Files reverse engineering?

General technological topics without their own forum go here

Files reverse engineering?

Post by fabioboh10 on Wed Jan 15, 2014 7:37 pm
([msg=78962]see Files reverse engineering?[/msg])

Anyone knows how to do it? Or knows something about it? All information about it are usefull for me!
Thanks
fabioboh10
New User
New User
 
Posts: 6
Joined: Sat Mar 24, 2012 8:16 am
Blog: View Blog (0)


Re: Files reverse engineering?

Post by Goatboy on Wed Jan 15, 2014 7:43 pm
([msg=78963]see Re: Files reverse engineering?[/msg])

That is so incredibly vague that I cannot help but wonder if you know what you are asking.

Do you want to reverse malware? Break copyright? Look inside random files? Help us out here.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Files reverse engineering?

Post by fabioboh10 on Wed Jan 15, 2014 9:05 pm
([msg=78965]see Re: Files reverse engineering?[/msg])

Goatboy wrote:That is so incredibly vague that I cannot help but wonder if you know what you are asking.

Do you want to reverse malware? Break copyright? Look inside random files? Help us out here.


Oh, yes, I'm not so specific. Sure, I can say that what I want to do is basically to look into a random file(a .mul file for example), analyze It's binaries and make it have sense. I want to understand a structure of a random file, that I can manipulate and create new files with that structure.

But, if you open, any file, in a hex editor, you just have the binaryes of the file, without any sense. And so, my question is just, how to discovery the structure of this file?

note:When I say structure of a file, I'm caling a structure like that: .bmp structure -> http://msdn.microsoft.com/en-us/library/windows/desktop/dd183391(v=vs.85).aspx

And by the way, sorry for spelling mistakes and any senseless words, because English is not my primary language.
fabioboh10
New User
New User
 
Posts: 6
Joined: Sat Mar 24, 2012 8:16 am
Blog: View Blog (0)


Re: Files reverse engineering?

Post by Goatboy on Wed Jan 15, 2014 11:29 pm
([msg=78967]see Re: Files reverse engineering?[/msg])

Well, there's a difference between binary files you can run and files like bitmaps.

MP3, BMP, JPG, AVI, etc are files that have well-documented structure and you should be able to just google "<file type> structure" and you'll get tons of info.

If you want to learn how to reverse-engineer executables there are plenty of tutorials for that. One I personally like for Windows anyway is Reversing With Lena. It will show up as a virus when your AV detects it, but it's relatively harmless. Just don't actually run any of the binaries, only analyze them with the debugger.

Should get you on the right track. Assembly (those binary codes you mentioned) is sorta hard to get a handle on especially if you don't program, but it's really useful once you do know how.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Files reverse engineering?

Post by fabioboh10 on Thu Jan 16, 2014 8:30 am
([msg=78969]see Re: Files reverse engineering?[/msg])

Good, good... We are progressing.
So, you said that files like .bmp or .mp3 have a documentation to explain the structure of the file. Then, If a file does'nt have a documentation, how can I understand the structure of the file? Have a analyse method that I can do to find how are structured the file?
fabioboh10
New User
New User
 
Posts: 6
Joined: Sat Mar 24, 2012 8:16 am
Blog: View Blog (0)


Re: Files reverse engineering?

Post by centip3de on Fri Jan 17, 2014 12:34 pm
([msg=78976]see Re: Files reverse engineering?[/msg])

fabioboh10 wrote:Good, good... We are progressing.
So, you said that files like .bmp or .mp3 have a documentation to explain the structure of the file. Then, If a file does'nt have a documentation, how can I understand the structure of the file? Have a analyse method that I can do to find how are structured the file?


If there is no file documentation, then you'd have to reverse engineer it, i.e., look at the ASM and try to figure out how the program looked in a higher level language like C/Python/D/C++/Ruby/Perl/etc. This process is called 'decompiling' and there are a few programs who can do some of the heavy lifting for you. However, even though these programs can do the heavy lifting for you, you're going to have to be extremely knowledgable in ASM and compiler outputs (compilers do crazy optimizations that are sometimes extremely difficult to parse). If you're interested in the programs, some good ones are:

HexRays Decompiler
Boomarang Decompiler

I'm sure there are more out there that you can find with a simple Google. Best of luck.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1449
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Files reverse engineering?

Post by Goatboy on Fri Jan 17, 2014 4:43 pm
([msg=78980]see Re: Files reverse engineering?[/msg])

fabioboh10 wrote:So, you said that files like .bmp or .mp3 have a documentation to explain the structure of the file. Then, If a file does'nt have a documentation, how can I understand the structure of the file?

centip3de wrote:If there is no file documentation, then you'd have to reverse engineer it, i.e., look at the ASM and try to figure out how the program looked in a higher level language like C/Python/D/C++/Ruby/Perl/etc

Pretty sure MP3s aren't compiled from C ;)

Basically you would need to either make some good guesswork by analyzing patterns and comparing it to similar formats, or get ahold of the program that reads it and reverse that.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Files reverse engineering?

Post by fabioboh10 on Sat Jan 18, 2014 9:27 am
([msg=78981]see Re: Files reverse engineering?[/msg])

OMG, genial! That is simply all that I needed to know *u*

This is the way:
Goatboy wrote:Basically you would need to either make some good guesswork by analyzing patterns and comparing it to similar formats, or get ahold of the program that reads it and reverse that.

And to do that:
centip3de wrote:look at the ASM and try to figure out how the program looked in a higher level language like C/Python/D/C++/Ruby/Perl/etc. This process is called 'decompiling'


Many thanks Guys!
fabioboh10
New User
New User
 
Posts: 6
Joined: Sat Mar 24, 2012 8:16 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests