Moving forward

I have decided to work on learning maths and learning reverse engineering.
So right now I am watching MIT OCW courses ( MIT_18.01, MIT_18.02 and MIT_18.06) for improving my mathematics knowledge. (all this to attain my final goal of completing a much promised project with requires linear algebra as it deals with computer vision.(hand signs 😀 )).

Along with this I am also working on improving my RE Skills so I will be reading through following books in no particular order

  • Game Hacking: Developing Autonomous Bots for Online Games
  • (Addison-Wesley Microsoft Technology Series) Johnson M. Hart-Windows System Programming-Addison-Wesley Professional (2010)
  • (Software Security Series) Christian Collberg, Jasvir Nagra-Surreptitious Software_ Obfuscation, Watermarking, and Tamperproofing for Software Protection-Addison-Wesley Professional (2009)
  • (The Addison-Wesley Microsoft technology series) Mario Hewardt, Daniel Pravat-Advanced Windows Debugging-Addison-Wesley (2008)
  • (The Morgan Kaufmann Series in Software Engineering and Programming) John R. Levine-Linkers & Loaders-Morgan Kaufmann (1999)
  • Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman-Compilers – Principles, Techniques, and Tools-Pearson_Addison Wesley (2006)
  • The.IDA.Pro.Book.2nd.Edition
  • Bruce Dang, Alexandre Gazet, Elias Bachaalany-Practical Reverse Engineering x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation-Wiley (2014)
  • Jeffrey M. Richter, Christophe Nasarre-Windows via C C++ (Pro – Developer)-Microsoft Press (2007)
  • Peter van der Linden -C++ Expert C Programming – Deep C Secrets. -Prentice Hall (1994)
  • Ritchie-Kernighan-The_C_Programming_Language_2_ed
  • Steven S. Muchnick-Advanced Compiler Design and Implementation. 1-Morgan Kaufmann (1997)
  • Tarik Soulami-Inside Windows debugging _ a practical guide to debugging and tracing strategies in Windows-MS Press (2012)
  • harbison-s-p-steele-g-l-c-a-reference-manual-5th-ed

Just including the list of books for my own reference in case I forget 🙂 later.

Advertisements

ARM VM on Windows

So here I was watching video lectures on Open Security Training , I stumbled across the Intro to ARM course.
for all you windows users who want to setup ARM VM using qemu on Windows, follow these instructions as the one mentioned on Authors Blog didn’t work out for me.

Step 1:
Download qemu from

http://qemu.weilnetz.de/

either w32 or w64 and install it.

Add the directory to your PATH variable, which in my case was

H:\Program Files (x86)\qemu

Step 2:
Get image:

wget http://releases.linaro.org/images/12.03/oneiric/nano/vexpress-a9-nano.img.gz
gunzip vexpress-a9-nano.img.gz

You can either download the attached vmlinuz , initrd.img

https://www.dropbox.com/s/u7l4nc09lyb0uqz/initrd.img?dl=0
https://www.dropbox.com/s/ftdqyu74uwfut5s/vmlinuz?dl=0

OR
extract them yourselves from the vexpress.img

Get image:
wget http://releases.linaro.org/images/12.03/oneiric/nano/vexpress-a9-nano.img.gz
gunzip vexpress-a9-nano.img.gz

Extract kernel and initrd:

(IMG=vexpress.img ; if [ -e “$IMG” ] ; then sudo mount -o loop,offset=”$(file “$IMG” | awk ‘BEGIN { RS=”;”; } /partition 2/ { print $7*512; }’)” -t auto “$IMG” /mnt/mnt; else echo “$IMG not found”; fi )

sudo cp -vr /mnt/mnt/boot .
sudo chown -R youruser:youruser boot
sudo umount /mnt/mnt

You end up with a number of images in .boot:

abi-3.3.0-1800-linaro-lt-vexpress-a9
config-3.3.0-1800-linaro-lt-vexpress-a9
initrd.img-3.3.0-1800-linaro-lt-vexpress-a9
System.map-3.3.0-1800-linaro-lt-vexpress-a9
vmlinuz-3.3.0-1800-linaro-lt-vexpress-a9

Copy the original vexpress image, vmlinuz.* and initrd.* somewhere where you want to keep your VM.

It will end up looking something like this
xne

Step 3:
open command windows inside the directory where you extracted vexpress.img , vmlinuz , initrd.img and run following command

qemu-system-arm -M vexpress-a9 -cpu cortex-a9 -kernel ./vmlinuz -initrd ./initrd.img -redir tcp:5022::22 -m 1024 -append “root=/dev/mmcblk0p2 vga=normal mem=512M devtmpfs.mount=0 rw” -drive file=vexpress.img,if=sd,cache=writeback

you can create a batch file if you don’t want to do it everytime you want to run a VM.

https://www.dropbox.com/s/atleeoke4zzajer/launchemu.bat?dl=0

Tools of Trade

Following will be the tools I will be using during my Game Hacking Endeavours.Choice of tools depends on your personal preference, cash in hand, Experience , liking and many other factors.

IDA Pro : A great disassembler with many powerful features, multi platform , fast and easy to use 😉

IDA is the Interactive DisAssembler: the world’s smartest and most feature-full disassembler, which many software security specialists are familiar with. Written entirely in C++, IDA runs on the three major operating systems: Microsoft Windows, Mac OS X, and Linux.

IDA is also the solid foundation on which our second product, the Hex-Rays decompiler, is built.

The unique Hex-Rays decompiler delivers on the promise of high level representation of binary executables. It can handle real world code. It is real.

 

Buy IDA  : https://www.hex-rays.com/index.shtml

OllyDebug : Olly debug is a debugger and one of the most powerful out there. It can be obtained for free from here http://www.ollydbg.de/ you can get a fully function Olly with all necessary plugins from here http://www.thelegendofrandom.com/files/tools/R4ndoms_OllyDBG.zip

last but not the least

WireShark : Wireshark is best network sniffing and packet capture tool available out there. which can be obtained from here http://www.wireshark.org/

and here we go again…

Now I am pretty bored so I had to find something fun to do until I get some PS4 flash dump , Network Traffic dump to analyse, no one near to me has a PS4 yet so I guess I have to wait , I could have bought my self a PS4 but I has no monies, thinking of getting a part time job though, that would make my life less miserable.

So what’s new ? well Game hacks they are pretty fun especially one of my friend “Convery” always tells me to start working on making hacks, I guess now I should start with that. Upcoming blog entries will record my deep divings into Game Hacking, Reverse Engg.

All thanks to Convery I am into this 🙂

Next post will be about tools of the trade involved in game hacking scenes.