Title
Two very small reverse engineering tools: a python disassembling engine and an iterative reverse engineering framework
Authors
Gerardo Richarte
In
ReCon 2008. In Montreal, Canada.
Date published
2008-06-15
Keywords
Reverse engineering

Abstract

A couple of years ago in ReCon 2006 Pedram Amini presented PAIMEI. This awesome framework depends on IDA to disassemble binaries and get functions and basic block information. The first tool we present is an incomplete replacement of IDA (in this context) with an extra tweak on how jump-in-the-middle-of-instruction obfuscation is handled.

The second tool may be useful when reversing from binary back to C code. The idea is very simple: The reverser reads assembly and writes C, one function at a time, this new reversed C code can be compiled as a fragment and relinked into the original application. The result is a hybrid application, part original part new. This new application can be debugged, in assembly for the original part, and in C for the new reversed part. The main idea is to have, all the time, a working version of the application which is iteratively reverse engineered into C, while the reverser doesn't have to wait until the end to test the result.

WARNING: The simplicity of the implementation will probably disappoint you.