By ro0ted | March 13, 2015 - 14:17 | Posted in /b/ | 9 Comments
#ro0ted #OpNewblood What the blackhats dont want you to know: IDA Pro; A Static Analysis

Today we are going to go over What’s a Static Analysis. We will be using IDA Pro. – https://twitter.com/ro0ted/

Download
Note: I recommend buying the paid version of IDA Pro as it can open many forms among other reasons…
https://out7.hex-rays.com/files/idafree50.exe

Whats the difference between Ollydbg & IDA Pro?

Ollydbg is a debugger which means it runs the .exe.

IDA Pro is a disassembler which does not execute the .exe. This is a static analysis which in safe terms is the best bet. Especially when you have an suspicious file.

The program:

d

 The many file formats:

dd

dd

dd

dd

dd

d

The blurred out icons aren’t include in the free. If you want all formats pay for the paid version.

Moving on…

We select the Windows Tab and select PE executable:

 d

d

d

First thing we notice is UPX on the left side which states this .exe is packed with UPX:

d

Let’s load the .exe in exeinfoPE:

d

It’s indeed packed with UPX
Let’s unpack it.
So we download upx
http://upx.sourceforge.net/download/upx391w.zip

Open up cmd and navagiate to the location type upx:

d

Put the target .exe in the same directory of upx:

d

Now in cmd type
upx -d MediaPlayerClassic.exe 
d

Now reload it in IDA Pro:

d

It’s not packed anymore :]

We look through the results with the navigation bar on the top:
d

Hex View Tab:
d

Imports Tab:

d

Names:

d

Functions:

d

Strings:

d

This is just a brief introduction of IDA Pro. Don’t wanna overwhelm you. So in another tut we will go over different ways in using IDA Pro.

ro0ted

 


 

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing +

(Visited 579 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

9 Responses to #ro0ted #OpNewblood What the blackhats dont want you to know: IDA Pro; A Static Analysis

  1. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know | Packing & Crypting, There’s a difference

    […] Introducing IDA Pro: Static Analyzing […]

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Manually Unpacking Part 2

    […] Introducing IDA Pro: Static Analyzing […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: ASM Injecting Part 2

    […] Introducing IDA Pro: Static Analyzing […]

  4. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting pt 3 Crypt against AVs

    […] Introducing IDA Pro: Static Analyzing […]

  5. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting Part 4

    […] Introducing IDA Pro: Static Analyzing […]

  6. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Infected Machine? Create a memory dump

    […] Introducing IDA Pro: Static Analyzing […]

  7. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood You have pictures of your face on the internet right?

    […] Introducing IDA Pro: Static Analyzing […]

  8. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know BE: think ur drive is really wiped?

    […] Introducing IDA Pro: Static Analyzing […]

  9. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the Blackhats don’t want you to know series

    […] Introducing IDA Pro: Static Analyzing […]