Lectures

Lectures

Please watch the relevant video prior to class. Also, download the exercises - we will be using them during class. Subtitles (English, Swedish, Japanese, Spanish, and Chinese (PRC and TW)) are available for some videos. Slides exist in two forms, with and without animations. Instructors can contact us for the key to unlock answers to in-class exercises.

Introduction

#	Topic	Video	Slides	In-class Exercises	Prereq- uisite	Video Length
intro-1	Introduction Famous Reverse Engineering Projects Binary Reverse Engineering Reverse Engineering vs. Software protection Attacks on Mobile Devices Attacks on Critical Infrastructure Attacks on Consumer Products Attacks on Media Distribution Attacks on Computer Games Protecting Malware Tools of the Trade https://LigerLabs.org		introduction-1.pdf introduction-1-anim.pdf			28m
model-1	Modeling Attacks and Defenses		model-1-slides.pdf models-1.pdf models-1-anim.pdf	models-1-exercises.pdf	misc-1	20m
misc-1	Miscellaneous Tools and Techniques Graphviz Weird C Constructs Bash tricks		misc-1.pdf misc-1-anim.pdf			9m

Low-level Programming

Lectures on X86 assembly code and machine code.

#	Topic	Video	Slides	In-class Exercises	Prereq- uisite	Video Length
X86-1	X86 Instruction Set Global Variables X86 Assembly Syntax Data Movement Instructions Arithmetic and Bitwise Instructions Switch Statements8-bit vs. 16-bit vs. 32-bit vs. 64-bit Addressing Modes x86 Example Execution x86 Intel vs. AT&T Syntax Disassembly		x86-1.pdf x86-1-anim.pdf	x86-1-exercises.zip x86-1-exercises-answers.zip.aes		32m
x86-2	X86 Control Flow Instructions Unconditional Control Flow Instructions Conditional Control Flow Instructions Conditional Move Instructions Conditional Set Byte Instructions Disassembly with Binary Ninja		x86-2.pdf x86-2-anim.pdf	x86-2-exercises.zip	x86-1	26m
x86-3	X86 Memory Operations Global Variables More Data Movement Instructions Bits and Bobs Arrays Switch Statements Floating Point		x86-3.pdf x86-3-anim.pdf	x86-3-exercises.zip	x86-2	21m
x86-4	X86 Calling Conventions The Call Stack Activation Record Layout Argument Passing (32-bit) Argument Passing (64-bit) Dynamic Link Return Value System Calls		x86-4.pdf x86-4-anim.pdf	x86-4-exercises.zip	x86-3	24m
x86-5	X86 Instruction Encoding		pdf

Static Analysis

Lectures on statically analyzing data and control flow.

#	Topic	Video	Slides	In-class Exercises	Prereq- uisite	Video Length
ast-1	Abstract Syntax Trees		pdf	ast-1-exercises.zip	misc-1	20m
cfg-1	Control Flow Analysis		cfg-1.pdf cfg-1-anim.pdf	cfg-1-exercises.zip	misc-1, x86-2	24m
file-1	Executable File Formats Statically Linked Binaries Dynamically Linking LIBC Creating a Dynamically Linked Library Command Line Tools The ELF File Format		pdf	file-1-exercises.zip		12m
disass-1	Disassembly Linear Sweep Disassembly Recursive Descent Disassembly Issue #1: Finding Entry Points Issue #2: Statically Unknown Control Flow Issue #3: Mixing Code and Data Issue #4: Shared Basic Blocks Issue #5: Overlapping Instructions Anti-Disassembly Branch Functions Tigress		pdf	disass-1-exercises.zip	x86-2, cfg-1	25m

Dynamic Analysis

Lectures on debugging, tracing, etc.

#	Topic	Video	Slides	In-class Exercises	Prereq- uisite	Video Length
gdb-1	Debugging with gdb Running, Stepping, Breaking Automating Debugging Hardware vs. Software Breakpoints Patching with gdb Watchpoints Searching Gdb + Ghidra Extensions		pdf	gdb-1-exercises.zip	x86-2, ghidra-3	29m
trace-1	Tracing strace ltrace gdb trace points pintools		pdf	trace-1-exercises.zip	opaque-1	22m
symex-1	Symbolic Execution License Checking Revisited Klee Symbolic Execution Solvers		pdf	symex-1-exercises.zip	ast-1, softprot-1, x86-1	25m
symex-2	Symbolic Execution with angr Example angr API		pdf	symex-2-exercises.zip	symex-1	8m

Reverse Engineering

Lectures on using reverse engineering tools and strategies for attacking binary programs.

#	Topic	Video	Slides	In-class Exercises	Prereq- uisite	Video Length
ghidra-1	Introduction to Ghidra 1 Starting a New Project Top Level Interface Viewing Binary Code Viewing Disassembled Code Viewing the CFG Viewing Decompiled Code Viewing Strings		ghidra-1.pdf ghidra-1-anim.pdf	ghidra-1-exercises.zip	x86-2, cfg-1	19m
ghidra-2	Introduction to Ghidra 2 Viewing The Program Graph Viewing The Call Graph Cross References Fixing Names,Types, and Functions Documenting Your Work Viewing Symbols Navigating the Code Searching for Strings Searching for Instructions		ghidra-2.pdf ghidra-2-anim.pdf	ghidra-2-exercises.zip	ghidra-1	18m
ghidra-3	Ghidra Code Patching Editing Instructions Removing Instructions Replacing Instructions Referencing External Functions Adding Instructions Code Stealing Adding a Segment		ghidra-3.pdf ghidra-3-anim.pdf	ghidra-3-exercises.zip	ghidra-1	19m
ghidra-4	Ghidra Scripting Creating, Editing, and Running Scripts The Ghidra API API Documentation		ghidra-4.pdf ghidra-4-anim.pdf	ghidra-4-exercises.zip	ghidra-3	21m
re-1	Reverse Engineering Strategies Game Cheating Cryptographic Key Recovery License Key Recovery		re-1.pdf re-1-anim.pdf		ghidra-1, trace-1, virt-1	18m

Software Protection

Lectures on code obfuscation and tamper-proofing.

#	Topic	Video	Slides	In-class Exercises	Prereq- uisite	Video Length
virt-1	Virtualization Obfuscation What is a byte code interpreter? Obfuscating Virtual Machines		pdf	virt-1-exercises.zip	cfg-1	16m
virt-2	Protecting Virtualized Code Randomizing the Instruction Set Random Dispatchers Protecting Handlers Protecting the Byte Code Dynamic Attacks and Defenses		pdf	virt-2-exercises.zip	virt-1	28m
checksum-1	Checksum Integrity Check Checksumming Attacks! Running Example Attack with gdb		pdf	checksum-1-exercises.zip		24m
arith-1	Encoding Integer Expressions Diversifying Integer Expressions Tree Patterns Tree Pattern Matching Attacks Add Your Own Patterns Making Obfuscated Constants		pdf	arith-1-exercises.zip	ast-1	22m
flatten-1	Control Flow Flattening Control flow Flattening Dispatch Methods Attacks and Defenses		flatten-1.pdf flatten-1-anim.pdf	flatten-1-exercises.zip	cfg-1	18m
checksum-2	Checksum Attacks and Defenses Attack with Binary Ninja Attack with Ghidra Defenses: Check-Repair Networks Defenses: Overlapping Checkers Defenses: Stealthy Hash Functions Responding to Attacks		pdf		checksum-1	20m
softprot-1	Software Protection Software License Checking DRM and Whitebox Cryptography Code Transformations Code Obfuscation Tamperproofing Tigress Environment Detection Software Fingerprinting Executable Packing Anti-Disassembly Diversification		softprot-1.pdf softprot-1-anim.pdf	software-protection-1-exercises.zip	intro-1, ghidra-1	28m
opaque-1	Opaque Expressions What is an Opaque Value? Adding Bogus Control Flow Array-based Opaque Predicates Graph-based Opaque Predicates Tigress Dynamic Opaque Predicates		opaque-1.pdf opaque-1-anim.pdf	opaque-1-exercises.zip	flatten-1	20m
data-1	Data Encodings XOR Encoding Polynomial Encoding Residue Number Encoding		pdf	data1-1-exercises.zip	flatten-1	20m