<h5><center>The Islamic University of Gaza<br>Engineering Faculty<br>Department of Computer Engineering</center></h5> <h1 style='border: none'><center>Reverse Engineering Binary Applications </center></h1> <h6>Author: Mohammed Nafiz ALMadhoun </h6> ---- ## Introduction In this lab, we are going to talk about how to reverse engineer binary applications (The application that is compiled for a CPU and not for an interpreter), so most of big desktop applications are binary applications, so learning about how to reverse engineer these applications will give you the opportunity to crack the applications or to extract some secrets in it, the second thing we will talk about is some mistakes most of the developers do when they develop an application. ---- ## What is a binary application The binary application is a name for the applications that are compiled for a certain CPU, most of the big applications are written in a compiled language (e.g. C++), thus the compiler will convert your code to machine language for the architecture you choose and for the operating system you want.  Now, these applications are super fast if you compare it to other non-binary application, now you should understand that when you reverse engineer applications like this you will need to read a lot of assembly language, and you should understand a lot of concepts about how OS works. One of the fundamental concepts you need to understand about OS, that if an application wants to do an Input/Output operation, the application will need to create a system call, this system call will tell the OS what to do (e.g. write to a file), using any dynamic analyzing program (e.g. x64dbg), you can create breakpoints in the OS wrappers, so you can know when the application wants to read a file to verify that the user has a license or not. And you also need to understand some concepts about the stack, stack frame, and threads, these topics are very easy to understand but you need to understand how to use these concepts when you’re reverse engineering an application. ## Start from what you see If you want to start debugging an application, use the correct tool and start from what you see, you should always start from the error message and search about string constants in the application before reading the whole code. One of the main things you should know about exe files that it contains more than one module, you could think about each module as a separated program, so you should select the correct one (for most application it’s the application file name), to choose the module you want to debug in x64dbg press Alt + E and double click the module. Now to search something in this module use the right click on your mouse, and from the submenu Search For, choose Current Module then choose whatever you want to search about, (e.g String references to find all the strings). If you clicked String references you will find all the strings in the application, and the reference to it in the assembly code, double click on the text to see the assembly code, but note that in big application that supports multi-languages you might not find the text as it is, you will find an ID or Key to the original string (you can match the key with the string if you found the translation file). ----- note: we will solve this task in the Lab([CrackMe.exe](https://drive.google.com/file/d/1FKeMHM185EL9tuGXZr3u5VvC4Pa3mH_j/view?usp=sharing)). ## Lab Task In this task, you should crack the following application. [**Task Link**](https://drive.google.com/file/d/1Om2dKiLIzs3Qy6zomuTLlquJthFK-WxI/view?usp=sharing)  After getting access you will get a key, Please send it to my Email. ***bonus: get the origenal serial number from the application and anylize it.***