Reverse engineering is the process of understanding a system from its final form. Whether a programmer made a mistake that went undetected in the source, the compiler itself introduced unexpected behavior, or the original source code is unavailable, there are countless properties of programs that can only be uncovered through analyzing their final, compiled form. Which in today's software-dependent world, makes reverse engineering crucial to understanding the true behavior of complex systems and serves a fundamental role in a robust cybersecurity ecosystem.

But again, reverse engineering is a process. Merely being able to see what lies underneath is not enough to reason about how a program behaves. The intent of assembly code, in contrast to its possible source, is inexplicit, hard to reason about, and insecure. Compilers need to map a theoretically infinite number of variables to a finite number of registers, and most processors use memory models that do not differentiate among different data structures, arrays, types, and sometimes even code. Simply put, a tremendous amount of information that is vital in understanding a program is irrecoverably lost through the process of compilation. Consequently, the process of identifying and recovering those structures, variables, types, and everything else that gets lost, is the process of reverse engineering.

Over the course of this training, students will learn the methodologies employed by seasoned experts to deduce and recover nearly all aspects of compiled programs. They will become proficient in recognizing common code patterns, structures, types, and algorithms on sight, while also learning how to effectively record their analysis data to achieve a better understanding of their targets.

To account for the many applications of reverse engineering, the curriculum spans a wide array of optional intermediate topics that students can choose from to allow them to focus on precisely what they require to excel in their role. For those focused on finding bugs, we'll leverage modern analysis techniques to locate and verify them faster than ever before. For those explorers of strange new architectures and platforms, we'll build tooling that works agnostically across all systems. For engineers interested in automation, we'll write cutting-edge analysis scripts to reduce or completely eliminate the need for human interaction. And for anyone feeling restricted by their current tools or workflow, we'll get under the hood and completely customize the reversing experience.

Truly, wherever you are, this course covers everything you need to boost your skills to the next level!

Prerequisites

Students must be able to read and write intermediate-level Python scripts. A foundation in reverse engineering, vulnerability research, firmware analysis, or similar is strongly recommended (see our "Which Class Is Right for You?" quiz). Students should be familiar with how the stack works, what the heap is, and some basic vulnerability classes (buffer overflow, stack smashing, etc). Guided exercises reminiscent of low-point reversing CTF challenges are integrated into the course, and students should be able to derive their own solutions.

Key Learning Objectives

• A thorough understanding of program theory and how to approach the program analysis process.
• Accurately identify data structures such as arrays, structures, linked lists, and more.
• Accurately identify common code patterns such as indexing into a buffer, accessing a structure member, and various control flow primitives.
• Improve the accuracy of decompilation through annotating types, functions, and variables.
• Identify and correct common decompiler mistakes.
• Locate and analyze various bug classes such as buffer overflows and use-after-frees.
• Automate reverse engineering tasks such as locating all calls to a function, checking for unbounded parameters, and source to sink analysis.
• Create plugins for Binary Ninja to customize the reverse engineering experience, support new architectures and platforms, automate tasks, and so much more!

Available Topics and Exercises

• Simple crackmes
• How to read Binary Ninja's ILs
• Binary annotation / interaction
• How data is structured in a program
• Identifying structures and how they're used
• Identifying arrays and how they're used
• Recovering classes and inheritance patterns
• Recognizing pointers and their data
• Locating cryptographic constants and functions
• Automatically deducing and apply data structures
• How data is structured in a program
• How data is moved and manipulated by programs
• Migrating from other tools
• Finding data and references
• Source-to-sink analysis
• Binary patching / transforms / unpacking
• Using and automating the debugger
• Scripting queries for binaries
• Single Static Assignment form
• Dataflow analysis
• Interprocedural analysis
• Writing plugins for Binary Ninja
• Writing custom architecture plugins
• Supporting new binary formats
• Customizing analysis with workflows
• Batch processing
• And more!

Hardware Requirements

A laptop that can run Binary Ninja (Ubuntu 20.04/22.04 x64; Windows 10/11 x64; MacOSX 11+ x64, MacOSX 12+ arm64).

(Optional) A VM to run binaries (most binaries are also provided for Linux, Mac, and Windows, though we often focus on just the Linux versions)

Included Course Materials

• A free non-commercial license of Binary Ninja including one year of updates (can convert to a license extension or used as a discount for a commercial upgrade upon request)
• Slides
• Example scripts and binaries
• Exercise templates
• Full answers and working solution scripts at the end of the class!