Reverse
Operations
In this article I’m describing all assembly operations that I’ve encountered myseld and also wasn’t lazy anough to put down an explanation about here. However, I won’t be paying much attention to some operation that I consider straightforward, like ADD. I’m going to put a flag for each operation indicating corresponding arch: arm or x86 (just learning ARM myself for iOS analysis).
Most of instruction have the following anatomy: instruction <destination operand>, <source operand>. Some operations look like this: instruction <source operand> when <destination operand> is always the same register (default). An example: MUL. When MULing, you always multiply eax on some value.
Registers
EAX
EIP
EBP
RSI/ESI
Source Index.
RSI - 64 bit, ESI - 32.
RDI/EDI
Destination Index.
RDI - 64 bit, EDI - 32.
For ARM Registers here - https://azeria-labs.com/arm-data-types-and-registers-part-2/
From Src to Binary
To read
https://www.airs.com/blog/archives/38
Assembly Cheatsheet
Lorem markdownum aequalis strigis. Saetigeri iubeas, vultu huic alvum nondum de obside ut laniavit arbor palmis, cum quin. Rupes vetat videndo, armigerae crimen habet Priamum nec.
ARM Assembly
In this article I’m giving a quick dive-in into assembly. It’s very simple and very difficult at the same time. It takes time and patience to get friendly with it. And once you do, there will be ARM emerging, which scares the hell out of you again. But it takes less time, once you’re familiar with its “big brother”.
Analogy
Sometimes when I look at assembly code I remember back in the ‘olden days’ when I worked as office manager. I didn’t love my job and used to describe it to a small circle of close friends as “moving papers from one place to another”. Of course, there was much more to it than just that, but it felt that way. When I left this job and found the one as a C# programmer, I thought, I’ll never be doing that again. Surprisingly, I was right… When I left my job as a C# programmer, I thought I’d never have anything to do with HTML again. Here, I was wrong….
Assembly Intro
In this article I’m giving a quick dive-in into assembly. It’s very simple and very difficult at the same time. It takes time and patience to get friendly with it. And once you do, there will be ARM emerging, which scares the hell out of you again. But it takes less time, once you’re familiar with its “big brother”.
Analogy
Sometimes when I look at assembly code I remember back in the ‘olden days’ when I worked as office manager. I didn’t love my job and used to describe it to a small circle of close friends as “moving papers from one place to another”. Of course, there was much more to it than just that, but it felt that way. When I left this job and found the one as a C# programmer, I thought, I’ll never be doing that again. Surprisingly, I was right… When I left my job as a C# programmer, I thought I’d never have anything to do with HTML again. Here, I was wrong….
How I Met Radare2
📆 24/09/2020, Wednesday
🕰 7:00 What a nice morning! And it’s so great to be woken up by a high-pitched cry in the ear… Well, after giving my daughter her breakfast and doing all the neccessary hygine procedures for us both, I left her by my side on the development carpet, so that I could develop myself…
🛠 Environment and Tools: macOS Catalina 10.15.6 (19G2021) + pyenv 1.2.20 + Python 3.8.5 + Visual Code Version: 1.49.1, VBox Version 6.1.12 r139181 (Qt5.6.3) + Kali Linux + radare2 4.6.0-git 25077 @ linux-x86-64 git.4.4.0-749-g2a0d8fbe5
💱 Symbolic and Concrete Execution
References
Expand…
[1] Mobile Sec Guide
[2] Symbolic execution on iOS with R2Frida & ESILSolve
[3] Symbolic execution on iOS)] Concrete execution on iOS with Angr.
[4)] Symbolic execution on Android with Angr. [5] A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security, by Tobias Klein.
How I Met Predator
Wednesday
*Ничего так, тепло.*
Где-то в тёмном-тёмном лесу, среди высоких старых деревьев, притаившись в кустах выжидают свою жертву хищники. И даже несмотря на то, что они могут быть не такими страшными, как товарищ из фильма, тем не менее могут принести немало проблем. Мало кто воспринимает интернет как “страшный и таинственный лес”, но тем не менее в какой-то степени так и есть. И хищники там тоже есть, и поверьте мне, они не такие милые как пушистое создание на картинке.
Undesirable Mail
Thursday, Warm and cloudy.
“Open me! I am a payment order! I am important, I swear!”, - some RTF-file was yelling. I wasn’t expecting any bills so this slyboots did not maim my poor little laptop. Phew ! Lucky me! But since this was a social engineering attack (not very crafty but still), someone less concerned with his or her safety could have opened it and cause him- or herself a lot of trouble. What I am trying to say (very inarticulately ) is that simply opening a small RTF document could result in absolute disaster for your machine! In this post I am telling the story how exactly does it happen…