reverse engineering

Skill

Static and dynamic reverse engineering — ELF/PE analysis, custom-VM bytecode, packed binaries, anti-debug bypass, Frida hooking.

Files26
  • @skills/reverse-engineering/SKILL.md
  • @skills/reverse-engineering/reference/INDEX.md
  • @skills/reverse-engineering/reference/custom-vm-bytecode.md
  • @skills/reverse-engineering/reference/reverse-engineering-principles.md
  • @skills/reverse-engineering/reference/scenarios/anti-debug/int3-detection-bypass.md
  • @skills/reverse-engineering/reference/scenarios/anti-debug/isdebuggerpresent-bypass.md
  • @skills/reverse-engineering/reference/scenarios/anti-debug/ptrace-bypass.md
  • @skills/reverse-engineering/reference/scenarios/anti-debug/timing-checks-bypass.md
  • @skills/reverse-engineering/reference/scenarios/custom-vm/bytecode-disassembly.md
  • @skills/reverse-engineering/reference/scenarios/dynamic-analysis/frida-hooking.md
  • @skills/reverse-engineering/reference/scenarios/dynamic-analysis/gdb-scripting.md
  • @skills/reverse-engineering/reference/scenarios/dynamic-analysis/ltrace-strace.md
  • @skills/reverse-engineering/reference/scenarios/firmware/esp32-xtensa-flash-dump.md
  • @skills/reverse-engineering/reference/scenarios/kernel/kernel-rootkit-module.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/callfuscation.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/d-fiber-callfuscation.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/hash-dispatcher-chain.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/mba-deobfuscation.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/packed-binaries.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/python-bytecode-payload.md
  • @skills/reverse-engineering/reference/scenarios/obfuscation/string-obfuscation.md
  • @skills/reverse-engineering/reference/scenarios/static-analysis/disassembly-recipe.md
  • @skills/reverse-engineering/reference/scenarios/static-analysis/elf-analysis.md
  • @skills/reverse-engineering/reference/scenarios/static-analysis/pe-analysis.md
  • @skills/reverse-engineering/reference/scenarios/static-analysis/string-extraction.md
  • @skills/reverse-engineering/reference/scenarios/static-analysis/unity-il2cpp-recipe.md

Reverse Engineering

Scope

Reverse engineering compiled binaries (ELF, PE, Mach-O) and bytecode artifacts to recover algorithms, validate inputs, or build static solvers. Focused on the recurring CTF / malware-analysis pattern of a host binary that loads a "program" file under a custom ISA — recognising the dispatcher loop, mapping opcodes to Python lambdas, and inverting the transformation chain in pure Python without executing the host. Also covers callfuscation (control-flow chunking), MBA (mixed boolean-arithmetic) operator obfuscation, encrypted-handler tricks, and three-layer deobfuscation pipelines.

When to use

  • A binary plus a "program data" file are delivered together and the binary appears to be an interpreter (themed opcode names, dispatcher switch / jump table).
  • Disassembly reveals a while(true){ op = mem[pc++]; switch(op){...}; } style loop or jump-table indexed by opcode.
  • The binary is heavily obfuscated (callfuscation, MBA wrappers, encrypted handlers in .data decrypted to RWX at startup).
  • You need to recover an algorithm or check function from native code without dynamic execution (anti-debug, wrong arch, no TTY).
  • Static-first reverse engineering is preferred (faster, more reliable than emulator chains).

References

  • reference/custom-vm-bytecode.md [blocked] — recognising and inverting custom stack/register/tape VMs; callfuscation linearization; MBA operator identification; encrypted-handler decryption.
reverse-engineering — Kortix Marketplace | Kortix