/fravia/uedilas.htm
But after switching to a fully opensource stack, reverse engineering lost its charm. Understanding how things work is taken for granted and I can't imagine going back to an opaque proprietary environment.
What you link to is Fravia+ previous project, more focused on software reverse engineering - http://www.woodmann.com/fravia/.
Fravia+'s last project - "Web
Searchlores" was/is more aimed towards general reverse engineering and information searching. The site contains a huge collection of information, which curiously, although not updated for so many years, is still relevant today.pparently searchlores.org and fravia.com have expired and are "parked" by sombody. But looks like http://search.lores.eu/ is the only remaining official mirror that remains from
What you say about the F/OSS certainly rings true, but at least for me, software reverse engineering has always been more as a training ground for reversing in general than to cracking software copy protections.
+greythorne has stopped updating his pages and +HCU's Linux infor, but mammon_ is pretty active, and even moved to Github: http://mammon.github.io/ . Definitely worth checking out for more information about Software RE under GNU/Linux.
Nowadays there are a lot of opaque software in widespread use, so the main focus has shifted towards web platforms, where reversing is still applicable.
> although not updated for so many years, is still relevant today.pparently searchlores.org and fravia.com have expired and are "parked" by sombody. But looks like http://search.lores.eu/ is the only remaining official mirror that remains from
One issue with reverse engineering information/community is the lack of organization. There are a lot of web resources about it but are not well interlinked (yes, the <a> tag). So, it is possible that a great tool is hidden in a page with low page rank. OpenRCE was successful in the past but nowadays people don't use it.
That's also my story. I spent countless hours reverse engineering software but stopped after going Linux-only. In fact I realized that reverse engineering was the only reason I'd been using Windows for a very long time.
I also remember many wonderful tools like PEiD (locating and identifying hash functions), hiew (hexeditor), RSATool (RSA cracking tool), FSG (file compressor). There was also OllyDbg and it seems that it's still actively developed.
Oh man, OllyDbg was excellent. I was never great at reverse-engineering, it was mostly a "change random jmps and hope it works" thing for me, but it was exciting. Nobody I knew had credit cards back then, and I was a teenager, so I couldn't pay anyway, but I'd get shareware I don't use just to see if I can crack them. I'd delete them afterwards.
I once created an "uncrackable" crackme (in Visual Basic 4, no less!) that had a part of its code encrypted with RC4, and the license key was the decryption ley.
Fun times. I remember the two best cracks I read about: One was to add functionality to binary software (the tut was to add something to Notepad). This was used to 'crack' w32dasm and add some other stuff (there were really cool w32dasm versions circulating).
The other was (and it is funny that is still quite relevant e.g. SimCity) to emulate a validation server (I think it was Flex validation) in localhost to register software that called home.
My personal best was to do keygens. For that, you really needed to understand the asm program routine which validated the username/pass.
I went through the same process. Fravia and the +HCU fostered my curiosity and made me want to know more and more about the inner workings of software. Not only that, Fravia was a man of learning, essays on the +HCU/SearchLores.org were often a philosophical pretext to discuss subjects beyond reverse engineering.
I miss the man and I regret not having been able to meet him in person.
Yeah I loved those "back in the day". I've never been good at reversing stuff but there is a certain zen-like quality that I appreciate about the process :)
Has anyone ever figured out who +orc was/is? That was one of the fun riddles of the day :)
This is a bad answer, but when I'm on Linux, I use objdump and gdb for most of my reversing. They don't really compare to IDA, though. xxd is fine for hex editing, especially in the context of simple conditional jump changing, although there are much better open source hex editors.
Ahh. This brings back my memories of my teen years of reverse engineering. I enjoyed it so much I almost decided to go into malware analysis. Breaking crackmes, reversemes, spending hours writing code in C and dissecting what compilers came up with at all levels of optimization. Finding packers/protectors and figuring out how to remove them by hand and then building an olly script that would do it automatically. Cracking all the software you own (legally) just because. Back when CD cracks were still needed, I actually made my own, and it felt great.
I did all of my hacking on a Windows machine but now I use OSX almost exclusively. Does anyone know of roughly equivalent tools in this world? Maybe I'll take up the hobby again.
Like a lot of people here, this brings back fond memories. For me, the first real experience of disassembling was with DOS games, when you would use a TSR (terminate and stay resident) debugger to hook into a running executable and try and figure out what it was doing. I think at the time I was mostly interested in hacking infinite lives - I was a lousy gamer.
I remember one of the tricks used by apps was to encrypt the code in some way, and rely on the DOS single-step interrupt to execute the decryption process as the code was run, one instruction at a time. The idea was to prevent static disassembly with the encryption while also discouraging run-time analysis (since a debugger would usually overwrite the single-step interrupt that fired off the decrypter).
I actually ended up writing my own TSR debugger that could step through such code by chaining the interrupts. It could also detect many of the self extracting compression formats and jump past the decompression stage on startup so you didn't spend the first 10 minutes trying to step through decompression code. I was quite proud of that app.
Then in the late 90s I moved on to Windows disassembly, when I became somewhat obsessed with uncovering the undocumented APIs in Windows 95. I even had a Geocities website where I used to publish some of my findings. The site is obviously gone now, but it's still mirrored in a few places.
If price is an issue, consider the freeware version: [1]. It disallows commercial use, and lacks recent features, but it should be great for a hobbyist. If you need more than this feature set, $1199 is a bargain for what you get with IDA Pro, as others have mentioned.
Given the maturity of the tool, the breadth of functionality, plugins, scriptability, etc. these are petty money for what IDA Pro has to offer to a professional that has to do Reverse Engineering for a living.
I do agree that for a tool used for a hobby it is expensive, but for hobbyists there are other, simpler tools that could be used.
I used to do reverse engineering when I was a teenager, just for the fun. It made me feel powerful in a certain way. RE is a great mind puzzler! It builds lots of skills: I learnt a lot of ASM, how OSes worked on the inside, compilers, problem solving...
For all the comments about crackmes and patching around messageboxes, I would like to mention that reverse engineering is arguably more valuable for its ability to surface file format information and/or protocol specifics.
In several countries, this is one of the expressly granted rights with respect to reverse engineering since it promotes interoperability and (more often than not) allows one to use a file format (or network service) long after the original software has expired [in the mortality sense].
You can also have some fun by doing crackmes at http://www.crackmes.de. Many crackmes require considerable technical and analytical skills. They also enable you to learn the underlying platform better.
No, your antivirus software has a False Positive.
I hate people that trust to AV without any attempts to use their brain. If your AV say to you 'JUMP TO WINDOW' - will you do it?
What to Submit
On-Topic: Anything that good hackers would find interesting. That includes more than hacking and startups.
If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual curiosity.
But after switching to a fully opensource stack, reverse engineering lost its charm. Understanding how things work is taken for granted and I can't imagine going back to an opaque proprietary environment.
Fravia passed away on 2009; but his archives are preserved here: http://71.6.196.237/fravia/index.htm