alt Hacker NewsTaking the opportunity to ask: are there nice recommended resources for a beginner to start with reverse engineering (ideally using Ghidra)? Let's say for an experienced developer, but not so experienced in reverse engineering?
I guess one issue I have is that I don't have good ideas of fun projects, and that's probably something I need to actually get the motivation to learn. I can find a "hello world", that's easy, but it won't help me get an idea of what I could reverse engineer in my life.
For instance I have a smartspeaker that I would like to hack (being able to run my own software on it, for fun), but I don't know if it is a good candidate for reverse engineering... I guess I would first need to find a security flaw in order to access the OS? Or flash my own OS (hoping that it's a Linux running there), but then I would probably want to extract binary blobs that work with the buttons and the actual speaker?
Replies
I started reverse engineering at 13 with an IDA Pro of questionable provenance - at that time, I found it quite difficult.
One thing which really helped me (and I wholeheartedly recommend) is to write simple programs, run them through the compiler and then in the disassembler. It really helps build a correspondence between program structure and its object code.
Eventually, you can make it even more fun and challenging by stripping debug symbols and turning on compiler optimisations.
Happy reversing!
The Nightmare Course [1], so named because someone with that skillset (developing zero-days) is a nightmare for security, not because the course itself is a nightmare, and Roppers Academy [2] are both good for learning how to reverse engineer software and look for vulnerabilities.
The nightmare course explicitly talks about how to use Ghidra.
1: https://guyinatuxedo.github.io 2: https://www.roppers.org
Somewhat unconventional (and i'm not really a seasoned reverse engineer so take it with some salt) but I started by hacking old video games (nes, gameboy, arcade.. that kind of thing). You could start with making basic action replay RAM cheats to e.g. give Mario infinite lives, then you can use breakpoints, the debugger, and a 6502 ISA reference to edit instructions and make ROM patches.
from then you can use things like Ghidra (which supports a lot of those old CPU arches) for more advanced analysis and make the game do almost whatever the hell you want if you have the patience.
I think a lot of the skills will transfer quite well (obviously not 1:1, you will need to learn some things) to the more employable side of RE if that's what you're interested in
If you are into the book, I would recommend The Ghidra Book from No Starch publisher https://nostarch.com/ghidra-book-2e.
The book is designed for beginner and advance users.
So a couple things. Bruce Dang’s book, while a little old, is still a great spot to get started. Another great book is Blue Fox by Maria Markstedter for ARM. From there, finding small binaries and just trying to get the “flow” is a good next step, for me this is largely renaming functions and variables and essentially trying to work the decompiled code into something readable, then you can find flaws.
So for the second thing, pulling the data off chips like that typically involves some specialized hardware, and you have to potentially deal with a bunch of cryptographic safeguards to read from the chip’s memory. Not impossible though, and there are not always good safeguards, but might be worth checking out some simpler programs and working up to it, or learning some basic hardware hacking to get an idea of how that process works.
Find an old piece of software you care about that is broken somehow, and abandoned. Most of my friends use these types of tools to reverse engineer abandoned MMOs and remake servers for them.
https://pwn.college has really good modules/dojos that cover a bunch of reverse engineering concepts.
I personally learn best by doing which is why I love learning with LLMs. They're going to be wrong a lot, and give bad advice, and do things in silly ways. I learn well from the process of working with them, seeing them fail constantly, then learn the tool yourself by researching what it's doing wrong to fix it. I just attempted to use Ghidra to reverse engineer the game Shenmue from Dreamcast. I was previously unfamiliar with Ghidra and I mostly did it as a learning exercise, but it wasn't really the right tool for the job. However the project itself made lots of progress without it:
You can start here to learn reverse engineering.
> Taking the opportunity to ask: are there nice recommended resources for a beginner to start with reverse engineering (ideally using Ghidra)? Let's say for an experienced developer, but not so experienced in reverse engineering?
The good news is that there has never been MORE resources out there. If you want to use this learning expedition as an excuse to also build up a small electronics lab then $100 on ali express to buy whatever looks cheap and interesting and then tear it apart and start poking around to find where the firmware lives. Pull the firmware, examine it, modify it and put it back :)
This guy has a discord server with a specific "book club" section where they all choose a cheap $thing and reverse engineer it: https://www.youtube.com/@mattbrwn/about
I can't help much with "traditional" app/software RE work, sorry.