- Two very small reverse engineering tools: a python disassembling engine and an iterative reverse engineering framework
- Gerardo Richarte
- ReCon 2008. In Montreal, Canada.
- Date published
- Reverse engineering
A couple of years ago in ReCon 2006 Pedram Amini presented PAIMEI. This awesome framework depends on IDA to disassemble binaries and get functions and basic block information. The first tool we present is an incomplete replacement of IDA (in this context) with an extra tweak on how jump-in-the-middle-of-instruction obfuscation is handled.
The second tool may be useful when reversing from binary back to C code. The idea is very simple: The reverser reads assembly and writes C, one function at a time, this new reversed C code can be compiled as a fragment and relinked into the original application. The result is a hybrid application, part original part new. This new application can be debugged, in assembly for the original part, and in C for the new reversed part. The main idea is to have, all the time, a working version of the application which is iteratively reverse engineered into C, while the reverser doesn't have to wait until the end to test the result.
WARNING: The simplicity of the implementation will probably disappoint you.