Bug hunting through_reverse_engineering

•

1 like•570 views

arif

A brief introduction into fuzzing and software reverse engineering

Software

Bug Hunting
Through
Reverse Engineering
d.monkey @ echo.or.id

Software
Hardware
Computer
Application
Operating System
Firmware
HW

Application
Computer
Virtual Machines
Native Application

Virtual Machines
Computer Applications
Native Application

Virtual Machines
Applications
Native Application
Bytecode ISA Opcode

Virtual Machines
Application based Virtual Machines
Java Applications
Python
PHP
Javascript

Native Applications
Native Applications
C / C++
Golang
Rust
Ocaml

Native Apps
C / C++ Source Code
Compiler
Native Apps

The Reason
• Development With No Access To Source Code

• Bypass Restrictions

• Malware Analysis

• Bug Hunting & Exploit Development

• Self-Satistiﬁcation of curiosity.

Exploit Development
Fuzzing
Analyze
Exploitations

Fuzzing
Generate Testcase
Feed Input to
Program
Crash
Repeat

Reversing and Fuzzing
• RE is hard if the target is too complex.

• RE is hard if such obfuscations implemented in
the target

• Fuzzing sometimes it just works, but without RE
it’s just a plain bugs with no prior knownledge to
exploit.

Reversing Nightmare
• Software Obfuscations

• Packer / Self Modifying Code

• Code Flattening, Subtitutions, Dead Code
Insertions, Etc.

• Self Virtual Machines

Bug Classes
• Memory Corruptions

• Race Conditions

• Weak Cryptographic

• Implementation / Architectural Flaw

Reverse Engineering Native Apps
• Static Analysis

• Dynamic Analysis

Static Analysis
Native Apps
Disassemble
Analyze

Static Analysis
• Pros

• Good for analyzing a small apps / speciﬁc
functions

• Best to ﬁnd implementation ﬂaw a bad features

• Cons

• If the apps is to big it’s hard to ﬁnd bugs

• Hard to analyze if such obfuscations applied

Dynamic Analysis
Native Apps
Emulate / Debugger
Analyze

Dynamic Analysis
• Pros

• Good for analyzing obfuscated apps.

• Good for analyzing complex apps.

• Cons

• Need to run apps so for some big apps is quite
computations heavy.

Native Apps
C / C++ Source Code
Compiler
Native Apps
Backend
Frontend
PASS

Fuzzing with LibFuzzer
C / C++ Source Code
Compiler
Native Apps
Backend
Frontend LibFuzzer
LLVM PASS

Fuzzing with LibFuzzer
Native Apps
Compiler
Native Apps
Backend
Frontend LibFuzzer
Disassembler
Bitcode Translations

What's hot

Adressing nonfunctional requirements with agile practicesMario Cardinal

Differences asked in Software Testing Interview. Siddharth Sharma

Status report #7gtrevino80

Software engineeringMandavi Classes

Status report #8gtrevino80

Introduction to Software Enigneering university of education,Lahore

WQD2011 - INNOVATION - DEWA - Substation Signal Analyzer SoftwareDubai Quality Group

Software Testinguniversity of education,Lahore

Current_ResumeJacob Batts

Simply zdlcDr. Bippin Makoond

Sdlc 4university of education,Lahore

Computer aided software engineeringČhauÐhařÿ Faísal Ãlï

Function PointsLuxoftAgilePractice

Software engineering 14 software quality metricsVaibhav Khanna

System Designuniversity of education,Lahore

Joseph G ScottJoe Scott

Function PointsChris Farrell

formal verificationToseef Aslam

Biometric Authentication Hardware Device Teq Diligent Case StudyTeq Diligent

An Introduction to Iterative Software DevelopmentGeoffrey Weglarz

What's hot (20)

Adressing nonfunctional requirements with agile practices

Differences asked in Software Testing Interview.

Status report #7

Software engineering

Status report #8

Introduction to Software Enigneering

WQD2011 - INNOVATION - DEWA - Substation Signal Analyzer Software

Software Testing

Current_Resume

Simply zdlc

Sdlc 4

Computer aided software engineering

Function Points

Software engineering 14 software quality metrics

System Design

Joseph G Scott

Function Points

formal verification

Biometric Authentication Hardware Device Teq Diligent Case Study

An Introduction to Iterative Software Development

Viewers also liked

Binary exploitation - AIS3Angel Boy

SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)Sehan Lee

Glibc malloc internalMotohiro KOSAKI

Sigreturn Oriented ProgrammingAngel Boy

Heap exploitationAngel Boy

Advanced heap exploitaionAngel Boy

Play with FILE Structure - Yet Another Binary Exploit TechniqueAngel Boy

Introduction to Reverse EngineeringGopinath Chintala

Reverse engineeringYuffie Valen

Introduction to Reverse EngineeringDobromir Enchev

Reverse engineeringSyed Zillay Ali

Reverse Engineeringdswanson

Reverse engineering & its applicationmapqrs

Reverse engineeringananya0122

AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017Carol Smith

Viewers also liked (15)

Binary exploitation - AIS3

SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)

Glibc malloc internal

Sigreturn Oriented Programming

Heap exploitation

Advanced heap exploitaion

Play with FILE Structure - Yet Another Binary Exploit Technique

Introduction to Reverse Engineering

Reverse engineering

Introduction to Reverse Engineering

Reverse engineering

Reverse Engineering

Reverse engineering & its application

Reverse engineering

AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017

Similar to Bug hunting through_reverse_engineering

Webinar slides: Introduction to Database Proxies (for MySQL)Continuent

Kicking Down Silos: Co-Designing Software & Hardware to Create Great ProductsKinoma

Intro to PhoneGapChris Griffith

Here Be Dragons – Advanced JavaScript DebuggingFITC

FITC - Here Be Dragons: Advanced JavaScript DebuggingRami Sayar

Pipeline as code for your infrastructure as CodeKris Buytaert

Sensible scalingRowan Merewood

Static-Analysis-in-Industry.pptxShivashankarHR1

Symfony Live NYC 2014 - Rock Solid Deployment of Symfony AppsPablo Godel

Cross platform mobile approachesPhuong Hoang Vu

Jason Kent - AppSec Without Additional Toolscentralohioissa

Badoo: Cross platform Mobile Test Automation and Continuos DeliveryCodeFest

Continuous Delivery of (y)our infrastructure.Kris Buytaert

SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony AppsPablo Godel

Machine programmingDESMOND YUEN

JavaOne 2014 Security Testing for Developers using OWASP ZAPSimon Bennetts

Write Generic Code with the Tooling APIAdam Olshansky

Getting your mobile test automation process in place - using Cucumber and Cal...Niels Frydenholm

From Web to Mobile with Stage 3DJean-Philippe Doiron

Abusing bleeding edge web standards for appsec gloryPriyanka Aash

Similar to Bug hunting through_reverse_engineering (20)

Webinar slides: Introduction to Database Proxies (for MySQL)

Kicking Down Silos: Co-Designing Software & Hardware to Create Great Products

Intro to PhoneGap

Here Be Dragons – Advanced JavaScript Debugging

FITC - Here Be Dragons: Advanced JavaScript Debugging

Pipeline as code for your infrastructure as Code

Sensible scaling

Static-Analysis-in-Industry.pptx

Symfony Live NYC 2014 - Rock Solid Deployment of Symfony Apps

Cross platform mobile approaches

Jason Kent - AppSec Without Additional Tools

Badoo: Cross platform Mobile Test Automation and Continuos Delivery

Continuous Delivery of (y)our infrastructure.

SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps

Machine programming

JavaOne 2014 Security Testing for Developers using OWASP ZAP

Write Generic Code with the Tooling API

Getting your mobile test automation process in place - using Cucumber and Cal...

From Web to Mobile with Stage 3D

Abusing bleeding edge web standards for appsec glory

Recently uploaded

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

5 Signs You Need a Fashion PLM Software.pdfWave PLM

TECUNIQUE: Success Stories: IT Service providermohitmore19

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823

Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy

The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171

Diamond Application Development Crafting Solutions with PrecisionSolGuruz

How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes

HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171

Active Directory Penetration Testing, cionsystems.com.pdfCionsystems

Professional Resume Template for Software DevelopersVinodh Ram

Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531

Microsoft AI Transformation Partner Playbook.pdfWilly Marroquin (WillyDevNET)

DNT_Corporate presentation know about usDynamic Netsoft

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions

Recently uploaded (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...

5 Signs You Need a Fashion PLM Software.pdf

TECUNIQUE: Success Stories: IT Service provider

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

Diamond Application Development Crafting Solutions with Precision

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

HR Software Buyers Guide in 2024 - HRSoftware.com

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

Active Directory Penetration Testing, cionsystems.com.pdf

Professional Resume Template for Software Developers

Hand gesture recognition PROJECT PPT.pptx

Microsoft AI Transformation Partner Playbook.pdf

DNT_Corporate presentation know about us

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...

Bug hunting through_reverse_engineering

1. Bug Hunting Through Reverse Engineering d.monkey @ echo.or.id

2. Reverse Engineering

3. Reverse Engineering

4. Reverse Engineering -ETOOBIG

5. Software Hardware Computer

6. Software Hardware Computer Application Operating System Firmware HW

7. Software Hardware Computer Application Operating System Firmware HW

8. Application Computer Virtual Machines Native Application

9. Virtual Machines Computer Applications Native Application

10. Virtual Machines Applications Native Application Bytecode ISA Opcode

11. Virtual Machines Application based Virtual Machines Java Applications Python PHP Javascript

12. Native Applications Native Applications C / C++ Golang Rust Ocaml

13. Native Applications Native Applications C / C++ Golang Rust Ocaml

14. Native Apps C / C++ Source Code Compiler Native Apps

15. The Reason • Development With No Access To Source Code • Bypass Restrictions • Malware Analysis • Bug Hunting & Exploit Development • Self-Satistiﬁcation of curiosity.

16. Another Reason

17. Another Reason

18. The Reason • Development With No Access To Source Code • Bypass Restrictions • Malware Analysis • Bug Hunting & Exploit Development • Self-Satistiﬁcation of curiosity.

19. Exploit Development Fuzzing Analyze Exploitations

20. Fuzzing Generate Testcase Feed Input to Program Crash Repeat

21. Reversing and Fuzzing • RE is hard if the target is too complex. • RE is hard if such obfuscations implemented in the target • Fuzzing sometimes it just works, but without RE it’s just a plain bugs with no prior knownledge to exploit.

22. Reversing Nightmare • Software Obfuscations • Packer / Self Modifying Code • Code Flattening, Subtitutions, Dead Code Insertions, Etc. • Self Virtual Machines

23. Reversing Nightmare

24. Reversing Nightmare

25. Reversing Nightmare

26. Reversing Nightmare

27. Reversing Nightmare • Software Obfuscations • Packer / Self Modifying Code • Code Flattening, Subtitutions, Dead Code Insertions, Etc. • Self Virtual Machines

28. Bug Classes • Memory Corruptions • Race Conditions • Weak Cryptographic • Implementation / Architectural Flaw

29. Reverse Engineering Native Apps • Static Analysis • Dynamic Analysis

30. Static Analysis Native Apps Disassemble Analyze

31. Static Analysis • Pros • Good for analyzing a small apps / specific functions • Best to find implementation flaw a bad features • Cons • If the apps is to big it’s hard to find bugs • Hard to analyze if such obfuscations applied

32. Tool for Static Analysis

33. Dynamic Analysis Native Apps Emulate / Debugger Analyze

34. Dynamic Analysis • Pros • Good for analyzing obfuscated apps. • Good for analyzing complex apps. • Cons • Need to run apps so for some big apps is quite computations heavy.

35. Native Apps C / C++ Source Code Compiler Native Apps

36. LLVM

37. Native Apps C / C++ Source Code Compiler Native Apps Backend Frontend PASS

38. LLVM

39. LLVM IR

40. Fuzzing

41. Fuzzing with LibFuzzer C / C++ Source Code Compiler Native Apps Backend Frontend LibFuzzer LLVM PASS

42. Fuzzing with LibFuzzer Native Apps Compiler Native Apps Backend Frontend LibFuzzer Disassembler Bitcode Translations

43. DEMO