One thing which really helped me (and I wholeheartedly recommend) is to write simple programs, run them through the compiler and then in the disassembler. It really helps build a correspondence between program structure and its object code.
Eventually, you can make it even more fun and challenging by stripping debug symbols and turning on compiler optimisations.
Happy reversing!
The good news is that there has never been MORE resources out there. If you want to use this learning expedition as an excuse to also build up a small electronics lab then $100 on ali express to buy whatever looks cheap and interesting and then tear it apart and start poking around to find where the firmware lives. Pull the firmware, examine it, modify it and put it back :)
This guy has a discord server with a specific "book club" section where they all choose a cheap $thing and reverse engineer it: https://www.youtube.com/@mattbrwn/about
I can't help much with "traditional" app/software RE work, sorry.
Thanks a lot!
Turns out that frontier grade llms are absolutely fantastic for extremely advanced static analysis. If you go one step further and manage to get your firmware running inside of an emulator or other place where you can attach GDB... Then putting an mCP server on that as well unlocks so much insane potential.
I feel like the tendency for people to assume others have nearly $500 or so of credits on their AI to blow every month is kinda crazy.
Reminds me of the "just get Netflix, Prime, etc." ending up with a $100/m bill.
The nightmare course explicitly talks about how to use Ghidra.
1: https://guyinatuxedo.github.io 2: https://www.roppers.org
The reverse engineering I've learned has generally been to fix something that has annoyed me - for example I reverse engineered part of RCT3 to fix mouse input with high poll rates and allow for resizable windows [0]. Certainly easier to approach than trying to get into a closed device since you can attach a debugger.
The book is designed for beginner and advance users.
from then you can use things like Ghidra (which supports a lot of those old CPU arches) for more advanced analysis and make the game do almost whatever the hell you want if you have the patience.
I think a lot of the skills will transfer quite well (obviously not 1:1, you will need to learn some things) to the more employable side of RE if that's what you're interested in
I guess I'm struggling to transfer that to "real-life" scenarios. Like getting something useful out of reverse engineering (getting infinite lives is interesting to see that I can tamper with the game, but it's not exactly useful).
(Thinking more of license-checking, and serial-number generation rather than infinite lives.)
So for the second thing, pulling the data off chips like that typically involves some specialized hardware, and you have to potentially deal with a bunch of cryptographic safeguards to read from the chip’s memory. Not impossible though, and there are not always good safeguards, but might be worth checking out some simpler programs and working up to it, or learning some basic hardware hacking to get an idea of how that process works.
Well that may explain it, then, thanks for letting me know.
I realise that my question was not super clear because... well I didn't really know what to ask :-). I was just trying to engage in a human interaction. Say I am at a party with friends and strangers, and when I get introduced to a stranger, they say "I am a professional reverse engineer". Because I find that interesting, I will start asking questions. And I may well start trying to explain what I find interesting, giving the expert an angle to start talking about it.
Of course I could just go home and read about reverse engineering. But at that moment, in that party, I want to enjoy a discussion about it with a human being. Part of the experience is that I get to hear what some other human thinks about it.
I am not there for a formal course, I am there to listen to what a human being has to say about it. And obviously an LLM cannot do that job :-).
I think we should conclude people want to maximize learning while minimizing wasted time, hence they ask for the "best resources". Even though the question seems tiring at times (when I was on reddit I heard this constantly, and cynically projected that very few people actually used the resources they requested. But I solved this problem by quitting/getting banned from Reddit and never looked back).
I can explain my intent, since I asked the question :-).
"Signal interest in something in the hope of starting a discussion with people who share that interest and may have interesting stories to share".
I loved IRC for that. I could join a channel, ask a question and sometimes someone knowledgeable would engage in a discussion with me. Often nobody answered, but because IRC was "ephemeral", I could ask again another time, and another one, hoping to eventually find someone interested.
> I think we should conclude people want to maximize learning while minimizing wasted time
In my case (and I want to believe that in many other cases), it's really just that people (me, here) would like to have some human interaction about a topic.
I know how to learn, I was not asking about that. I was trying to start a conversation with humans, that's all.
Totally fair, and I'm sorry you got a hostile response.
My (very low-value) opinion is don't waste your time learning how exploits work. Yeah it's kinda neat seeing clever misuse of components. But there is very little upside to investing in that knowledge.
0. You look at old exploits and marvel at them for a while, but they are long ago patched and technically useless.
1. You waste a bunch of time looking for a sploit but don't find one.
2. You find one but nobody cares, you don't get street cred. The sploit is patched in the next release, and you don't get back your time spent finding it.
3. You find a sploit but all you get is a thanks from the billion dollar company, followed by a patch.
4. You create an exploit and use it maliciously or sell it to a criminal syndicate. you are a criminal. Or you get sued because it's a civil/copyright issue.
5. You find a sploit and other people treat you as a criminal even though you didn't do anything with it. You even intended to help.
6. You find sploits but still can't get a job as a white hat because other people who found more sploits got the job.
The only good outcomes are:
7. You found a very clever sploit and got a bounty for it.
8. You got hired in cyber security and get paid for sploits or countering them.
9. You seriously just love decoding machine instructions and find joy from making it do unintended things.
Overall, I think the risk/reward ratio is suboptimal for this field unless you go black-hat which is obviously fraught with moral and legal hazards.
Oh wait... Right.
Asking for resources or asking "does anyone know where I can start?" Followed by a description of "here's where I'm at" has been table stakes for the uninitiated since time immemorial.
When I see "ask the LLM", all I hear is "prop up my investment portfolio".
To this OP in particular: try playing around with different binaries you already have source to, and using the RE tools to get a feel for their post compilation structure and flow; start by compiling with no compiler optimization. You'll want an understanding of what the structural primitives of "nothing up my sleeve" code reads and looks like post-compilation to build off of. Then start enabling different layers of optimization, again, to continue familiarizing yourself with output of modern compilers when dealing with fundamentally "honest" code.
Once you can eyeball things and get an intuitive sense for that sort of thing is where you jump off into dealing with dishonest code. Stuff put through obfuscators. Stuff designed to work in ways that hide what the actual intent of the code is, or things designed in ways that make it clear that the author had something up their sleeve.
It'll be a lot of work and memorization and pattern recognition building, and you'll have to put in the effort to get to know the hardware and memory architecture, and opcodes and ISA's, and virtual machines you're reversing for, but it will click eventually.
Just remember; odds are it won't make you money, and it will set time on fire. I cut my teeth on reversing some security firm's snake oil, and just trying to figure out why the code I wrote was acting weird after the compiler got done with it. (I have cursed at more compiler writers than about anyone but myself).
Then just remember that if someone got it to run, then it's gotta eventually make sense. The rest is all persistence on your part of laying bare their true, usually perverted motivations (generally boiling down to greed, job security, or wasting your goddamn time).
Would the world be nicer if that wasn't the case? Absolutely. I lived through a period where a lot of code wasn't "something up my sleeve" code. Now is not so much that time anymore. We've made programming too accessible to business types that now the interests of organization's at securing their power has a non-trivial distortion on how code gets written; which generally means user hostile in one way or another.
Even pre llm, there was a clear indicator of someone who was skilled at coding versus someone who was not. The big thing that differentiated people was curiosity. When someone is curious, they would go look stuff up, experiment, figure out how to build things by failing over and over again, and eventually they would figure it out, but consequently, they have learned quite a lot more along the way.
And then there were people that were just following instructions, who in interviews though that them following instructions was virtue worthy.
Nowdays, this is even easier to tell who is who, because LLMs essentially shortcut that curiosity for you. You don't have to dig through the internet and play around with sandbox code, you can just ask an LLM and it will give you answers.
This is why I specifically said if you are hesitant of starting with LLMs, you should learn how to learn first, which usually starts with learning how to ask questions.
In my opinion, it is extremely important for the interviewer to realise that they are in a dominant position. Here, I can tell you what I think about how you judged me. If I was an interviewee, I may not be in a position to lose the job just because I told you that you are being rude.
Anyway, I would recommend YouTube. Find a series you can follow along. Best of luck!