Reverse Engineering
In this section, I intend to eventually talk about some of the reverse engineering/hacking work I've done. And discuss bit about about my methodology and procedure. As of this writing I've reverse engineered ~20 distinct pieces of software and modified around ~200 different versions of the aforementioned software. These fall into a number of different categories with differing approaches to hacking:
x86/x64 ASM on multiple OSs
In memory dissassembly, debugging, and code modification (IDAPro, GDB+objdump, PE Explorer).
Hex editing for quick persistent modifications during testing (Hex Workshop, HexEdit, HxD).
Note: HxD can do modification on in-memory executables with attaching a debugger.
Instruction pattern matching for permanent final modifications.
This is done using a custom unreleased python based framework I wrote.
Additional resigning and forging of binary certs if needed (can be interfaced using my py tools).
Anti-hacking measures I've seen employed in software:
Binary signing.
Checksumming of binaries (or subsections of binaries).
Checksumming of in-memory code segments.
Comparisons of binary and in-memory code.
Rewriting in-memory code on the fly to prevent modifications.
Loading and running code from non-code segments.
Corrupting program state in the event of detection.
This is to cause a program to crash or misbehave.
or to save corrupt files, etc.
CLR IL bytecode (.net platform)
Deobfuscation of assemblies (reflexil, de4dot)
Analysis of assemblies (.net reflector, ILSpy)
Quick test modifications can be done with reflexil.
I've employed class & method matching for permanent final modification of assemblies.
This can be done by using Mono.Cecil or dnlib.
One interesting note about dnlib is that it can be used to unseal and publicize/virtualize classes and methods. This can be potentially useful if you want to extend or interface with an an existing assembly.
On rare occasion I've used pattern matching but this does not work well given that IL code is highly repetitive.
Anti-hacking measures I've seen employed in software:
Obfuscation.
Binary signing.
In short, all methods are entirely ineffective. Do not write in .net if you want to secure your binaries.
Java bytecode
Analysis of assemblies (similar to .net).
Instruction pattern matching for permanent final modifications.
This may or may not be effective given that jar files are compressed.
An ideal approach would uncompress the class files, apply modifications, then re-compress the files.
The tools are generally lackluster here. I haven't needed to deobfuscate anything so I haven't evaluated any deobfuscators for Java bytecode.