[Noisebridge-discuss] Software Reverse Engineering Workshop
d p chang
pchang at macrovision.com
Thu Apr 30 19:09:10 UTC 2009
"Dr. Jesus" <j at hug.gs> writes:
> I need a few things from everyone interested to make sure I'm giving
> the right talk.
my responses are probably a bit willy-nilly. i've worked w/ reversers
but mostly i do it for fun not profit (well, maybe to figure out why
some vendor library is doing whatever it is doing @ the day job).
anyway...
> [ ] Focusing on x86 only is fine with me.
> [ ] I would also to know about other processors:
> [ ] Focusing on the Linux ABI only is fine with me.
> [ ] Focusing on the Windows ABI only is fine with me.
> [ ] Focusing on the Darwin (mac) ABI only is fine with me.
my opinion is, whatever floats your boat for either of these.
somewhat related (since it used to use system specific goo that i
recall), i'd be interested in hearing about what people do these days to
thwart reversing (eg, dynamic code/partial instructions/etc). back in
the day, some games did some pretty 'cool' tricks (although it was a
pain when you were trying to debug why the game didn't work on your next
gen graphics hw).
> [ ] I sort of care about licensing politics, but I really just want the source code any way I can get it.
..
> [ ] I have another opinion not covered above:
i'd prefer source, but have cme to realize that having the source isn't
often useful. there's an assload of really crappy source out there.
> (by heart means you can reconstruct the relevant parts of the opcode's
> pages in the manual from memory, blindfolded, with one hand tied
> behind your back)
waht's relevant? the binary encoding or just what flags it sets etc?
> [ ] I can read disassembly listings for another processor:
after x86 these days (and not for all of the 'fancy' sseX instructions),
mostly old crap like, alpha/mips/68k/ppc. the trimedia processor is
probably the weirdest, and i definitely need the cheatsheat for all of
arm's crazy addressing modes.
> [ ] I know how to do this manually in C.
hmmm... you mean w/ 'straight' c? the last compiler i worked on ignored
most programmer hints when it 'knew better' (ie, loop backward jumps
were expected etc), but they might not do that sort of stuff any more
since everything seems to have 'intrinsics' to hint.
> [ ] Without an opcode chart.
what do opcodes have to do w/ c? you're talking asm blocks?
> [ ] Without looking anything up, I can explain exactly what this program is doing and why it works:
> http://pastebin.com/m2f68dc27
won't work on systems that use function descriptors (ppc macs and
probably aix :-)
> [ ] Off the top of my head, I know why scribbling on the 8237 compatibility registers on my mac doesn't cause it to asplode.
not old-school pc enough to know/care.
> [ ] I know the correct response, including format, to the $100 trivia question from prequals.
not security focused enough to even know the question.
\p
---
The loyalty of small men can be bought cheaply, for greed has no pride.
--- Michael Kube-McDowell
More information about the Noisebridge-discuss
mailing list