Reverse Engineering - Tools-Part 1

  1. OllyDbg


OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. 

Special highlights are: 

  • Intuitive user interface, no cryptical commands
    • Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
    • Directly loads and debugs DLLs
    • Object file scanning - locates routines from object files and libraries
    • Allows for user-defined labels, comments and function descriptions
    • Understands debugging information in Borland® format
    • Saves patches between sessions, writes them back to executable file and updates fixups
    • Open architecture - many third-party plugins are available
    • No installation - no trash in registry or system directories
      • Debugs multithread applications
      • Attaches to running programs
      • Configurable disassembler, supports both MASM and IDEAL formats
      • MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
      • Full UNICODE support
      • Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
      • Recognizes complex code constructs, like call to jump to procedure
      • Decodes calls to more than 1900 standard API and 400 C functions
      • Gives context-sensitive help on API functions from external help file
      • Sets conditional, logging, memory and hardware breakpoints
      • Traces program execution, logs arguments of known functions
      • Shows fixups
      • Dynamically traces stack frames
      • Searches for imprecise commands and masked binary sequences
      • Searches whole allocated memory
      • Finds references to constant or address range
      • Examines and modifies memory, sets breakpoints and pauses program on-the-fly
      • Assembles commands into the shortest binary form
      • Starts from the floppy disk
    You can download it from here.(Windows)
    OllyDbg download

    reverse engineering tool-OllyDbg

    Linux users type the following command:
    sudo apt-get install ollydbg
    Reverse Engineering - ollydbg installing
    Reverse Engineering-Ollybg installing

    reverse engineering tools

    2.dex2jar
    This is an application that helps convert APK file (android) to JAR file in order to view the source code. To use it, open the terminal and write ”d2j-dex2jar –d /file location”.

    To install, enter the following command:
    sudo apt-get install dex2jar
    reverse engineering tools dex2jar
    Then it will appear in the application menu.
    reverse engineering tools dex2jar


    Options available in dex2jar:
    reverse engineering tools dex2jar
    Here I'm successfully converted a apk file to jar file
    d2j-dex2jar -d /home/javadmv/Downloads/jtechsinfo.apk
    reverse engineering tools d2j

    reverse engineering tools d2j

    3. jd-gui

    JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code. In this case, we can reconstruct the file that we extracted from the dex2jar tool.

    To launch it, open the terminal and write “jd-gui” and the following view will open.

    To import the file, click the open folder Open Folder icon on the left upper corner and then import the file.

    To install enter the following command:

    sudo apt-get install jd-gui
    reverse engineering tools jd-gui
    Now we can open java class file from the jar file we are converted using dex2jar .
    reverse engineering tools jd-gui
    reverse engineering tools jd-gui
    by