Read on Twitter
-Reversing Tip 29/30-
buckle up buckaroos! Here& #39;s the most useful RE strategy no one talks about:
*analyze the block layout before diving into ASM code*. Layout view is available on many disassemblers, hereâs how to use it #BinReversingTips Explanatory thread
https://abs.twimg.com/emoji/v2/... draggable="false" alt="đ§”" title="Thread" aria-label="Emoji: Thread">[1/6] >>>
buckle up buckaroos! Here& #39;s the most useful RE strategy no one talks about:
*analyze the block layout before diving into ASM code*. Layout view is available on many disassemblers, hereâs how to use it #BinReversingTips Explanatory thread
[1/6] >>>" title="-Reversing Tip 29/30-buckle up buckaroos! Here& #39;s the most useful RE strategy no one talks about:*analyze the block layout before diving into ASM code*. Layout view is available on many disassemblers, hereâs how to use it #BinReversingTips Explanatory threadhttps://abs.twimg.com/emoji/v2/... draggable="false" alt="đ§”" title="Thread" aria-label="Emoji: Thread">[1/6] >>>" class="img-responsive" style="max-width:100%;"/>
Letâs start with an easy example. The 1st image shows the layout of an âifâ statement: the code splits to 2 paths. Question: What layout does the 2nd pic show? Answer on the next tweet. Assembly is purposely hidden - thatâs the point of this ;) [2/6]
![Letâs start with an easy example. The 1st image shows the layout of an âifâ statement: the code splits to 2 paths. Question: What layout does the 2nd pic show? Answer on the next tweet. Assembly is purposely hidden - thatâs the point of this ;) [2/6]](https://pbs.twimg.com/media/EW0MZvgXQAAUU-k.png "Letâs start with an easy example. The 1st image shows the layout of an âifâ statement: the code splits to 2 paths. Question: What layout does the 2nd pic show? Answer on the next tweet. Assembly is purposely hidden - thatâs the point of this ;) [2/6]")
![Letâs start with an easy example. The 1st image shows the layout of an âifâ statement: the code splits to 2 paths. Question: What layout does the 2nd pic show? Answer on the next tweet. Assembly is purposely hidden - thatâs the point of this ;) [2/6]](https://pbs.twimg.com/media/EW0Me0mWAAIc5wj.jpg "Letâs start with an easy example. The 1st image shows the layout of an âifâ statement: the code splits to 2 paths. Question: What layout does the 2nd pic show? Answer on the next tweet. Assembly is purposely hidden - thatâs the point of this ;) [2/6]")
If you answered itâs a switch case statement, youâre correct :) Great!
Letâs use our new killer skillz on func_1. Q: func_1 is most likely:
1. Computing a hash
2. Parsing a format
3. String comparison [tweet 3/6]
![If you answered itâs a switch case statement, youâre correct :) Great!Letâs use our new killer skillz on func_1. Q: func_1 is most likely:1. Computing a hash2. Parsing a format3. String comparison [tweet 3/6]](https://pbs.twimg.com/media/EW0MpmuXkAAPO66.jpg "If you answered itâs a switch case statement, youâre correct :) Great!Letâs use our new killer skillz on func_1. Q: func_1 is most likely:1. Computing a hash2. Parsing a format3. String comparison [tweet 3/6]")
Letâs use our new killer skillz on func_1. Q: func_1 is most likely:
1. Computing a hash
2. Parsing a format
3. String comparison [tweet 3/6]
the answer is #2. Func_1 has many âifâs leading to a return block (End A), typical of format parsing code to bail early if it finds a corrupt field/magic value. Here is func_1 fully exposed to confirm our assumption [4/6]
![the answer is #2. Func_1 has many âifâs leading to a return block (End A), typical of format parsing code to bail early if it finds a corrupt field/magic value. Here is func_1 fully exposed to confirm our assumption [4/6]](https://pbs.twimg.com/media/EW0Mx3nXsAAPA68.jpg "the answer is #2. Func_1 has many âifâs leading to a return block (End A), typical of format parsing code to bail early if it finds a corrupt field/magic value. Here is func_1 fully exposed to confirm our assumption [4/6]")
Last example; what is func_2 most likely handling?
1. Computing a hash
2. Parsing a format
3. String comparison [tweet 5/6]
![Last example; what is func_2 most likely handling? 1. Computing a hash2. Parsing a format3. String comparison [tweet 5/6]](https://pbs.twimg.com/media/EW0NEFEWkAIHnhC.png "Last example; what is func_2 most likely handling? 1. Computing a hash2. Parsing a format3. String comparison [tweet 5/6]")
1. Computing a hash
2. Parsing a format
3. String comparison [tweet 5/6]
The answer is #3. Func_2 has a loop, typical in str related funcs which use the loop to iterate over the strâs chars. Also, we can rule out #2 w/knowledge from the prev. tweet & rule out #1 from my 1st RE tip https://abs.twimg.com/emoji/v2/... draggable="false" alt="đ" title="Zwinkerndes Gesicht" aria-label="Emoji: Zwinkerndes Gesicht">
Func_2 exposed: </END THREAD>
Func_2 exposed: </END THREAD>
Func_2 exposed: </END THREAD>" title="The answer is #3. Func_2 has a loop, typical in str related funcs which use the loop to iterate over the strâs chars. Also, we can rule out #2 w/knowledge from the prev. tweet & rule out #1 from my 1st RE tip https://abs.twimg.com/emoji/v2/... draggable="false" alt="đ" title="Zwinkerndes Gesicht" aria-label="Emoji: Zwinkerndes Gesicht">Func_2 exposed: </END THREAD>" class="img-responsive" style="max-width:100%;"/>
link to my 1st RE tip: https://twitter.com/va_start/status/1245197118865846273">https://twitter.com/va_start/...
