General

Given file type and tools for reverse:

File type

Tools

EXE, DLL

IDA Free, x32dbg, strings, UPX, PEID

EXE, DLL (.NET)

DnSpy, DE4dot, open-source unpacker

APK, DEX

Android Simulator, JADX, GDA

ELF

IDA Free, GDB-Peda, EDB

Tools for malware analysis:

Malware analysis = https://fareedfauzi.github.io/2022/08/08/Malware-analysis-cheatsheet.html
Maldoc refer = https://fareedfauzi.github.io/2022/08/08/Malware-analysis-cheatsheet.html

Questions example:

Sharppanda malware
.net + de4dot
Maldoc (template injection) with Sandbox
Fileless powershell
ELF
JS malware
EXE
Threat intel involve Censys
Dex file APK

Crackme

#include <stdio.h>
#include <string.h>

int main() {
    char password[20];
    printf("Welcome to the Crack Me challenge!\n");
    printf("Please enter the password: ");
    scanf("%s", password);
    if (strcmp(password, "abc123") == 0) {
        printf("Congratulations! You have successfully cracked the password.\n");
    } else {
        printf("Sorry, the password you entered is incorrect.\n");
    }
    return 0;
}

#include <stdio.h>

int main() {
    int password;

    printf("Welcome to the Crack Me challenge!\n");
    printf("Please enter the password (a 4-digit number): ");
    scanf("%d", &password);

    if (password == 1234) {
        printf("Congratulations! You have successfully cracked the password.\n");
    } else {
        printf("Sorry, the password you entered is incorrect.\n");
    }

    return 0;
}

#include <stdio.h>
#include <string.h>

#define BUFFER_SIZE 50

void encrypt(char* message, int key) {
    int msgLen = strlen(message);
    for (int i = 0; i < msgLen; ++i) {
        message[i] = message[i] ^ key;
    }
}

int main() {
    char password[BUFFER_SIZE];
    printf("Welcome to the Crack Me challenge!\n");
    printf("Please enter the password: ");
    scanf("%49s", password); // Limiting input length to the buffer size - 1
    encrypt(password, 0xF);
    if (strcmp(password, "li{{|t}jyj}|jpi`}|par") == 0) {
        printf("Congratulations! You have successfully cracked the password.\n");
    } else {
        printf("Sorry, the password you entered is incorrect.\n");
    }
    return 0;
}

#include <stdio.h>
#include <string.h>

void reverseString(char* str) {
    int i, j;
    char temp;
    for (i = 0, j = strlen(str) - 1; i < j; i++, j--) {
        temp = str[i];
        str[i] = str[j];
        str[j] = temp;
    }
}

int main() {
    char secret[] = "rofgnikooluoygalfehtsiisthistragnoC";
    char userInput[50];
    printf("Welcome to the Reverse Engineering challenge!\n");
    printf("Please enter a string: ");
    scanf("%49s", userInput); // Limiting input length to the buffer size - 1
    reverseString(userInput);
    if (strcmp(userInput, secret) == 0) {
        printf("Congratulations! You have found the secret string.\n");
    } else {
        printf("Sorry, the string you entered is incorrect.\n");
    }
    return 0;
}

PreviousMemory dump analysis

Last updated 1 year ago