Today’s 10-12pm class welcomes a cyber security professional works at Symantec. Ruben has been in the security field for the last 4 years of his career with a background of software engineering.
You can find Ruben on Twitter.
His workshop dives into the world of reverse engineering by using binary ninja to find flags for a mini-CTF. Mostly new to this field of security, it was great experience to have Ruben to guide us through this endeavour.
Reversing engineering and exploitation tools come in all shapes and sizes meaning you don’t have to use tools listed below (lightweight version of open source software is preferred if available). Like everything in this subject, there is no right way to complete a task; there are always multiple solutions to a problem. You can choose any tools you’re comfortable with.
Other mentionable tools like IDA PRO have been suggested as a preferred reverse engineering software however acquiring a license can be expensive for an individual especially if you’re a student.'
Binary Ninja is a reverse engineering platform that provide developers and security professionals disassembly code formatted for human-readability.
The demo version of binary Binary Ninka is free to demonstrate basic functionality for the requirement of this workshop. It is available platform: OS X, Linux and Windows.
GDB is a debugger that allows you see the instruction of a inside another program while its running. It is particularly helpful to diagnose the moment another program when it crashes.
If your GDB is outdated you can download the most recent official release of GDB.
Important issue to note for OS X users, there is no official support for GDB on OS X however it can work to an entext. From experience, downloading the latest version of GDB on my mac resulted in unable to locate the file to be debugged. I have tried multiple method from Stackoverflow and other sources but none have been successful. Highly suggest use Kali as it already has GDB installed.
PEDA enhances the user usability of GDB by displaying disassembly codes with logical colorize texts, registers and memory information during debugging.
Extra Commands to support debugging and exploit development. Without this you will be unable to debug through GDB. Other alternatives that is similar to PEDA is GEF.
Although I have seen people using Binary Ninja to solve flags for CTFs and during SecTalks, it was my first time ever using binary ninja indepth. I have no clue how it works and what I am suppose to be looking for. Intimated by the shear scale of it’s functionality, I simplified the program by using my software background.
At the end of this lesson, Ruben demonstrated that this workshop is a great way to enter the world of reverse engineering by putting yourself straight into a challenge.
Only by doing the most basic levels of reverse engineering challenges out there I was able to learn how to Binary Ninja and GDB intuiatively.
Using our previous knowledge, I digged into the function like the previous question trying to find string function.
Converting the values into string character revealed it was unreadable and of course it would be encrypted. This is why security works by converting a value into a unreadable string until it can be decrypted using a key. Learning later on about different type of keys requirement a public key and/ or private, were hinted that this function uses a key.
Something looked a bit different from the last challenge in the loop method in this main function. XOR.
So, what do we now? We can blindly go into GDB, run the program, create breakpoints and assess what’s being currently ran. Otherwise we figure out what happens within the loop function before input commands into gbd.
Firstly, it is always a good idea to run the program and analyse the output. It could provide us with hints or nothing.
Important note before starting to create breakpoints is to install peda or gef. Both of these are assistance tool for gdb to reverse engineer the program.
Another way I accidentally found the flag was putting a breakpoint at the XOR function and enter the command ‘n’ for next step. Stepping 100+ steps later, the word FLAG is revealed. By bashing enter, the flag will slowly reveal itself.
Undergoing a bachelor in software engineering, this aspect of cyber security was intriguitng and exciting. There was a lot of missing knowledge I thought I had and going straight into Binary Ninja felt like I was programming for the first time except looking at disassembled code.
Currently challenge 0x03 and 0x04 is not a priority until the major portfolio is completed. I would like to dedicate most of time to proof read and finalise my report. However if I complete my porfolio before submission, I would like to complete the remainding challenges and DM Ruben about my results.
Twitter n.d., ‘RubenthijssenutoutI’, Twitter, viewed n.d., https://twitter.com/rubenthijssen
Hex-Ray n.d., ‘IDA: ab’, Aida6o4, viewed n.d., https://www.hex-rays.com/products/ida/
Binary Ninja n.d., ‘Home’, Binary Ninja, viewed n.d., https://binary.ninja/
GNU n.d., ‘Home’, GNU, viewed n.d., https://www.gnu.org/
Github n.d., ‘PEDA’, longld, viewed n.d., https://github.com/longld/peda
Github n.d., ‘GEF’, hugsy, viewed n.d., https://github.com/hugsy/gef