top | item 23056780

(no title)

f0rfun | 5 years ago

Livelihood aside, how the heck do you go from being a dev to becoming proficient in reverse engineering? Are these stuff all self-taught through years of tinkering/interest before it becomes a profession?

I can already imagine the amount of technical barrier and knowledge gap one needs to fill even before getting started..

Holy shiet. It's impressive.

discuss

nickmooney|5 years ago

I do a bit of reverse engineering both professionally and for fun, and the two bits of “proper” education that have helped the most were my Hardware/Software Interface and Intro to Operating Systems classes in undergrad.

Learning how this stuff works in the forward direction makes spotting patterns a whole lot easier. It’s a lot easier to start RE when you’re already familiar with stuff like calling conventions or memory layout (for example).

From there, there isn’t a ton of formal education as far as I’ve seen. I am really fond of Smash the Stack’s IO wargame if you’re interested in CTF-style challenges. I also spent a good bit of time compiling my own small programs and then using them to learn the tools. When you’re starting off, RE is a lot easier when you know what you’re looking for.

ganstyles|5 years ago

I worked with some insanely smart individuals good at RE, and they describe it as a slog where you don't know how much, if any, progress one is making on REing something until you have a breakthrough. And then you don't know how much longer until the nest breakthrough. Ad infinitum. OTOH I know web app vulnerability researchers and they describe their job as going through the OWASP Top 10 and trying to find vulnerabilities. Sounds like the latter requires significantly fewer hard skills and you get more frequent intellectual reward.

hnick|5 years ago

If you want a better look at the basics I've found LiveOverflow on YouTube to be entertaining and fairly accessible for myself.

Fundamentally though, you will probably need to build up some low level knowledge of whatever you are targeting (whether it's an app platform, TCP packets, C/ASM code, etc).

If you have a web background there are lots of sites that have fun challenges you can start with. You could try Google's XSS game: https://xss-game.appspot.com/

It's a field that really interests me since I always liked puzzles and games and am happiest at work debugging tricky issues - but I'm not sure how easy it would be to break in as a 'junior' at age 35+.

dkdk8283|5 years ago

You just start. Pick a layer and analyze. Run it through a debugger, analyze the network, etc.

Time in front of the screen is all you need. All code translates to an execution layer.

It helps if you have a few years of dev under your belt. Bonus for low level languages like C or assembly.

kaens|5 years ago

> how the heck do you go from being a dev to becoming proficient in reverse engineering?

have to do a lot of multi-system level debugging, and/or low-level debugging and optimization

unknown|5 years ago

[deleted]