As someone who is not very knowledgeable about the field, I find reverse engineering fascinating. One thing I've been curious about is the economics of the security industry and the role reverse engineering plays in it.
To my novice eyes it seems that reverse engineering is more of an academic exercise and I don't see any direct ways to commercialize that skillset. How do you make a living doing this? Are you essentially paid a stipend to conduct fundamental research (finding zero days) that is inherently risky (no exploits = no return on investment)?
I see the reverse engineering skillset as not essentially different from low level systems programming, and as such it's very valuable even outside of "pure" security research.
I work as a Python programmer building scientific apps (so not security-related or systems programming at all), but at work every so often we're confronted with legacy code in binary form, or particularly nasty segfaults, etc. The thing with abstractions is that every so often the lower levels bleed through. At times like these, if you know your way around gdb, the ELF format, linking conventions, and can reason in assembly, you'll find yourself highly sought-after.
It gets even more fun when things work nicely on Linux and go haywire on Windows. Often there are no docs on Windows, so you need something who is ready to crack their knuckles, fire up IDA pro, and descend into the 7 circles of hell.
Vulnerability research & exploit dev. To break a system you must first know how it works.
There are also things like anti-cheat which requires reversing the cheats that are used and reversing the os to figure out methods you can use for detection.
Somewhat related to that, there's antimalware which is based upon the same principles.
Competitive analysis, reversing someone else's product so you can determine how they do stuff compares to how you do stuff. Some companies will even analyze a competitors product and then reimplement parts of it, you just have to be careful with copyrights and patents.
Fixing compatibility issues is also a thing. For example, GOG hires reverse engineers to get old games running on modern versions of windows.
Reverse engineers are also sometimes hired to make two pieces of software interoperate. Take for example, an oscilloscope that saves traces in a proprietary format, and a data visualization tool that uses a different proprietary format. A reverse engineer could reverse the details of the two formats and make a tool that converts in-between.
There are plenty of money to be made, just not in the way you typically do with other kinds of software. For example, a company named Bossland reversed many popular games and made bots for those. Their most recent effort was Pokémon Go. Nobody has reversed the newest versions of Pokémon Go and I believed you can make millions off it if you play your cards right.
Some companies have security departments that analyze malware that targets their employees or the users of their services. Penetration testers might also use reverse engineering because people who hired them don't have the source code of some relevant thing, or because they want to see what an attacker who didn't have it could do, or because for some kinds of attacks looking at the actual binary might be more informative than looking at source code.
There are also antivirus developers who reverse engineer malware that doesn't necessarily target a particular class or group of users.
I've also met a reverse engineer who works with cases where proprietary software publishers have lost their old source code (this is really a thing!).
Reverse engineering can be as simple as, hey this code is supposed to be fast but it's slow, and I wonder what the compiler is doing to my code. So you compile the code, reverse engineer it and see what the compiler is emitting. That way you can steer the compiler into the right path. This is very useful for micro optimizations.
I'd definitely recommend trying the flare-on RE challenges - they do a new compo every year, and the previous compos, with helpful hints / solutions, are available.
Can anyone recommend a guide for network security CTFs, ideally including how they are typically set up and common tools? It would be great to know what is typically allowed to be done in such contests and what is explicitly against the rules.
It's about obtaining some hidden information (the "flag") in a computer security context, where you're either trying to penetrate a hardened (computer) target, or reverse-engineer an obfuscated binary.
It's a constructed exercise, as opposed to a "live" situation.
"CTFs are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a 'flag' which is usually found as a string of text." https://ctfs.github.io/resources/
this is now an hn trope (complaining about some jargon in the title). newsflash the meaning of the title isn't "Linux reverse engineering for beginning humans that don't know anything about the universe, language, or electricity" because then you'd need to define Linux and engineering as well. the meaning of the title is always "____ thing for people that know a little about ____ thing but not everything". i think it's a very reasonable assumption on the part of the author that the only people he/she is accountable to for the intelligibility of such a title is someone who searches out the article, since after all this isn't about regattas nor is it assigned reading in some kind of primary education course. this kind of bad faith reading of these articles is beyond worthless (and certainly doesn't merit a comment). what I can't for the life of me understand is why hn is like the epicenter of this kind of pseudo-critical engagement with media - neither Reddit not Facebook has these kinds of comments nearly as often (nor the closely related "... didn't read after ___" where ___ is a word in the first sentence). my hypothesis is that it has something to do "intelligence signaling" because people wrongly believe that being critical is an indicator of intelligence.
[+] [-] codesuki|7 years ago|reply
The last thing that glued me to my seat like this was maybe 10 years ago. Good to have had that feeling again. Hope they make a 2019 version! :)
[+] [-] stuxnet79|7 years ago|reply
To my novice eyes it seems that reverse engineering is more of an academic exercise and I don't see any direct ways to commercialize that skillset. How do you make a living doing this? Are you essentially paid a stipend to conduct fundamental research (finding zero days) that is inherently risky (no exploits = no return on investment)?
[+] [-] jvkersch|7 years ago|reply
I work as a Python programmer building scientific apps (so not security-related or systems programming at all), but at work every so often we're confronted with legacy code in binary form, or particularly nasty segfaults, etc. The thing with abstractions is that every so often the lower levels bleed through. At times like these, if you know your way around gdb, the ELF format, linking conventions, and can reason in assembly, you'll find yourself highly sought-after.
It gets even more fun when things work nicely on Linux and go haywire on Windows. Often there are no docs on Windows, so you need something who is ready to crack their knuckles, fire up IDA pro, and descend into the 7 circles of hell.
[+] [-] Avery3R|7 years ago|reply
There are also things like anti-cheat which requires reversing the cheats that are used and reversing the os to figure out methods you can use for detection.
Somewhat related to that, there's antimalware which is based upon the same principles.
Competitive analysis, reversing someone else's product so you can determine how they do stuff compares to how you do stuff. Some companies will even analyze a competitors product and then reimplement parts of it, you just have to be careful with copyrights and patents.
Fixing compatibility issues is also a thing. For example, GOG hires reverse engineers to get old games running on modern versions of windows.
Reverse engineers are also sometimes hired to make two pieces of software interoperate. Take for example, an oscilloscope that saves traces in a proprietary format, and a data visualization tool that uses a different proprietary format. A reverse engineer could reverse the details of the two formats and make a tool that converts in-between.
[+] [-] throwawayre|7 years ago|reply
[+] [-] schoen|7 years ago|reply
There are also antivirus developers who reverse engineer malware that doesn't necessarily target a particular class or group of users.
I've also met a reverse engineer who works with cases where proprietary software publishers have lost their old source code (this is really a thing!).
[+] [-] kccqzy|7 years ago|reply
[+] [-] saagarjha|7 years ago|reply
One way to see this without running the program is look for where $ebp-0x24 is set:
[+] [-] archgoon|7 years ago|reply
https://rada.re/r/
It's a free and open source set of tools specifically for reverse engineering.
There are some commercial options as well such as HexRays IDA Pro (probably the defacto standard tool) and binary ninja.
[+] [-] mattbreeden|7 years ago|reply
[+] [-] killyp|7 years ago|reply
[+] [-] brunoqc|7 years ago|reply
[+] [-] leibnitz27|7 years ago|reply
http://www.flare-on.com/
[+] [-] alasdair_|7 years ago|reply
[+] [-] gricardo99|7 years ago|reply
I don't see that defined anywhere in the article.
From some googling, I guess it's a "Capture the Flag" challenge? It's worth stepping back and explaining that general concept.
[+] [-] AceJohnny2|7 years ago|reply
It's a constructed exercise, as opposed to a "live" situation.
[+] [-] adanhawth|7 years ago|reply
[+] [-] victore|7 years ago|reply
https://www.freebsd.org/cgi/man.cgi?query=ctf&sektion=5&manp...
[+] [-] saagarjha|7 years ago|reply
Yes, the goal of these is to obtain a flag.
[+] [-] herpderperator|7 years ago|reply
[+] [-] mlevental|7 years ago|reply
[+] [-] supermw|7 years ago|reply