Reverse engineering is not just about understanding how a program works; it's the art of discovering the vulnerabilities and operational principles of a system. While most developers only care about how software works at the source code level, a true system engineer must know how the compiler optimizes the code.
Why Should We Know Assembly?
Compilers perform numerous optimizations while translating our high-level code into machine language. Without understanding this layer, developing or analyzing secure software is almost impossible. How do the stack pointer (SP) and base pointer (BP) move in memory when a function is called? How are arguments placed in registers (RDI, RSI, RDX...)?
First Steps with Ghidra
Ghidra, open-sourced by the NSA, is an excellent tool for static analysis. When you load an .exe or .elf file into Ghidra, it not only disassembles the machine code but also provides a fantastic decompiler (converting code to a C-like language).
// An example of a simple password check mechanism resolved by Ghidra
int check_password(char* input) {
if (strcmp(input, "super_secret_key") == 0) {
return 1;
}
return 0;
}If we examine the code above at the Assembly level, we will see CMP and JNZ (Jump If Not Zero) instructions right before the strcmp call. In reverse engineering, manipulating the software is usually as simple as patching this "JNZ" instruction with a "JZ (Jump If Zero)".
Conclusion
Thinking at the system level transforms you from an ordinary programmer to a system architect. Understanding how memory is allocated and how the processor handles instructions should be in every software developer's repertoire.