wanna learn more about computers? check out my courses at lowlevel.academy (there's a sale) 👌

"You don't need any programming experience" continues to show code and terms that only a programmer would understand.

"No coding experience needed", then dives straight into system level assembly.

This reminds me back in the nineties when I ran my own company. I found a bug in QuickBooks Pro where they assumed a value for one of the payroll deductions would be a constant number. In my case it turned out that it had to be another value that the programmers at Intuit hadn't coded for since they hadn't done their due diligence research into corporate payroll tax law. I then proceeded to look at the data file that they were keeping I found the two bytes that represented the number for the percentage deduction on the line and I manually modified it to be the new number it needed to be. I then was surprised when I informed Intuit of their bug that they threatened to sue me for modification of what they termed copyrighted data.

Although coding from a young age, 'decompiling' always felt like black-magic concept. Thanks for explaining it to me.

Also, for various reasons password checkers shouldn't execute like that. You can absolutely tell that if you hammer it that feeding it a letter `c` first takes twice as long as any other letter when entered into the password checking. And then another 10ms if you add an `a` you can end up solving the password based on the time it takes to accept or reject that password. Since each letter you get right delays the time to rejection.

Good luck reversing any binary with zero programming knowledge.

I was having trouble understanding how memory call works on a computer. This video cleared that for me. Seeing it into action made so much sense. I can't thank you enough.

You are good at explaining things to beginners, pls do more of this reverse engineering stuff, make it a series you don't complicate things, i like it

Amazing video. Just a small side note that IDA Freeware comes with a free online decompiler which generates (very *accurate*) pseude C code. Would love to see more of this kind of vids. Cheers.

I have been waiting man. Thank you! I don't wanna go down the conventional, tools first, path that is taught in most of the courses out there.

Loving the content! A tutorial on learning C language from beginner to advanced maybe? Roadmaps for these kind of languages are always welcome by community and highly watchable, might pull in more new viewers!

I never knew IDA before, I used to use GDB to do kinda reverse engineering but now I feel like it's something I should start relaying on. Thank you sir!

This was the BEST tutorial on IDA and disassembly I've heard on UKposts

I love Ghidra

I once made a function from ida pseudocode in c++, used a function pointer of my function and Mshookfunction to hook into the real function and replaced it, it worked as the replacement function had same bytesize as original function. Ida or ghidra + hooks are really fun

Woah, super cool! And at 12:50, after he pointed out the 'g', you can actually see the rest of the password characters at the start of each section in the buffer. Crazy!

The ABI varies depending on the OS rather than the processor. For example, Windows and Linux have different ABIs while they may run on the same process.

You are doing such a great job man ! Keep it up, I learnt so much from you dude, you're litterally a better teacher than most of the teachers I had in college ! Love you !

Amazing video, king. One thing though, I think you forgot to put the download link for IDA you mentioned at 4:11. Also, the repo in the description is probably private.

I am so far 1 week into C#, granted this video went over my head a tiny bit, but I understood the fundamentals. Looks like I might dabble in this in the future.

Should also be worth mentioning that in the United States, contracts can override the fair use clause in the DMCA. Courts have upheld this. This means thar while reverse engineering isn't illegal, it almost always violates a contract and could result in a civil lawsuit for breach of contract or copyright infringement.

The program `strings` is exactly why if I want to protect my own programs I just encode my own strings. I don't always write things that I want to protect, but it's still fun to play with different methods of encoding to stave off passive RE.

Such explanations of simple concepts are really why I subscribed to your channel! Wish you did followup videos on more advanced stuff with it.

The ABI is more like an agreement that writers of assembly language programs make with other assembly writers for the sake of code interoperability. (In this context, the writer is a compiler, but it could be a person as well.) The processor generally doesn't care; as long as it's valid machine code, it'll run, ABI be damned. You can return your own custom tuple with 2 ints, a short, and a char* if you want, but you can't expect a C program to understand.

Nice, takes me way back to my 6502 days, writing decompilers. Subscribed and Looking forward to seeing what else you have.

This was awesome. Also the first time I feel like I’ve genuinely followed a video like this. Thank you!!

I definitely enjoyed the video. Although I think the title is a bit too much clickbait. Equaling reverse engineering to being open source code, is a long stretch in my opinion. Sure, this simple non optimized example is quite understandable when it’s reverse engineered. Now try a large program containing lots of templated code, with O3 optimization, inline functions, loops unrolled, SIMD optimizations etc and see how far the disassembly will bring you to what it is you’re trying to achieve. E.g., getting around a password check. It’s super hard and you definitely need programming and assembly experience to even begin to tackle that. Nice introduction though ☺️

The RDI and RSI part is for the 64 bit ABI, for 32 bits, the arguments are pushed to the stack. If a function has 2 args in 32 bit code, [esp] inside the function will have the return address of the function, [esp + 4] will have the 1st arg (pushed in reverse order) and [esp + 8] will have the 2nd arg.

Can't wait to watch this video but I'm studying Love your content man please make more cybersec videos cause things magically click if it's you explaining

Reverse engineering is so fun. Please teach us more

Nice demonstration! Except that when dealing with passwords no one just compares them char by char. They often are stored in hashes with salts, so you cannot decipher it w\out brute force

i always wanted to dig into reverse engineering but never knew where to start. thank you so much!

Great video, a similar video for ARM Assemble would be great, explaining the special registers and stuff.

Good introduction! Not quite disassembly-related question: I am wondering why the code generated by the compiler for each character comparison uses RAX for different things, so it needs to overwrite it multiple times: 1. it loads the buffer address into it and adds offset to it, and then 2. loads the character for comparison. Wouldn't it be more effective to use another register, say, RBX for the buffer address and RAX for the character comparison (or vice versa)? I know, registers are scarce resource, but here it seems to make sense for me to use 2 regs. At the same time, I heard that compilers are very smart today and create much better binary code then average human writing assembly code, so it should have some efficiency explanation.

Ok this was very helpful since i didn‘t know where to begin on reverse engineering thank you!

This was really great to see. Thanks for the intro! 😀

Would be cool to see you reverse engineering a multiplayer flash game. Since most of them only have the .swf files and no server side files. Maybe tricking it to run on a localhost. Something like this would be very cool and could help archive more flash games, but it probably 100x more effort

Love the breaking down of every step. Keep it up!

We need more stuff like this

nice video man (as always), love your channel could you make a video about dynamically analysing/debugging any binary? (in preference a normal program or a malware, if i'm asking too much i am sorry)

Great video! You say the registers are set for the processor x86, but I think is for the "calling convention" in Linux and it can change for other OS. I didn't know this IDA, it looks very intersting, thank you!

Nice video, thanks. I missed the short info about a second solution patching the binary to bypass the check simply by changing the 'jz' to a 'jnz'.

That was quite simple to understand. despite the fact that it will need you to understand the basic terminologies of computer science in order to fellow along. but overall, it was nice to watch. hey maybe you can make a video covering those basic terminologies and link it to your future videos, so people would be able to understand easier. but hey what do I know~

Nice timing! Just installed Ghidra to learn rev eng and binary exploitation and your video came out

Dude this video is awesome. You should do more of these!

Because of you I love low-level stuff, and studying to get eCRE certified.

Ghidra is a more complex tool to per say, but its also its gpl2, so if your looking for something opensource I'd go for that

recently I learned how to hook functions in C and C# , it's so cool. Also, great video !

Incredible channel, thank you for existing

While I like the video in general, reverse engineering is definitely NOT easy. Try reversing a more complex binary (AAA games, commercial software, etc.). Without references, existence of obfuscation & code virtualization, RE can quickly become a very specialized and extremely time-intensive puzzle that likely requires deep knowledge about OS internals, compilers and assembly. Here, we of course have the original code as reference and - having written it ourselves - all underlying program concepts are already known which defeats the purpose of "solving the puzzle" aka reverse engineering.

I didn't know that there's existing bash code disassemble strings and object.. I like that you go up level by level but you should talked about reverse engineering the code with some decompilers as it's usually return the code if it's not obfuscated then maybe try to see the callstack with debugging. then using a disassembler

"You don't need any programming experience" yeah right...

For real, this was amazing! I might actually start trying it 🔥🔥

I finally understood why my school taught me assembly now🤯. I never used it because I am on the dev side. that is so cool!!

Great video man ! We want more on reverse engineering, so intresting

I'd love to have seen what the getpass function looked like in c at the end of the video

6:00 there is no agreement with the processor. It's simply a calling convention that in 64 bit processors you use registers for the first few arguments and then the stack for the rest. There is no agreement with anything, it's just something that the compiler does for internal consistency. There is no need for it to be that way. You can write your own assembly and put whatever you want in whatever register you want and do a function call and then read those registers back. All that really matters is how the processor behaves to the outside world, and that is documented in the instruction set manual, outlining how the processor should behave when any given instruction is executed. And none of those say that RDI should contain the first argument for a function call. In fact call really only does 2 things. Push the next IP to the stack and set the instruction pointer to the callee. Or in detail it pushes the address of the next instruction to the stack pointer address and then decrements the stack pointer address and then sets the instruction pointer to the function to be called. Nothing else goes on here. It's up to the compiler to handle how arguments are transferred to and from the function, how to handle the stack or anything else, really. 9:43 no, some dumb programmer may have given the function the name "getPass" originally, but that's not what the function does. Since you "don't know" the original name, you should give it the best name you can come up with. A better name would be "checkPassword" or "comparePassword" or something along those lines, because that function doesn't return (get) the password, it just checks if the password you provided is correct or not.

One of the video to get started for reverse engineering

Great, hope you do more! Thanks!

wow really helpful info! i can only imagine what a nightmare it is do to this on malware that has been purposefully obfuscated

wow, been waiting for reverse engineering video, thanks!

Coming at this with a year of CE, learned a bit about the buffer. Any chance you could do a crash course about the stack? I know how to manipulate it, but I don't understand what I'm manipulating

Awesome vídeo with a lot of great content! Pls keep this series on

Very cool, i will hav to try this for work when trying to understand some dll stuff.

This is just like CSAPP: Bomb Lab! I really recommend it as a good way to practice these types of skills

You should do this for real malware, YT needs more of this stuff

I enjoyed it. Thanks for this video. Please continue making such videos.

Really engaging content and shows actual examples, keep up the good work ^^

EULA: am I a joke to you? Yes, yes it is

This is a very good high level explanation of reverse engineering. Do you have any plans on something more intermediate level or do you have a channel that I could go look at for something like that? I'm already in the weeds from reading the Intel Architectures Software Developer's Manual. I've been enjoying using Kaitai.

I like how you brake this down for people that don't understand this or dummy it down very nice brother 👍👍

This is awesome! Thank you! 🎉

“You don’t need any programming experience” taking a binary? From a Source code? With diferent simbols? They are tipes of variables? Names of funcions? And they are readable strings? And you can get a lot of information by reading a buffer from the source code? What is the if get pass? This is just not even minute 1 and I’m lost.

thanks for making it easy to understand pls keep post that kind of video

“no coding experience required.” *requires past programming participation *

0:00 📖 Reverse engineering is the process of understanding the functionality of a binary without access to its source code. 1:31 🛡 Malware reverse engineering is crucial for cybersecurity professionals to understand and defend against threats. 1:53 😄 Reverse engineering can also be enjoyable, involving the challenge of understanding how things work. 2:03 🛠 Basic reverse engineering techniques include using the strings command to find ASCII strings in a binary. 3:01 🧠 Disassemblers like object dump and IDA convert binary machine code into human-readable assembly instructions. 8:00 🔍 Reverse engineers use disassemblers to analyze assembly instructions and infer the functionality of a binary. 11:38 🔐 Understanding the binary's functionality, such as password comparison, allows for successful reverse engineering. 13:00 🤔 Some binary content, like password comparisons, may not be revealed by simple string extraction due to how instructions are encoded.

You're a cyber treasure, dude. Don't ever forget that.

Nice channel name and I reverse engineer hand tools and hardware a lot just to get a idea on the problems they solve. Compilers are the cyberspace equivalent to the blacksmith using a forge or the foundry that eventually makes it to your home via four wheels. Decompilers are the defininive tool for sloving computer problems, and as such are by definition open source, and if not open still relevant to software error.

Remember folks, you don't need any programming experience 😅

Memories; this reminds me of the times I would spend with Olly (before I really knew solaris and linux). It is good to know the same principals still work. I just watch this for entertainment (which solidifies me as a somewhat nerd).

woooow what a great video... excpectig this video from so long time.. kep going this series

I didn't thought I'd understand someone using c this early for a program like this 💀 though i still haven't gotten used to it but I've taken few steps ig 🚶 trying to understand programs just by looking at codes, reading documentations and trying to recreate the stuff i learn really did helped more than taking lectures or watching video tutorials 👾

Man I want an assembly course so much !

That's like saying, you can go anywhere if you know how to pick locks. Sure you can do that, doesn't mean you should do that. What makes open source, open source is the licence under which they make the source code available. Not that you can reverse engineer a code.

literally the video i‘ve been waiting for from your channel. thank you so much

This is how you used to change to the dark theme for Unity a few years ago back when the free version of Unity was restricted to the light theme only. You would open the Unity.exe with a hex editor and manually change a particular value.

“No previous programming experience needed…anyway, here’s assembly”

I use Cutter for reverse engineering, highly recommend

SO happy I found your channel!

I was able to understand, and follow along your video. 🧠

I love videos like this. Keep 'em coming. :)

Wish I had this 10 years ago. Did so much learning the wrong way around.

Such good content keep it up buddy

back in XP era (32 bit), IDA Pro is able to disassemble these simple unencrypted binary executable files and generate corresponding c++ code

Very informative, thank you

Ahhhh, Ms. Lovelace. I always wanted a Curta, you know a Babbage portable computer.

This is so cool, IDA is such a Powerfull Tool

I am confused. This obviously requires skills in programming and the underlying working of things. As someone studying CS I get most of it. How is it then that I see so many people on internet advertising Cyber Security with no programming skills required?

I am not the best reverse engineer in the world, but IDA is so much fun for the entire family and friends... The Cyber research of the Law.