Best of Reverse Engineering2024

  1. 1
    Article
    Avatar of hnHacker News·2y

    Reverse Engineering TicketMaster's Rotating Barcodes (SafeTix)

    The post explores TicketMaster's SafeTix rotating barcode system. It critiques the system's shortcomings, such as its reliance on internet connectivity and the potential for usability issues. The author reverse engineers the barcode mechanics, revealing how static bearer tokens and TOTP-based six-digit numbers are used to validate tickets. The motivations behind SafeTix's implementation, including reducing ticket fraud and promoting TicketMaster's app, are analyzed. The conclusion stresses the drawbacks of excluding people from events through tech barriers.

  2. 2
    Article
    Avatar of freecodecampfreeCodeCamp·1y

    How to Reverse Engineer a Website – a Guide for Developers

    Learn how to reverse engineer a website and understand its API functionalities. This guide covers the basics of what APIs are, how they work, and how to analyze a website's API to use it within your own projects. Practical steps include using tools like Chrome Developer Tools and Postman to investigate network requests, authenticate API calls, and extract useful data, all while noting the importance of considering legal and ethical implications.

  3. 3
    Article
    Avatar of hnHacker News·2y

    Introduction · Reverse Engineering

    Reverse engineering involves deconstructing an artificial object to uncover its design, code, or architecture. This set of tutorials aims to simplify the learning process for beginners and those needing a refresher on x86, x64, 32-bit ARM, and 64-bit architectures. Suitable for cybersecurity enthusiasts, the tutorials are available in PDF and MOBI formats and are updated regularly.

  4. 4
    Video
    Avatar of davidbombalDavid Bombal·2y

    Reverse Engineering 101 tutorial with the amazing Stephen Sims!

  5. 5
    Article
    Avatar of communityCommunity Picks·2y

    Javascript Deobfuscation

    Learn about code deobfuscation, its reasons for usage, advantages, and disadvantages.

  6. 6
    Article
    Avatar of communityCommunity Picks·2y

    Evading JavaScript Anti-Debugging Techniques

    Debuggers are essential tools for developers and reverse-engineers, but companies often implement anti-debugging techniques to protect their code. Traditional methods to bypass these, such as disabling breakpoints or using scripts like Anti Anti-debugger, may not always work against well-protected scripts like those by JScrambler. A creative solution involves renaming the 'debugger' keyword in the browser's codebase to evade anti-debugging mechanisms. The author demonstrates this approach using a custom version of Firefox to circumvent anti-bot scripts.

  7. 7
    Article
    Avatar of hnHacker News·2y

    Reverse-Engineering an IP camera - Part 1

    The author discusses their experience with modern IP cameras, highlighting changes in technology and concerns with P2P (Peer-to-Peer) cameras' reliance on external servers for functionality. They explore reverse-engineering a generic camera model, identify that it runs a Linux-based OS, and analyze network traffic to understand its data handling and security implications. Part 1 concludes with a focus on accessing the camera's operating system and understanding its protocols.

  8. 8
    Article
    Avatar of hnHacker News·1y

    Integuru-AI/Integuru: An AI agent that builds third-party integrations through reverse engineering platforms' internal APIs.

    Integuru-AI has developed an AI agent called Integuru that generates integration code by reverse-engineering platforms' internal APIs. By providing network request files, cookies, and a prompt, the agent produces runnable Python code to interact with the platform's endpoints. The process involves generating a dependency graph and traversing it to create functions. The tool supports customizable input variables and is set up via Python's Poetry. Contributions and custom integration requests are welcomed.

  9. 9
    Article
    Avatar of securityboulevardSecurity Boulevard·2y

    Reverse Engineering Electron Apps to Discover APIs

    Learn how to reverse engineer Electron apps to discover their APIs and extract valuable information.

  10. 10
    Article
    Avatar of hnHacker News·2y

    gorisanson/pikachu-volleyball: Pikachu Volleyball implemented into JavaScript by reverse engineering the original game

    Pikachu Volleyball, an old Windows game, has been implemented into JavaScript through reverse engineering. The game can be played on a website, and the repository provides instructions on how to clone, install dependencies, bundle the code, and run a local web server. The physics engine and AI of the original game have been reverse engineered. The main tools used for reverse engineering include Ghidra, Cheat Engine, OllyDbg, and Resource Hacker. In the JavaScript version, there is no time limit for the AI vs AI match.

  11. 11
    Video
    Avatar of ericparkerEric Parker·2y

    Reverse Engineer malware QUICKLY with a Sandbox

    Learn how to quickly reverse engineer malware using a sandbox environment. The tutorial covers various tools and settings, including mitm proxy and fake net, to analyze malware behavior, even when it tries to evade detection. Key features of using a sandbox such as detecting ransomware and capturing network activities are emphasized, providing practical insights into malware analysis.

  12. 12
    Article
    Avatar of communityCommunity Picks·1y

    0x00 - Introduction to Windows Kernel Exploitation

    The guide introduces Windows Kernel Exploitation, focusing on Windows 7 (x86), Windows 10 (x64), and leading up to Windows 11 (x64). Required tools include virtualization software, WinDbg, HEVD, OSRLOADER, Python, Ghidra, and Sickle. It outlines resources for learning exploit development and offers step-by-step instructions for setting up kernel debugging and working with device drivers. The post also covers a practical example of exploiting stack overflow vulnerability in Windows 7 using HEVD, explaining the process, necessary configurations, and how to develop and test kernel shellcode.

  13. 13
    Article
    Avatar of hnHacker News·2y

    Reverse Engineering the Verification QR Code on my Diploma

    On finishing his exams, the author received a PDF containing a QR code for verification via the CycladesVérif app. Intrigued by the potential for reverse engineering, the author disassembled the app to explore how the QR code's data is encrypted and decrypted using RSA. Despite challenges and inherent flaws in the RSA key usage by the app, the author determined that breaking the security is impractical due to computational limitations.

  14. 14
    Article
    Avatar of cpresearchCheck Point Research·1y

    Inside Akira Ransomware’s Rust Experiment

    Akira ransomware has evolved with a new variant called 'Akira v2' written in Rust, which targets ESXi servers. Rust's executables are challenging to reverse-engineer due to deep in-lining and optimization, complicating analysis. Akira's control flow involves multi-threading and sophisticated file encryption using SOSEMANUK and curve25519 ciphers. This publication details the analysis and disassembly of Akira's control flow and code structure.

  15. 15
    Article
    Avatar of hnHacker News·1y

    Reverse Engineering: Finding Exploits in Video Games

    This guide explains the process of finding exploits in the video game *Sword of Convallaria*. It covers extracting game data, converting Lua bytecode to readable scripts, understanding the network protocol, and automating updates. The post is aimed at enhancing skills in reverse engineering and security game testing, providing practical steps and code examples.

  16. 16
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·2y

    CTF- Beginner Guide

    This post provides a beginner's guide to CTF (Capture the Flag) and covers topics such as the goal of CTF challenges, common types of CTFs, and platforms to start CTF.

  17. 17
    Article
    Avatar of hnHacker News·2y

    seekbytes/IPA: GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships, and extract key information for threat analysis.

    Interactive PDF Analysis (IPA) is a tool designed for in-depth examination of PDF files, particularly to detect malicious payloads and understand object relationships within the files. Inspired by tools from Zynamics and Didier Stevens, IPA offers a graphical interface for easier comprehension of PDF contents, including metadata extraction, structure analysis, and data stream extraction. The tool, built with Rust and compatible with pdf-rs, can be compiled locally without external dependencies. Current limitations include lack of support for encrypted PDFs and certain object types.

See all Reverse Engineering archives