Happy Reunion – Here’s the answers
It was so so good to see you guys again – you’re all amazing, and I can’t wait until we meet again. I also have to say a massive thank you to the special person who asked me lots of questions on privacy and surveillance…..so a giant “thank you”. You’re now my hero. To keep my promise, here are the answers of the books that I recommend if you’d like to learn Assembly the fun way.
Step 1 – Triangulate your code
A great way to learn Assembly is to cross reference a program written in C, against Assembly using Ida Pro. Here’s an example of what we’re aiming for: We’re looking for what’s happening across the 3 layers. What you “think” is happening in C, may not be what is actually happening in a low level language. Assembly and machine code are a delight to work with – which is surprising to everyone on the course. We all got to really think that Assembly was one of the best languages out there.
Ida Pro will produce flow charts like these – which link up all the jumps being made in the code.
The best tutorials out there for cracking are “The Legend of Random” which I’ve linked in later on. Random takes you through the flags and assembly jumps, in order to crack license codes, so that the license is seen as valid. It’s great fun… but we warned, you’ll get addicted. Even if you do the first 7 tutorials, you’ll be cracking in no time, by reading the assembly code. By reading and seeing these jumps – you’ll get a real feel for assembly coding – and how to hack the assembly code into doing things it shouldn’t.
Ollydgb – often used to crack serial licenses. http://www.ollydbg.de/
The awesome “LEGEND OF RANDOM” Tutorials for Ollydbg **Amazing Stuff*** Download a couple of these and you’ll be given practical examples to work on.
Flags – it’s a good idea to learn the capacity of the registers and the flags. If you have an old AL register that allows 8 bits. If you have a newer register it may take 32 bits. It’s easier to overflow certain registers.
The buffers, registers and flags can all be manipulated to make a program do unexpected things. Ida pro is more powerful than Olldydbg – but then it’s an expensive product.
Ida pro will show you how the machine code is being attacked – and if you run an exploit – what is happening in machine code.
Practical Malware Analysis – the “Alien Baby” book
This is the £6 book I mentioned… but its out of print. Basically it was a little gem for Vulnerability Development, and worth it’s weight in gold. http://www.amazon.co.uk/x86-Disassembly-Exploring-relationship-Assembly/dp/1466346051/ref=sr_1_11?s=books&ie=UTF8&qid=1431125419&sr=1-11&keywords=x86+assembly
Hacking and the Art of Exploitation.
**Amazing book http://www.amazon.co.uk/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_18?s=books&ie=UTF8&qid=1431125721&sr=1-18&keywords=assembly+language Learning the architecture and the flags used is really important. This is best “experienced” from cracking the code in the exercises by Random.
Step 2 – Best Disassembly/Debuggers
The best programs are
2. Ollydgb – often used to crack serial licenses. Olly is a crackers delight and free. WOOHOO!! http://www.ollydbg.de/
3. The awesome “LEGEND OF RANDOM” Tutorials for Ollydbg http://thelegendofrandom.com/blog/sample-page https://micksmix.wordpress.com/2012/12/11/excellent-ollydbg-tutorials/
5 Darun grimm diffing tool – useful for comparing Microsoft patches when they’re released, so that you can see the code that’s been patched. Yellow means code has been altered and red blocks means code has been deleted.
6. Windbg – Windows Only
Now, this tool is totally weird, but can be mastered. In the end, even as a novice of some 6 weeks, new Windows vulnerabilities can be located. When you find a new vulnerability, you’ll think that you’ve misunderstood the code, rather than you’ve just found a new bug. It’s like having a winning lottery ticket.. you have it, but don’t believe it and keep checking. The best book for Windbg is: http://www.amazon.co.uk/Advanced-Windows-Debugging-Administering-Addison-Wesley/dp/0321374460/ref=sr_1_29?ie=UTF8&qid=1431132795&sr=8-29&keywords=windbg
Make sure that you’ve updated all your symbols – as that’s the key to Windbg.
7. Buffer Overflow Attacks
This really old book is a great primer for the stack, registers, EIP and shellcode. It’s cheap as chips to buy, but real quality. It’s dedicated to buffer overflows, but much of what you’ll come across is literally pushing onto the stack, to trigger an overflow. The basics are as valid today, as ever. http://www.amazon.co.uk/Buffer-Overflow-Attacks-Exploit-Prevent/dp/1932266674/ref=sr_1_1?ie=UTF8&qid=1431133105&sr=8-1&keywords=buffer+overflow#reader_1932266674
Hope to see you again VERY soon. Happy hacking!