[GTALUG] reverse engineering

D. Hugh Redelmeier hugh at mimosa.com
Sat Mar 9 18:06:14 EST 2019 

Sometimes I get annoyed at binaries for which I don't have any code.
Stepping back a bit, I get annoyed at undocumented hardware for which
the only drivers are closed-source, or even worse, Windows-only or
Android-only.

One way to pry these open is through reverse engineering tools

What prompts this message is that the NSA has just released Ghindra as 
open source.
  <https://www.nsa.gov/resources/everyone/ghidra/>
(This would be perfect code for the NSA to plant a trojan horse in.)

Previously (and maybe still) the tool that seemed to be most popular was 
IDA, a commercial product that runs on Windows.

There are some other choices:
<https://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-to-rival-ida-pro#1821>

==== War story (feel free to ignore): ====

I put some effort into this in the early 1980s.  I wrote my own 
disassembler that made some inferences from control flow.  I disassembled 
two non-trivial bits of code:

- the undocumented monitor that resided in my Altair's "Bytesaver" (EPROM 
  reader and writer).  The software was originally written for the 
  Processsor Tech Sol 20 machine.

- the proprietary but buggy firmware in my Volker-Craig VC2100 terminal 
  (meant to compete with the VT100)

These were a lot of work and they were only 1k and 16k bytes respectively.  
My reversing was complete: I ended up with useful source for both.

With information gained from the PT monitor, I was able to write my own, 
much more ambitious monitor.

I found bugs and identified fixes for the VC2100 and reported them to the 
author of the code at Volker-Craig.  But the product was cancelled before 
the fixes were released.

I gave up on one reverse engineering task.  I bought a copy of MuMath,
a symbolic algebra package, that was for the Osborne I.  I tried to
run it on my Kaypro II.  It seemed that there was some tricky
copy-protection code involving bank-switching.  I never cracked that
puzzle.

==== End of war story ====

I would love to see better reverse engineering for a few things.

- my Lenovo Yoga notebook gets a machine whenever it goes to sleep and 
  back.  Sleep/awake still works, but the machine checks probably slow 
  things down and they make me unhappy.

- nvidia video cards are not well-enough supported by nouveau.  nvidia has 
  not disclosed enough about the hardware to fix this.

- Many GPUs used with ARM are not supported with open-source Linux 
  drivers.  There are a number of reverse engineering projects but 
  progress isn't fast enough for me.

My guess is that these projects are too hard since the size of object
code to be analyzed is several orders of magnitude more than what I've
tried.

More information about the talk mailing list