• General Information
• CS 266 - Topics in Information Security - Software Reverse Engineering (SRE)
  
• Department of Computer Science
• San Jose State University
• Spring 2015, Section 02
• SCI 311, Mon/Wed 8:00pm - 9:15pm

• Instructor Information
• Name: Teodoro (Ted) Cipresso
• Office: DH 282
• Office Hours: Mon/Wed 7:00pm - 7:45pm
• Phone: TBD
  
• E-mail: teodoro.cipresso@sjsu.edu
• Please include "CS266" in the subject line of your messages.
• I will try to respond to your mail as soon as I can.
• Who am I?
  

• Course Overview and Description
• The course will introduce the uses of Software Reverse Engineering (SRE) in both software development and software security. Learning SRE is best accomplished by running through scenarios that contain one or more concrete reversing objectives. Since SRE is highly dependent on adequate tools, one needs to be able to identify (or develop) suitable reversing tools for each reversing objective. To that end, the course identifies the type of SRE tools that are available and how they can be used to reverse both Java bytecode and machine (native) code.

• Prerequisites:
  
• CS 166 (with a grade of "C-" or better) or instructor consent.
• A laptop with Microsoft Windows installed (VirtualBox or VMWare are OK).
• You must bring your laptop with you to every class.
• Familiarity (or a willingness to learn) the following concepts & technologies:
• Intel x86 Architecture & Assembly Language 
• A high-level compiled language (C/C++) and corresponding compiler and run-time.
• The Java language and the Java Virtual Machine (JVM)
  
• Compiled versus interpreted languages (intermediate code versus machine code).
• The different types of Malware and their defining characteristics.

• Required materials: 
  
• "Software reverse engineering education", Cipresso, Teodoro.
• http://scholarworks.sjsu.edu/etd_theses/3734/
• http://reversingproject.info/
  
• Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, Kalinovsky, Alex. (out of print)
• Book: covert_java_techniques_for_decompiling_patching_re.pdf
  
• Code: covert_java_code.zip
  
• The Java® Virtual Machine Specification, Java SE 7 Edition, Oracle Corporation
  
• http://docs.oracle.com/javase/specs/jvms/se7/html/
  
• https://docs.oracle.com/javase/specs/jvms/se7/jvms7.pdf
• A Tiny Guide to Programming in 32-bit x86 Assembly Language, Ferrari, Adam.
  
• Book: tiny_guide_to_x86_assembly.pdf
  
• Assembly Language Workbook, Irvine Kip R.
• Book: assembly_language_workbook.pdf
  
• An Introduction to GCC, for the GNU Compilers gcc and g++
• Book: an_introduction_to_gcc.pdf
• Introduction to Intel x86 Assembly, Architecture, Applications, & Alliteration
• Slides: IntroductionToIntelx86-Part1.pdf
• Code: IntroToAsm_code_for_class.zip
• Visual Studio C++ 2008 Express Installer
  
• Reversing tools for Windows (some may work on other platforms):
• Jclasslib (bytecode viewer)
• FrontEnd Plus (java bytecode decompiler)
• Jad (java bytecode decompiler)
• Fernflower (java bytecode decompiler)
  
• ProGuard (java bytecode obfuscator)
• SandMark (java bytecode obfuscator)
• RetroGuard (java bytecode obfuscator)
• OllyDbg (machine code debugger-disassembler)
  
• IdaPro (machine code debugger-disassembler)
  
• PEBrowse (machine code debugger-disassembler)
• Boomerang (machine code decompiler)
• Zelix Klassmaster (java bytecode obfuscator)
• COBF (source obfuscator)
  
• MinGW - A native Windows port of the GNU Compiler Collection (GCC)
  
• http://sourceforge.net/projects/mingw/
• WinDbg. From A to Z.
  
• WinDbg_A_to_Z_color.pdf
• Debugging over a virtual serial port
• Setting Up Kernel-Mode Debugging over a Serial Cable Manually
• Getting Started with WinDbg (Kernel-Mode)
• theZoo aka Malware DB
• Site: http://ytisf.github.io/theZoo/
• GitHub: https://github.com/ytisf/theZoo
• Intro to Segmentation Fault Handling in Linux
• introduction_segmentationfault_handling.pdf
• Discoverer: Automatic Protocol Reverse Engineering from Network Traces
  
• discoverer_automatic_protocol_reverse_engineering.pdf
• Chaos Computer Club (c3)
  
• 30c3: Virtually Impossible The Reality of Virtualization Security
• virtually_impossible_reality_virtualization_security.pdf
• virtually_impossible_reality_virtualization_security.mp4
• Defcon 22 (2014)
  
• Android Hacker Protection Level 0
  

• Approximate Schedule (we may not get to everything):
• Introduction (1 weeks) 
•  Reverse Engineering in Software Development
• Reverse Engineering in Software Security
• Slides: 1_introduction.pdf
  
• Reversing and Patching Java Bytecode (2 weeks)
• Decompiling and Disassembling Java Bytecode
• Java Bytecode Reversing and Patching Exercise
• Slides: 2_reversing_java_bytecode.pdz
• Applying Anti-Reversing Techniques to Java Bytecode (2 weeks)
• Eliminating Symbolic Information in Java Bytecode
• Preventing Decompilation of Java Bytecode
• Java Bytecode Code Anti-Reversing Exercise
• Slides: 3_antireversing_java_bytecode.pdf
  
• Reversing and Patching Wintel Machine Code (2 weeks)
• Decompilation and Disassembly of Machine Code
• Wintel Machine Code Reversing and Patching Exercise
• Slides: 4_reversing_machine_code.pdf
• Applying Anti-Reversing Techniques to Wintel Machine Code (2 weeks)
• Eliminating Symbolic Information in Wintel Machine Code
• Basic Obfuscation of Wintel Machine Code
• Protecting Source Code Through Obfuscation
• Advanced Obfuscation of Machine Code
• Machine Code Anti-Reversing Exercise
• Slides: 5_antireversing_machine_code.pdf
• Reengineering and Reuse of Legacy Software Applications (2 weeks)
• Introduction to Software Reengineering and Maintenance
• Legacy Software Reengineering and Reuse Exercise(s)
• Slides: 6_reengineering_reuse_legacy_software.pdf
  
• Identifying, Monitoring, and Reporting Malware (2 weeks)
• Introduction to the Different Types of Malware
• Malware Identification and Monitoring Exercise(s)
• Slides: 7_identifying_reporting_malware.pdf
• Reversing and Patching .NET Intermediate Language IL (2 weeks)
• Slides: 8_reversing_dot_net_intermediate_language.pdf
  

• Student Learning Objectives: After completing this course you should be knowledgeable of the main software reverse engineering usage scenarios in both software development and software security.  In addition, you will become familiar with several free or open-source SRE-related tools.

• Grading:
• Homework/Exercises/Quizzes/Class Participation: 25%
• SRE Project: 50%
• You will work throughout the semester on an SRE project.
  
• You may work independently or in groups of 2.
• Project ideas we discussed in class.
• Project proposals are due no later than Wednesday, March 4th.
• Your proposal must be at least one page and include the following sections:
  
• 1. Project Overview
• What are you (or your team) going to do and how do you hope to accomplish it?
  
• 2. Project Team Members
• Who is working on the project?
  
• 3. Project Milestones and Dates
• Divide the work into manageable tasks and set dates for their completion.
  
• 4. Project Deliverables
• What will you (or your team) ultimately turn in?
  
• Final: 25%
• Date & time: Monday, May 18, 7:45pm to 10:00pm.
  
• The official finals schedule is here: http://info.sjsu.edu/static/schedules/final-exam-schedule-fall.html.
• Nominal Grading Scale:

• Percentage	Grade
  92 and above	A
  90 - 91	A-
  88 - 89	B+
  82 - 87	B
  80 - 81	B-
  78 - 79	C+
  72 - 77	C
  70 - 71	C-
  68 - 69	D+
  62 - 67	D
  60 - 61	D-
  59 and below	F

• Homework: Homework is due by class starting time on the due date. Each assignment requires a solution and an explanation (or work) detailing how you arrived at your solution. Cite any outside sources used to solve a problem. When grading an assignment, I may ask for additional information. Submit homework files as a zip file using Canvas.
  

• Assignment 01: Due: Wednesday, February 4th.
  
• Write at least one page (~250 words) summarizing key points from Readings 1,2,3 below.
  
• Reading 1: Why Teach Reverse Engineering? 
• why_teach_reverse_engineering.pdf
  
• Reading 2: Practical Legal Aspects of Software Reverse Engineering
  
• practical_legal_aspects_of_software_reverse_engineering.pdf
  
• Reading 3: New Frontiers of Reverse Engineering
• new_frontiers_of_reverse_engineering.pdf
  
• Assignment 02: Due: Tuesday, February 24th.
  
• Covert Java book: Read chapters 2, 3, 5 and experiment with the code in each chapter.
  
• Turn in answers to the Quick Quizzes at the end of each chapter.
• Turn in screen captures (minimum of 3) as evidence of your experimentation.
• Don't hesitate to use one or more of the reversing tools.
• Use this version of Zelix
  
• Use this chat application (jMessenger.jar instead of chat.jar) if Zelix gives you trouble.
  
• Assignment 03: Due: Tuesday, March 10th.
• Reverse and patch the machine code of the Password Vault Trial application using OllyDbg (V1 recommended): odbgV1andV2.zip
  
• Create a new version of the application that allows an unlimited number of password records.
  
• Use this build of the Password Vault Trial application which allows only 3 password records: password_vault_cpp_trial3.zip
  
• Use the step-by-step walk-through that begins on slide 19 of these lecture slides: 4_reversing_machine_code.pdf
• Turn in the patched executable (zipped up).
  
• Create a new version of the application that does not allow users to edit password records.
• Disable menu option "(3) Edit a Password Record."
• Have the program just display the menu again, ignoring any option 3 logic.
• Turn in the patched executable (zipped up).
• Assignment 04: Due: Wednesday, April 8th
• Covert Java book: Read chapter 17.
  
• Turn in answers to the Quick Quiz at the end of the chapter 17.
• Write a program that uses the Apache Commons Byte Code Engineering Library (BCEL) to modify or create a working, runnable .class file.
  
• Turn in your program that modifies or creates a .class file using BCEL APIs. 
  
• Assignment 05: Due: Wednesday, April 15th
• Complete and turn in Malware Lab 1.
  
• Assignment 06: Due:
• Assignment 07: Due:

• Keys to success: Do the homework and attend class

• Wireless laptop is required. Your laptop must remain closed (preferably in your backpack and, in any case, not on your desk) until I inform you that it is needed for a particular activity.
  
  
• Cheating will not be tolerated, but working together is encouraged.
  
  
• Students must be respectful of the instructor and of other students.

• Valid picture ID required at all times.
  
  
• The last day to drop is Tuesday, February 3, and the last day to add is Tuesday, September 10.
  

• University Policies 
  
  
  • Academic integrity
    
    Your commitment as a student to learning is evidenced by your enrollment at San Jose State University. The University's Academic Integrity policy, located at http://www.sjsu.edu/senate/S07-2.htm, requires you to be honest in all your academic course work. Faculty members are required to report all infractions to the office of Student Conduct and Ethical Development. The Student Conduct and Ethical Development website is available at http://www.sa.sjsu.edu/judicial_affairs/index.html. Instances of academic dishonesty will not be tolerated. Cheating on exams or plagiarism (presenting the work of another as your own, or the use of another person's ideas without giving proper credit) will result in a failing grade and sanctions by the University. For this class, all assignments are to be completed by the individual student unless otherwise specified. If you would like to include your assignment or any material you have submitted, or plan to submit for another class, please note that SJSU's Academic Policy S07-2 requires approval of instructors. 
    
    
  • Campus Policy in Compliance with the American Disabilities Act
    
    If you need course adaptations or accommodations because of a disability, or if you need to make special arrangements in case the building must be evacuated, please make an appointment with me as soon as possible, or see me during office hours. Presidential Directive 97-03 requires that students with disabilities requesting accommodations must register with the Disability Resource Center (DRC) at http://www.drc.sjsu.edu/ to establish a record of their disability.

End of Document