The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. IDA Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover advanced features of Ida that may be used to work through challenging reverse engineering problems. This course is taught using primarily x86 and ARM assembly language.
This course is intended for students who are already familiar with IDA and are interested in learning how to make use of IDA's advanced features. Students should be comfortable with all of the topics listed under "The IDA BASIC Course". Topics to be covered in this course include signature creation with FLIRT, scripting with Python, plugin, loader, and processor module development, batch mode usage, advanced IDA debugger usage, dealing with obfuscated code, and anti-debugging.
Students should be familiar with Python, C, C++, and x86 assembly language. Familiarity with ARM assembly language is a plus.
Students should bring their own laptops with an installed version of IDA Starter or IDA Professional 6.0 or greater (available for Windows, Mac, or Linux). Also required are Adobe Reader or other pdf reader, unzip utility (.zip .gz .tgz), and an appropriate build environment for their version of IDA (Visual Studio C++ 2010 for Windows, g++/make for Linux/Mac). Laptops should be pre-configured with a working 32-bit Python 2.7 installation. No guarantee is made that students attempting to complete the course using the demo version of IDA will be able to complete every exercise.
Chris Eagle is a senior lecturer of computer science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 28+ years, his research interests include computer network operations, computer forensics, and reverse/anti-reverse engineering. He has been a speaker at conferences such as Black Hat, DEF CON, CodeCon, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. He is a two-time winner of the DEF CON CTF competition and is currently helping to build the DARPA Cyber Grand Challenge.