Reverse engineering: the somewhat arcane art that helps illuminate the inner workings of proprietary systems, obfuscated or otherwise. It's always a big theme at Black Hat conferences, and indeed, this year we have an impressive slate of reverse engineering-related programming. For starters, check out these four key Briefings:
It's often useful to interact directly with Flash memory, and fun when it lets you reverse engineer the embedded device it's connected to. Flash's fragility means you have to be careful, though, making sure your edits don't cause bad blocks with faulty meta information. Reverse Engineering Flash Memory for Fun and Benefit will teach you all about that, as well as how to exploit the journaling systems of embedded devices to reconstruct a history of every operation their flash file system's ever experienced.
Until this year, there was no single, sensibly licensed, disassembly framework that could handle multi-architecture machine code -- a shameful state of affairs. Quynh Nguyen Anh and cohorts decided to step in and fix this, and the result is Capstone. Come to Capstone: Next Generation Disassembly Framework to learn about this new engine's unparalleled features, and why it blows away everything that came before. Want the source? They're releasing it at the show.
A key feature of dynamic binary instrumentation (DBI) systems like DynamoRIO is their ability to be transparent -- undetectable to the malway binaries they're analyzing. Defeating the Transparency Feature of DBI will show how to break the transparency features of popular DBI tools, with code that presents different behaviors running on native hosts vs. DBI and VM, opening up new evasive possibilities.
Finally, what if we could find a way to expose all the similar code hidden in the millions of malware binaries stored in white-hat repositories? This could help speed the reverse engineering of new malwares related to older specimens, but past search approaches were either too broad or too specific. Scalable, Ensemble Approach for Building and Visualizing Deep Code-Sharing Networks Over Millions of Malicious Binaries proposes a fresh solution to this dilemma, with an obfuscation-resilient ensemble similarity analysis approach that addresses polymorphism, packing, and obfuscation by estimating code-sharing in multiple static and dynamic technical domains at once. Early results are impressive.
Bonus! Black Hat also has some great reverse engineering Trainings to check out. Both IDA Basic and IDA Advanced take a deep dive into that popular disassembler. They're on subsequent days, so if want the full crash course, take both. Also, Hands-On Hardware Hacking and Reverse Engineering is exactly what it says on the tin, and a great way to get your hands dirty.
By the way, word to the wise! Register soon, because early-bird rates are only available until June 2. Please visit Black Hat USA 2014's registration page to get started.