Reverse-Engineering | FREE comprehensive reverse engineering tutorial | Cybersecurity library

This thread should be the ending chapter for this first thread from 2014 and this second one from 2017.

To cut the story short, you simply need to know that the Microsoft Windows SDK includes a program called computerhardwareids.exe, which, as its name suggests, it generates (several) hardware identifiers for the computer, and I would like to replicate the CHID algorithm using .NET to generate the same identifiers as this program generates.

The list of CHIDS that this program can generate on Windows 10, which is the O.S that I'm using, is listed here:

1. HardwareID-0 Manufacturer + Family + Product Name + SKU Number + BIOS Vendor + BIOS Version + BIOS Major Release + BIOS Minor Release
2. HardwareID-1 Manufacturer + Family + Product Name + BIOS Vendor + BIOS Version + BIOS Major Release + BIOS Minor Release
3. HardwareID-2 Manufacturer + Product Name + BIOS Vendor + BIOS Version + BIOS Major Release + BIOS Minor Release
4. HardwareID-3 Manufacturer + Family + Product Name + SKU Number + Baseboard Manufacturer + Baseboard Product
5. HardwareID-4 Manufacturer + Family + Product Name + SKU Number
6. HardwareID-5 Manufacturer + Family + Product Name
7. HardwareID-6 Manufacturer + SKU Number + Baseboard Manufacturer + Baseboard Product
8. HardwareID-7 Manufacturer + SKU Number
9. HardwareID-8 Manufacturer + Product Name + Baseboard Manufacturer + Baseboard Product
10. HardwareID-9 Manufacturer + Product Name
11. HardwareID-10 Manufacturer + Family + Baseboard Manufacturer + Baseboard Product
12. HardwareID-11 Manufacturer + Family
13. HardwareID-12 Manufacturer + Enclosure Type
14. HardwareID-13 Manufacturer + Baseboard Manufacturer + Baseboard Product
15. HardwareID-14 Manufacturer

I managed to replicate all hardware ids except: 0, 1, 2 and 12

I found that these four problematic identifiers have in common that they are the only which contains numeric values to append to the string with which to generate the UUID. See the table in this link or read this list:

• Name | Length | Type

• System BIOS Major Release | BYTE |Varies

• System BIOS Minor Release | BYTE | Varies

• Enclosure type | BYTE | Varies

I think this is a clear sign that I don't know how to treat those numerical values when building the string with which to generate the UUID.

I don't know in which WMI class to find the Enclosure Type value, but it doesn't matter because I really don't care about replicating the HardwareID-12 / Enclosure Type value, but I would like to be able replicate the HardwareID-0, HardwareID-1 and HardwareID-2

I already know from which WMI class to get the BIOS major and minor release version for HardwareID-0, HardwareID-1 and HardwareID-2, but the problem is that when I append those BIOS values to the string with which to generate the UUID, I end getting a totally different UUID from what computerhardwareids.exe generates.

My questions are:

• What I need to do to replicate the same exact generated UUID for HardwareID-0, HardwareID-1 and HardwareID-2?.

• Maybe I need to treat those numerical values in a special way, applying some format that I don't know when appending them to the string with which to generate the UUID?.

Please note that I DON'T have experience in reverse-engineering.

This is the code I'm using, written in VB.NET. At its current state I consider it a working solution that replicates (or it should replicate) the same computer hardware ids as computerhardwareids.exe program generate, except hardware ids 0, 1, 2 and 12 for the reasons that I have explained.

1. Computer hardware id type enumeration

   ...

I am trying to translate this code from C# to PowerShell

Last week, I signed up for a reverse-engineering coding competition. The rules stated "All input and output to the program must be through the standard streams (stdin and stdout, respectively")." Upon reading that, I looked up their official practice test and started writing my code. I encountered many roadblocks because I was unfamiliar with the sys.stdin.read and sys.stdout.write functions. Then last night while I was researching ways to make my code better, I stumbled upon a coding blog stating the input() function is in fact a form of stdin. I looked around even more on the internet and came across a separate blog from another company that said relatively the same thing. So... is this true? Is input() and print() a form of stdin and stdout I can use for my competition?

According to matplotlib's colormap documentation, the lightness values of their default colormaps are not constant. However, I would like to create a colormap from the HSL color space that has a constant lightness. How can I do that?

I get that generally, it's not that hard to create your own colormaps, but I don't know how to do this while satisfying the lightness criterion. Maybe this can be done by reverse-engineering the code from the colormap documentation?

I think I found a way to do that, based on this post. First of all, working in the HSL color space turned out to be not the best idea for my overal goal, so I switched to HSV instead. With that, I can load the preferred colormap from matplotlib, create a set of RGB colors from it, transform them into HSV, set their color value constant, transform them back into RGB and finally create a colormap from them again (which I can then use for a 2d histogram e.g.).

I need a colormap in HSV with a constant color value because then I can uniquely map colors to the RGB space from the pallet that is spanned by hue and saturation. This in turn would allow me to create a 2d histogram where I could color-code both the counts (via the saturation) and a third variable (via the hue).

In the MWE below for example (slightly changed from here), with a colormap with constant color value, in each bin I could use the saturation to indicate the number of counts (e.g. the lighter the color, the lower the number), and use the hue to indicate the the average z value. This would allow me to essentially combine the two plots below into one. (There is also this tutorial on adding alpha values to a 2d histogram, but this wouldn't work in this case I think.)

Currently, you still need both plots to get the full picture, because without the histogram for example, you wouldn't be able to tell how significant a certain z value in a bin might be, as the same color is used independently of how many data points contributed to it (so judging by the color, a bin with only one data point might look just as significant as a bin with the same color but that contains many more data points; thus there is a bias in favor of outliers).

I have a Linux firmware for the MIPS architecture. Would it be possible to load up a firmware image like this in VMWare? I am trying to get into reverse-engineering, but have hit a wall. Here is the binwalk output:

I need to generate a repeatable pseudo-random number that is dependent on the current time and a server secret. For example, this mechanism should generate a new pseudo-random number every minute. The next minute's random number should not be easily predictable.

Furthermore, I need to solve this in a stateless fashion (e.g., without storing a generated value in a database). It is possible that a server node might be asked to create such a number multiple times within the same minute, and it needs to generate the same number each time. Also, multiple server nodes (with the same server secret) need to generate the same number within a given time frame. The purpose of all this is not related to solving a security problem (e.g. a token generator), so it's not strictly necessary to use cryptographically secure PRNGs.

Linear-congruential PRNGs produce repeatable series of numbers when initialized with the same seed, so I could seed the PRNG with the combination of time and server secret and get the first random number it produces to meet my criteria. However, this type of PRNG typically uses a simple formula of next = (current * multiplier + offset) & mask, and, given a few known times and corresponding random numbers, it seems like it would be not all that hard to figure out the server secret (and then predict all future numbers in advance).

To make this sort of reverse engineering harder, I pull and discard a fixed number (e.g., 1000) of values from the freshly seeded PRNG before I get the "real" random number that I use. My thinking is that reverse-engineering 1000 cycles of next = (current * multiplier + offset) & mask would be significantly more difficult that reverse-engineering just a single cycle.

I am wondering if my thinking here is even correct. Is it true that figuring out a linear-congruential PRNG's seed is more difficult based on the 1000th value after seeding than it is for the first value of a freshly seeded generator? If so, how many iterations are sufficient before it stops increasing the difficulty?

If I'm completely off here, what are some better alternatives that fulfill the above stated criteria (repeatability, statelessness)?

I'm trying to write assembly to access pci configuration space.

what I'm trying to do is basically what this article does.

https://sites.google.com/site/pinczakko/pinczakko-s-guide-to-award-bios-reverse-engineering

my question is, because I'm trying to do this in real mode, and pci configuration has to be accessed by 32 bits data... can I do this in real mode? the register like eax is accessible in real mode? or do I need to move to protected mode to do this?

In the code below I mix various flavors of icecream together (chocolate, strawberry, vanilla, & neapolitan) in order to produce a new, never-before-seen flavor of icecream.*

A flavor is represented by an array where the first element is simply a string, the name of the flavor.

The second element is a number from 0 to 100 representing the vanilla component, the third the chocolate component, and the fourth the strawberry component.

Mixing is performed by averaging all the input flavors (arrays) together.

After mixing, I attempt to determine which flavor the new mixture is most similar to. This is done by taking the sum of the absolute difference of the mystery icecream and known flavors. The smaller the sum, the smaller the difference and greater the similarity.

In this specific example, the mixture is 6 parts strawberry icream and 1 part of each of the other flavors. Predictably, the strawberry is calculated to be the most similar, followed by neapolitan, because it is itself a mixture.

This is a good ways towards reverse-engineering the mixture, but I want to go further. I want to determine the precise proportions of each flavor that went into the mixture.

In this example it would be as stated above: 6 strawberry, 1 vanilla, 1 chocolate, 1 neapolitan.

Of course, there may be many (infinite?) ways to come up with a given mixture. But I am looking for the most parsimonious possibility.

For example, 1 part neopolitan plus 1 part strawberry is identical to 4 parts strawberry plus 3 parts of every other flavor. But the former is more parsimonious.

How would I go about predicting how a mixture was created?

I don't know what the technical term for this is.

I have a batch file as follows to clean my UE project.