Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-07-2024, 11:53 AM
|
#1
|
Member
Registered: Jan 2011
Posts: 335
Rep:
|
Learning Assembly for Reverse Engineering
I'm currently a php developer but, as a hobby I am interested in revers engineering software, games in particular. When and were possible I would like to be able to bring some older game title from their original OS requirements to run natively on Linux (I realize that many/most times this will be too large an endeavor) or help to run via Wine when the first options is impossible or impractical. And in general, just be able to change something that I wish were different in the game.
After doing a little research I have learned that knowledge of assembly will be about impossible to get around. Any ideas on how/where to start? I found these two courses but I'm concerned that I wont be able to follow along, I know at least one of them requires the student to be using windows, and I wouldn't be surprised if that wasn't the case for both of them.
https://www.udemy.com/course/assembl...e=24T5MT100724
&
https://www.udemy.com/course/x64-ass...e=24T5MT100724
|
|
|
10-07-2024, 12:52 PM
|
#2
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,958
|
When I started assembly language the 8080 was the "latest and greatest" processor.
I might suggest taking a class, but meanwhile
https://dev.to/amritoo/a-beginners-g...g-emu8086-2k75
https://www.baeldung.com/linux/assembly-compile-run
and
https://github.com/mschwartz/assembly-tutorial
Come up early. It might help to have a reference to the object codes and registers as well.
Once you are comfortable with that, you may need to relearn for the X86_64 family if you will be examining 64-bit software.
Also, be careful what software you target. Many games are protected by licensing and IP law, and reverse engineering is legally restricted behavior and could land you in court. If you reverse one of those for your own purposes, NEVER LET ANYONE KNOW! Not even your dog and CERTAINLY not ME!!!
|
|
2 members found this post helpful.
|
10-07-2024, 12:58 PM
|
#3
|
Member
Registered: Jan 2011
Posts: 335
Original Poster
Rep:
|
Quote:
Originally Posted by wpeckham
Also, be careful what software you target. Many games are protected by licensing and IP law, and reverse engineering is legally restricted behavior and could land you in court. If you reverse one of those for your own purposes, NEVER LET ANYONE KNOW! Not even your dog and CERTAINLY not ME!!!
|
Thanks!
If I did reverse engineer a game, if it were to be something legally protected then it would only be for my own consumption, and I would already own the game too, would just be getting it to work Linux rather than Windows 7 and prior versions, or maybe SNES. If it's not legally protected, well then I would of course want to share my solution.
|
|
|
10-07-2024, 03:09 PM
|
#4
|
LQ Guru
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,022
|
The hardware datasheet of any cpu should give you a table of Assembler mnemonics <--> machine code.
It's practical to work on small, old things. I'm someone who learned 8080/Z80/8085 Assembler back in the day, and never learned much else. I hacked some Dos project together back in the 1990s also. I wrote microcontroller software in Assembler also. Assembler is fine for statically linked code, and micro controllers. Some Assembler routines can be called with all the data or pointers already in position.
These days, however, there's nothing simple. Everything is indirectly addressed by pointers because of hackers. Code is position independent. Dynamically linked code will call functions in libraries. Now you may be up for the challenges involved, but I certainly would not be. Notice the lack of any compiled language --> Source code translator programs. You could look at Menuet OS, which is a linux OS in Assembler, and dip your toe in the water with that.
Last edited by business_kid; 10-07-2024 at 03:16 PM.
|
|
1 members found this post helpful.
|
10-07-2024, 07:25 PM
|
#5
|
LQ Guru
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,347
|
Quote:
And in general, just be able to change something that I wish were different in the game.
|
Depending on the change, this might be possible to do with a hex editor.
|
|
1 members found this post helpful.
|
10-08-2024, 05:03 AM
|
#6
|
LQ Guru
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,022
|
The thing that turned me off Assembler was the headaches. You achieve nothing until you have the machine in your head, I found. You can of course ignore things you don't talk to, but everything you do talk to has to be in your head, or on paper. Then you can motor along. I had designed a micro controller circuit, but it took me weeks to get into the 'machine' mode. I was doing other stuff as well as needed. Then I got the program written in short order. I couldn't make progress referring to paper.
Reverse engineering is actually easier until you come to addresses or libraries. With all this indirect addressing going on, finding out what you are calling promises to be a nightmare. And all executables are position independent... I don't envy you.
|
|
1 members found this post helpful.
|
10-08-2024, 06:07 AM
|
#7
|
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 23,009
|
probably you can start here: https://www.sim8085.com/
https://play.google.com/store/apps/d...or&hl=en&pli=1
I started with something like this: http://www.kitektechnologies.com/images/prod/mp1.pdf
When you are ready to continue, you can move to pentium and more advanced cpus in the family.
Or you can try different cpu/architecture too, if you wish (like commodore 64 and 6502)
Reverse engineering a game written for the C64 would be relatively easy, but for a modern CPU/computer it's much more complicated.
|
|
2 members found this post helpful.
|
10-08-2024, 03:25 PM
|
#8
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,958
|
Quote:
Originally Posted by pan64
|
The more simple the processor the easier to build an assembler for it, and the easier to reverse. The more complicated the processor the more difficult your project. (Working on CP/M for 8080/Z80 processors was FUN.Still not trivial in any absolute sense.) The 6510 was a great processor, more efficient than the Intel lines of processors in many ways.
Better if you can get the original sources, and translate to a modern language and compiler.
|
|
1 members found this post helpful.
|
10-08-2024, 06:03 PM
|
#9
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,933
|
So far as I am aware, "nobody uses assembler anymore." And, modern CPUs are specifically designed to accept "compiler output." The manufacturers of the chips usually provide their own compilers, and instruct other projects (particularly gcc) on what instruction-sequences to use.
The most easily-accessible place where you see "assembler" is in the /arch subdirectories of the Linux source code. But, kindly observe that it is minimal. It is exactly what is necessary to implement "very low-level functions" on a particular CPU.
Frankly, I doubt that you will actually need to "dabble in assembler" in order to carry out your intended project.
|
|
1 members found this post helpful.
|
10-08-2024, 06:27 PM
|
#10
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,958
|
Quote:
Originally Posted by sundialsvcs
So far as I am aware, "nobody uses assembler anymore." And, modern CPUs are specifically designed to accept "compiler output." The manufacturers of the chips usually provide their own compilers, and instruct other projects (particularly gcc) on what instruction-sequences to use....
|
Cute. Wrong, but cute.
KolibriOS is one of several operating systems entirely coded in assembler. Several device drivers for multiple types of hardware are primarily assembler. Much of the embedded software for certain kinds of industrial and minimal devices are entirely assembler. Just because YOU do not use assembler does not mean "nobody does".
Virtually everyone who has to reverse engineer software without access to the original source, and that does happen in government and business software at times, will need to examine to code directly and work back from the machine code to assembler equivalent and deduce or reconstruct as much as possible of the original.
Starting from 1988 Steve Gibbson (See grc.com ) built hard drive utilities for DOS and Windows in assembler! (See SPINRITE) The latest can be used to speed up older SSD storage. He used to have pages about how he did it and what tools he used with download links (He worked in MSASM early on). I do not know if those are still available. The last time I linked up with him was around 2010 I think. He also had a bunch of interesting projects to share (in asm of course). You might want to check out his sites.
Last edited by wpeckham; 10-08-2024 at 06:33 PM.
|
|
|
10-09-2024, 07:25 PM
|
#11
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,933
|
Well, I worked for several years with a mainframe operating system (IBM's VM/SP and VM/HPO and VM/XA), which was for a time "coded entirely in assembler." Gradually, though, IBM began to use their own internal compiler. And, initially, they refused to release that compiler nor the source-code to any of the modules compiled with it. (I believe that this has since changed.)
But, I daresay that systems like "kalibriOS" are edge cases. While you can certainly continue to write in "assembler," a good compiler will write better code than you can – and the rest can be handled with asm { ... } blocks. Witness what was done with the original Unix®. They wrote a brand-new language, "C," in order to write their brand-new operating system mostly in it. Even one of the seminal microcomputer operating systems, CP/M, was written in a high-level language of the author's own devising.
|
|
1 members found this post helpful.
|
10-09-2024, 10:35 PM
|
#12
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,958
|
ALL of the most interesting things are "edge cases". And no, a good coder can code better solutions in assembler than a compiler can create. Most projects do not justify that degree of control, but enough do so there is always work for "that guy"!
High speed shipping lines, for example, have to read a package code, do a database lookup, and decide to trigger a robot boot (or not) to direct the package in 256 ms and on minimal hardware. Guess what they code in. Hello USPS, UPS, FedEx, DHL, etc.
|
|
1 members found this post helpful.
|
10-13-2024, 03:03 PM
|
#13
|
LQ Guru
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,347
|
@Sundialsvcs: OP is not talking about writing assembly code. OP is talking about reading it (from disassembled binaries). And reverse engineering is a field where this is still done.
If you're trying to get a program to work with WINE, then you would be working with binaries for which you do not have the source.
Last edited by dugan; 10-13-2024 at 03:40 PM.
|
|
|
10-13-2024, 04:06 PM
|
#14
|
Senior Member
Registered: Dec 2010
Location: California, USA
Distribution: I run my own OS
Posts: 1,038
|
I disassembled one of my earliest Z-80 binaries, Monitor 3, mainly because I wrote the source code on paper and assembled it by hand.
Disassembled code is hard to understand because it lacks symbols and comments. This is not the way to learn assembly language. I added enough symbols to make the code somewhat readable. I succeeded only because the program was tiny.
Ed
|
|
|
10-13-2024, 05:16 PM
|
#15
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,958
|
Quote:
Originally Posted by dugan
@Sundialsvcs: OP is not talking about writing assembly code. OP is talking about reading it (from disassembled binaries). And reverse engineering is a field where this is still done.
If you're trying to get a program to work with WINE, then you would be working with binaries for which you do not have the source.
|
If you can read and understand machine code without learning to assemble machine code, you might be the firt one in history.
And if your application was compiled, you will also need to learn (or deduce) some of the structures created by the compiler used on that project. Reverse engineering is not something you learn in a weekend, it is a journey.
|
|
|
All times are GMT -5. The time now is 08:14 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|