Last
updated: 5/6/2015
- General
Information
- CS 266 - Topics in
Information Security - Software Reverse Engineering (SRE)
- Department of
Computer Science
- San Jose State
University
- Spring 2015,
Section 02
- SCI 311, Mon/Wed
8:00pm - 9:15pm
- Instructor
Information
- Name: Teodoro
(Ted) Cipresso
- Office: DH 282
- Office Hours:
Mon/Wed 7:00pm - 7:45pm
- Phone: TBD
- E-mail: teodoro.cipresso@sjsu.edu
- Please include
"CS266" in the subject line of your messages.
- I will try to
respond to your mail as soon as I can.
- Who am I?
- Course Overview
and Description
- The course will
introduce the uses of Software Reverse Engineering (SRE) in
both software development and software security. Learning
SRE is best accomplished by running through scenarios that
contain one or more concrete reversing objectives. Since SRE
is highly dependent on adequate tools, one needs to be able
to identify (or develop) suitable reversing tools for each
reversing objective. To that end, the course identifies the
type of SRE tools that are available and how they can be
used to reverse both Java bytecode and machine (native)
code.
- Prerequisites:
- CS 166 (with a
grade of "C-" or better) or instructor consent.
- A laptop with
Microsoft Windows installed (VirtualBox or VMWare are
OK).
- You must bring
your laptop with you to
every class.
- Familiarity (or a
willingness to learn) the following concepts &
technologies:
- Intel x86
Architecture & Assembly Language
- A high-level
compiled language (C/C++) and corresponding compiler and
run-time.
- The Java
language and the Java Virtual Machine (JVM)
- Compiled versus
interpreted languages (intermediate code versus machine
code).
- The different
types of Malware and their defining characteristics.
- Required
materials:
- "Software reverse
engineering education", Cipresso, Teodoro.
- Covert Java: Techniques for
Decompiling, Patching, and Reverse Engineering, Kalinovsky,
Alex. (out
of print)
- The Java® Virtual
Machine Specification, Java SE 7 Edition, Oracle Corporation
- A Tiny Guide to
Programming in 32-bit x86 Assembly Language, Ferrari, Adam.
- Assembly Language
Workbook, Irvine Kip R.
- An Introduction to
GCC, for the GNU Compilers gcc and g++
- Introduction to
Intel x86 Assembly, Architecture, Applications, &
Alliteration
- Reversing tools for
Windows (some may work on other platforms):
- MinGW - A native
Windows port of the GNU Compiler Collection (GCC)
- WinDbg. From A to
Z.
- theZoo aka Malware
DB
- Intro to
Segmentation Fault Handling in Linux
- Discoverer:
Automatic Protocol Reverse Engineering from Network Traces
- Chaos Computer Club (c3)
- 30c3: Virtually
Impossible The Reality of Virtualization Security
- Defcon 22
(2014)
- Approximate
Schedule (we may not get to everything):
- Introduction (1
weeks)
- Reverse Engineering in
Software Development
- Reverse Engineering in
Software Security
- Slides: 1_introduction.pdf
- Reversing and Patching Java
Bytecode (2 weeks)
- Applying Anti-Reversing
Techniques to Java Bytecode (2 weeks)
- Eliminating Symbolic
Information in Java Bytecode
- Preventing Decompilation of
Java Bytecode
- Java Bytecode Code
Anti-Reversing Exercise
- Slides: 3_antireversing_java_bytecode.pdf
- Reversing and Patching
Wintel Machine Code (2 weeks)
- Applying Anti-Reversing
Techniques to Wintel Machine Code (2 weeks)
- Eliminating Symbolic
Information in Wintel Machine Code
- Basic Obfuscation of Wintel
Machine Code
- Protecting Source Code
Through Obfuscation
- Advanced
Obfuscation of Machine Code
- Machine Code Anti-Reversing
Exercise
- Slides: 5_antireversing_machine_code.pdf
- Reengineering and Reuse of
Legacy Software Applications (2 weeks)
- Identifying, Monitoring, and
Reporting Malware (2 weeks)
- Reversing and Patching .NET
Intermediate Language IL (2 weeks)
- Student Learning
Objectives: After completing this course you should be
knowledgeable of the main software reverse engineering usage
scenarios in both software development and software
security. In addition, you will become familiar with
several free or open-source SRE-related tools.
- Grading:
- Homework/Exercises/Quizzes/Class
Participation: 25%
- SRE Project: 50%
- You will work
throughout the semester on an SRE project.
- You may work
independently or in groups of 2.
- Project
ideas we discussed in class.
- Project
proposals are due no later than Wednesday, March 4th.
- Your proposal
must be at least one page and include the following
sections:
- 1. Project
Overview
- What are
you (or your team) going to do and
how do you hope to accomplish it?
- 2. Project Team
Members
- Who is
working on the project?
- 3. Project
Milestones and Dates
- Divide the
work into manageable tasks
and set dates for their
completion.
- 4. Project
Deliverables
- What will
you (or your team) ultimately turn in?
- Final: 25%
- Nominal Grading
Scale:
-
Percentage |
Grade |
92 and
above |
A |
90 - 91 |
A- |
88 - 89 |
B+ |
82 - 87 |
B |
80 - 81 |
B- |
78 - 79 |
C+ |
72 - 77 |
C |
70 - 71 |
C- |
68 - 69 |
D+ |
62 - 67 |
D |
60 - 61 |
D- |
59 and
below |
F |
- Homework:
Homework is due by class starting time on the due date. Each
assignment requires a solution and an explanation (or work)
detailing how you arrived at your solution. Cite any outside
sources used to solve a problem. When grading an assignment, I
may ask for additional information. Submit homework files as a
zip file using Canvas.
- Assignment 01:
Due: Wednesday, February 4th.
- Write at least
one page (~250 words) summarizing key points from Readings
1,2,3 below.
- Reading 1: Why
Teach Reverse Engineering?
- Reading 2:
Practical Legal Aspects of Software Reverse Engineering
- Reading 3: New
Frontiers of Reverse Engineering
- Assignment 02:
Due: Tuesday, February 24th.
- Covert Java book: Read chapters
2, 3, 5 and experiment with the code in each chapter.
- Turn in answers
to the Quick Quizzes at the end of each chapter.
- Turn in screen
captures (minimum of 3) as evidence of your
experimentation.
- Don't hesitate
to use one or more of the reversing tools.
- Use this version of Zelix
- Use this chat application
(jMessenger.jar instead of chat.jar) if Zelix gives you
trouble.
- Assignment 03:
Due: Tuesday, March 10th.
- Reverse and
patch the machine code of the Password Vault Trial application using
OllyDbg (V1 recommended): odbgV1andV2.zip
- Create a new
version of the application that allows an unlimited
number of password records.
- Use the
step-by-step walk-through that begins on slide 19 of
these lecture slides: 4_reversing_machine_code.pdf
- Turn in the
patched executable (zipped up).
- Create a new
version of the application that does not allow users to
edit password records.
- Disable menu
option "(3) Edit a Password Record."
- Have the
program just display the menu again, ignoring any
option 3 logic.
- Turn in the
patched executable (zipped up).
- Assignment 04:
Due: Wednesday, April 8th
- Assignment 05:
Due: Wednesday, April 15th
- Assignment 06:
Due:
- Assignment 07:
Due:
- Wireless laptop
is required.
Your laptop must remain closed (preferably in your backpack
and, in any case, not on your desk) until I inform you that it
is needed for a particular activity.
- Cheating will not be
tolerated, but working together is encouraged.
- Students must be
respectful of the instructor and of other students.
- Valid picture ID
required at all times.
- The last day to drop
is Tuesday, February 3, and the last day
to add is Tuesday, September 10.
- University
Policies
- Academic
integrity
Your commitment as a student to learning is evidenced by
your enrollment at San Jose State University. The
University's Academic Integrity policy, located at http://www.sjsu.edu/senate/S07-2.htm,
requires you to be honest in all your academic course
work. Faculty members are required to report all
infractions to the office of Student Conduct and Ethical
Development. The Student Conduct and Ethical Development
website is available at http://www.sa.sjsu.edu/judicial_affairs/index.html.
Instances of academic dishonesty will not be tolerated.
Cheating on exams or plagiarism (presenting the work of
another as your own, or the use of another person's ideas
without giving proper credit) will result in a failing
grade and sanctions by the University. For this class, all
assignments are to be completed by the individual student
unless otherwise specified. If you would like to include
your assignment or any material you have submitted, or
plan to submit for another class, please note that SJSU's
Academic Policy S07-2 requires approval of instructors.
- Campus Policy
in Compliance with the American Disabilities Act
If you need course adaptations or accommodations because
of a disability, or if you need to make special
arrangements in case the building must be evacuated,
please make an appointment with me as soon as possible, or
see me during office hours. Presidential Directive 97-03
requires that students with disabilities requesting
accommodations must register with the Disability Resource
Center (DRC) at http://www.drc.sjsu.edu/ to establish
a record of their disability.
End
of Document