# General

Given file type and tools for reverse:

| File type       | Tools                                |
| --------------- | ------------------------------------ |
| EXE, DLL        | IDA Free, x32dbg, strings, UPX, PEID |
| EXE, DLL (.NET) | DnSpy, DE4dot, open-source unpacker  |
| APK, DEX        | Android Simulator, JADX, GDA         |
| ELF             | IDA Free, GDB-Peda, EDB              |

Tools for malware analysis:

1. Malware analysis = <https://fareedfauzi.github.io/2022/08/08/Malware-analysis-cheatsheet.html>
2. Maldoc refer = <https://fareedfauzi.github.io/2022/08/08/Malware-analysis-cheatsheet.html>

Questions example:

* Sharppanda malware
* .net + de4dot
* Maldoc (template injection) with Sandbox
* Fileless powershell
* ELF
* JS malware
* EXE
* Threat intel involve Censys
* Dex file APK

## Crackme

```
#include <stdio.h>
#include <string.h>

int main() {
    char password[20];
    printf("Welcome to the Crack Me challenge!\n");
    printf("Please enter the password: ");
    scanf("%s", password);
    if (strcmp(password, "abc123") == 0) {
        printf("Congratulations! You have successfully cracked the password.\n");
    } else {
        printf("Sorry, the password you entered is incorrect.\n");
    }
    return 0;
}

```

```
#include <stdio.h>

int main() {
    int password;

    printf("Welcome to the Crack Me challenge!\n");
    printf("Please enter the password (a 4-digit number): ");
    scanf("%d", &password);

    if (password == 1234) {
        printf("Congratulations! You have successfully cracked the password.\n");
    } else {
        printf("Sorry, the password you entered is incorrect.\n");
    }

    return 0;
}

```

```
#include <stdio.h>
#include <string.h>

#define BUFFER_SIZE 50

void encrypt(char* message, int key) {
    int msgLen = strlen(message);
    for (int i = 0; i < msgLen; ++i) {
        message[i] = message[i] ^ key;
    }
}

int main() {
    char password[BUFFER_SIZE];
    printf("Welcome to the Crack Me challenge!\n");
    printf("Please enter the password: ");
    scanf("%49s", password); // Limiting input length to the buffer size - 1
    encrypt(password, 0xF);
    if (strcmp(password, "li{{|t}jyj}|jpi`}|par") == 0) {
        printf("Congratulations! You have successfully cracked the password.\n");
    } else {
        printf("Sorry, the password you entered is incorrect.\n");
    }
    return 0;
}

```

```
#include <stdio.h>
#include <string.h>

void reverseString(char* str) {
    int i, j;
    char temp;
    for (i = 0, j = strlen(str) - 1; i < j; i++, j--) {
        temp = str[i];
        str[i] = str[j];
        str[j] = temp;
    }
}

int main() {
    char secret[] = "rofgnikooluoygalfehtsiisthistragnoC";
    char userInput[50];
    printf("Welcome to the Reverse Engineering challenge!\n");
    printf("Please enter a string: ");
    scanf("%49s", userInput); // Limiting input length to the buffer size - 1
    reverseString(userInput);
    if (strcmp(userInput, secret) == 0) {
        printf("Congratulations! You have found the secret string.\n");
    } else {
        printf("Sorry, the string you entered is incorrect.\n");
    }
    return 0;
}

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://fareedfauzi.gitbook.io/ctf-training/reverse-engineering/general.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.