• Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by heisenbug

  1. I wrote that at 5am, and I was sure I said vulnerabilities. Oh, well. You are right. I wrote the wrong word there. Thanks for catching that. It it a common misconception that in reverse engineering you must look at the code. Reverse engineering may include looking at the source code, but doesn't necessarily need to involve looking at the source code. It really doesn't even have to relate to software. Anything can be reverse engineered. Heck, you can reverse engineer a chicken nugget or a Popsicle if you want. You can do it anyway your heart desires too. You can look at it physically, chemically, or you can imagine what the inner workings are using your experience or you educated guess. Diggy wrote a really good description of what reverse engineering was. He did a much better job than I would have. The only part where I disagree, and it's not really disagreeing, I just think he left a little out. I think he left out that you may not need to duplicate the project in its entirety. You can reverse engineer any portion of the project if you so desire. You don't even need to physically duplicate it, you can duplicate it any way you wish. Even in your mind. Actually, it can be exactly that. It doesn't have to be limited to that, but it very well could be.
  2. What I think is really neat about reverse engineering is finding exploits without ever looking at the code. If you know enough about software development methodologies, you can look at some software and imagine how the developer wrote it. If you understand development techniques, software deadlines, and project management, you can think of where he might of cut corners in security development. Some portions of software security is seen as a "feature" and is only added later if there is time, and often there is not. Most software project fall well behind schedule. Non visible features to the user are often cut first. If you understand the human mind and software development well enough, you can often find several exploits in software simply by looking at the interface or knowing what it does and never looking at the code. That is really fun.
  3. My experience probably pales to quite a few of you. I sure hate to submit a long winded response because it will probably be uninteresting to everyone else, but here goes. In the eighties I got my first computer. It was an IBM PC Jr. and it had an 8088 processor (8-bit external data bus), 64K of RAM, and didn’t even have a hard drive. It had two large floppy drives, one for the OS and one for saving data. It came with GW Basic and I really enjoyed playing with that. Sadly, I didn’t save the PC when I was done with it. I traded it in for my next PC. My next PC was an IBM PC/AT with a 286 processor and a 300 baud modem. A few of my friends started beige boxing in order to access BBS systems that were long distance. I found out what the BBS systems were about and I got hooked on the ASCII text based games. Eventually, I conned my parents into letting me have my own phone line to start my own BBS. I started with Spitfire software and then eventually moved to Renegade to run the BBS. Now my friends and I could play ASCII games from home. “They” really only used beige boxing for Gopher and e-mail at that point. I attended two 2600 meetings in the early nineties, but wasn’t really able to continue because I didn’t have my own car back then. I could only go when my friends were not grounded, which seemed to be constantly. I was fascinated by social engineering, and so after high school I pursued a degree in psychology. Since I wasn’t legally able to drink yet I had also pursued interest in homebrewing beer. For some reason, no one had any concerns selling beer ingredients to a minor. I received my college degree in Psychology (and should have received a minor in beer consumption), but found the job market didn’t pay what I thought it would. After auditing an electronics class for fun, I was motivated again and I went back to college to pursue a second degree in Information Technology (with an emphasis in Software Development). So here I am now, two college degrees and eleven years of software development work experience later and I am still learning every day. I constantly look to plug exploits at work, play with electronics at home, still brew beer, and design and weld funny contraptions to brew with. Currently, I am studying for the CISSP. After playing with networking for a few years, I have had a renewed interest in network security. The knowledge is interesting and security seems so different and much more complex than what I remember. I try to learn what I can about technology, and play with what I don’t know. It seems the more I learn, the more subjects open up and the more I realize the volume of what I still need to learn. I guess Socrates quote of, “True wisdom lies in knowing you know nothing” holds true. Technology seems to be a fascinating constant supply of new information, which is just fine for me, because if it wasn’t I would have been bored with it long ago.
  4. Livinded, I'm not sure if you were trolling or what this post was about so I thought I would send another post to clarify my post. The original poster said: "2. Isn't it a waste of time learning to reverse windows programs when i only use linux? 3. If i go on learning to reverse windows programs, will i learn anything i can use in the linux-world?" While I mentioned .NET as an example I also mentioned other languages. I also thought the major theme of my post was that reverse engineering is not only about delving into code, but there can be many layers to it. It could be as simple as viewing an application and copying the user interface. However, I'm wondering if I took this the wrong way. Maybe I am reading something into your post that wasn't there or maybe my post did not convey the message that I intended. In either way, this was only my third post on this particular forum, so I was surprised by the reaction to it. I was under the impression that flaming was banned in Nubie HQ.
  5. I agree and disagree. I agree on the visual level, but down to the code level is probably not that useful. I am not sure how much a linux developer would get out of reverse engineering most of the code from a .NET environment. Mono isn't completely compatible with many of the Windows libraries. Also, most .NET programs are written in C# which is like an object orientated C, but doesn't translate over well so I don't know how helpful that would be either. On the agree side. Front end development can be copied fairly well from just looking at the program, and SQL development is fairly straightforward. I think the only real reason you would want to reverse engineer Windows at the code level would be to figure out complex math functions or to figure out a certain company's business rules. However, if the program is written in a comparable language, then it might be useful in both OS situations, but then coding in the same language you may run into "line-by-line" copyright problems which makes open source development difficult. Someone eventually will call you on it, and then you don't look so hot in the open source community.
  6. A lot of money is put into engineering to make them smaller and reduce costs. Also increasing the wafer size can reduce costs on a per chip basis. Really, there is no motivation to keep them smaller other than money. You run into so many problems as the chips get smaller. As they get smaller you get less redundancy, more crosstalk, more damage from contamination, longer testing times, costs of R&D, etc. I think you are under the assumption that simply adding more transistors will make the chip better (bigger, faster, stronger). This is not the case. The chips have several components that need to be developed when a new transistor is added. Transistors are already very small percentage of a chip. They don't contribute much to overall size. In some companies they stack other components on top of or below them. Capacitors take up a lot of space, much more than a transistor. This is mostly because they are more effective with a larger surface area of dielectric substrate. Often these are created in a vertical well in order to take up less space. Bonding pads also take up quite a bit of space.
  7. The chips are made on round silicon wafers. These wafers are commonly 200mm or 300mm (about 8 or 12 inches). The smaller the chips are, the more you can fit on a wafer. This cuts production costs on a per chip basis. Since the chips are square and the wafer are round, the smaller chips can also fill some more of the gaps also. A lot of this structure is engineered in the masking levels in the photolithography process.