TryHackme’s Advent of Cyber 2024 — Day 21 Writeup

Day 21 : HELP ME…I’m REVERSE ENGINEERING!

Learning Objectives

Understanding the structure of a binary file

The difference between Disassembly vs Decompiling

Familiarity with multi-stage binaries

Practically reversing a multi-stage binary

Overview: The TryHackMe Advent of Cyber 2021 Challenge is a free, month-long cybersecurity learning event with significant prizes.

Challenge Focus: Participants engage in reverse engineering a binary file.

Fundamentals of Reverse Engineering

Reverse Engineering Basics:

• Disassemblers: Convert machine code to assembly (one-to-one mapping).
• Decompilers: Reconstruct high-level code (e.g., C/C++) from assembly but may introduce inaccuracies.

Example Analysis:

• A simple C application is used to show outputs from both tools, with decompilers being more human-readable despite potential imprecisions.

Understanding the Portable Executable (PE) Format

PE Structure:

• .text: Contains executable…