-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnotes.txt
58 lines (40 loc) · 2.57 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Before the course:n
1) Make sure to request a new trial of IDA
2) Print handouts
3) Review with co-instructor(s): plan below, and the assembly crash course plan
Plan during course:
0) Offer handouts (x86 cheat sheet + IDA cheat sheet), ask to sign in, point to URL and ask them to set up IDA + download crackmes
1p) Introduce instructors. "Reverse engineering is awesome"
2) Assembly crash course
3) Open crackme0. Run it. Explain our goal to make it let us in. Talk about figuring out what it does. Show patching it to let us in.
4) Declare a time when they'll be interrupted for Project Ironfist demo + a video
5) Explain what Bomb Lab is, and how it inspired crackme1. Let them loose to begin figuring out crackme1.
6) Instructors walk around and help students
7) Midway through, interrupt, show Hackers video, demo Project Ironfist and how the modding works
8) Resume 5/6
People who finish early: Can offer WinMine as a more interesting program to reverse, or crackmes.cf
How to teach assembly crash course:
Give examples of everything. Use IDA debugger; show changing registers/memory as you run each line
1) Registers (mov, add, sub, ...)
2) Memory dereferences
3) Stack (push, call, ret, ebp, esp. Don't forget to discuss eax)
4) Control flow (flags [show changing after each instruction], cmp/test, jg/jge/jmp)
This is a good place to split up work among instructors.
Notes on crackmes:
* The Windows version of crackme0 has debug symbols in a separate file, which we don't distribute. Not having debug symbols is a blessing in disguise; gives a chance to show off searching for strings and using cross-references.
* The 64-bit Mac version is there because Catalina does not run 32-bit executables. They should still RE the 32-bit one, but can run the 64-bit.
Resources:
Four most commonly used passwords:
* Cool mention: https://www.youtube.com/watch?v=RiMt9_01SkY (starts 10 seconds in)
* Other mention: https://www.youtube.com/watch?v=0Jx8Eay5fWQ
http://tinyurl.com/sipb-re-course
Notes to self:
*) The x86 cheat sheet source is in Google docs
Todos:
*) Add movsx and movzx to the cheat sheet
*) Add pseudocode for ops to x86 cheat sheet
*) Make slides with a single image for Apptimize (espionage) and IBM PC (compatibility) stories
*) Add a place just to talk about the understanding that comes with RE (+ ability to cut through layers of abstraction and debug the hardest bugs)
*) Find good Mac/Linux crackmes for anyone who finishes early
*) Some versions of round 1 in crackme1 are easier than others; investigate.
*) Have a better answer for people who ask about setting up debugger on Mac/Linux.