29 Apr 2015

How to learn Reverse Engineering

Every other days or two a new guy appears at Tuts4You asking "I want to learn Reverse Engineering, where do I start?".


There are lots of suggestions, eg. in this Reddit thread. One of the most common recommendation is to with Lena151's tutorials. And there's a good reason for that - these tutorials give a good overview of most common tasks, most common tools and provide "instant gratification". But do they actually teach you Reverse Engineering? I don't think so.

Why Lena151's tutorials are bad

Apparently I'm not the only one who thinks so:

I have been thinking about why this happens. Thinking back to myself, I started learning reverse engineering by reading the Lena151 tutorials. I thought they were awesome until Daeken told me that was an awful approach to learn reverse engineering.

At first I didn’t understand why they were so bad. After all, Lena’s tutorials had taught me how to crack my first software.

And that's exactly the problem. You managed to crack your first software. Instant gratification! But what did you actually learn? Run some common tools, find the "bad boy jump" and patch it? Wow! You must be so l33t!

In reality, these tutorials have produced entire generation of wanna-be-crackers who can only use ready-made tools, but are actually unable to think for themselves. For every problem they need a video tutorial. For every small obstacle they create a new topic asking for help.

And that's only half of the problem.

Video tutorials made by beginners are even worse

Albert Einstein once said:

The more I learn, the more I realize how much I don't know.

Beginners who watched Lena151's series don't realize that. They cracked their first program and they consider themselves to be reversers. And what's even worse, they try to spread their "knowledge" by making an incredible amount of incredibly crappy video "tutorials" to be watched by next generation of wannabes.

I've actually watched a 15 minute movie titled "How to unpack CryptoObfuscator". You know how? You drag-and-drop the file on de4dot. Yes, that simple. Yes, someone made 15 minute movie to teach you that.

So, what's the alternative?

ReverseWithMe blog suggests to learn:

  1. x86 assembly (electronics and wires in the car analogy)
  2. How operating systems work and how they manage memory (the engine of the car)
  3. The compiling process from C-code to assembly (this is equivalent to knowing how a car-fabric is assembling a car)
  4. The life of a binary (equivalent to everything that happens in the car from the key-switch to the off-switch)

I don't think this is the correct approach either.

It's like learning a foreign language by reading a dictionary. Start with an "a", and once you finish with "z", you'll know all the words. Maybe. But you won't be able to make a proper sentence, let alone speak or understand a native speaker.

To put it into context: I've been reversing .NET executables for 10 years now. I've written unpackers for pretty much every .NET protection there is. And yet I still don't know IL assembly "by heart". Why? Because I don't need to. What's the mnemonic for "branch-if-equal"? Is it be, beq or bre? Does it pop one or two arguments from stack? I don't know. If I'll ever need that, the answer is one Google search away.

Yes, to be a great reverser, you will need to master most of those items. But you don't need to know all that at the start of your journey.

Gimme a solution, goddamit!

Well, start with Lena151's tutorials. Yes, I said they are not good, but that's the best there is. And if you follow few extra advices, you'll do just fine:

  • Learn to think for yourself. That's the most important part. Don't just blindly follow tutorials, try to understand why it works and how it works.
  • Learn to search. Most questions have already been answered, you just need to find the answer. Make sure Google is your friend!
  • Learn your tools. You don't need to know every single option and feature of them. Most people use ~10% of all Microsoft Excel features. Power Users use around 20%. It's the same with RE tools. If you've mastered 10% of Olly or IDA features, you're good to go.
  • And last but not least - have fun! Nothing kills your productivity faster than boredom. If the problem is too hard, let it go, try something else and come back to it later.

18 thoughts on “How to learn Reverse Engineering

  1. Awesome article! I thought the same while watching the first parts of the series: I was able to follow a certain sheme, but didnt understand much at all. Now I have started coding in c/c++ as well and started checking out asm as well and even tho I propably can't crack a single native app, i'm starting to feel more comfortable

  2. I agree with what you say: the "instant gratification" can be a bit "misleading": a lot of people started flooding the net/forums with "low-quality" so-called reversing tutorials (and with low quality I don't refer to screen image recording ;))

    I have to say I moved my first steps with lena tuts and they are really good IMHO, provided that you just don't simply "watch" them: you have to do your homeworks ... and REALLY think *with* lena when she tells you to do and don't just wait for her to give you the answer some seconds/minutes later.

    I'm not a reverser (in the real sense), I know, but I would not say it's [only] because of lena tuts :P


  3. Hi Kao,

    just bumped into your article at random, i thought i'd leave a comment.
    I sort of went through the same stages as you, but you seem pretty confused about stuff, considering you've been reversing stuff for 10 years now. Let me give you some of my thoughts on this:

    those reddit suggestions you mentioned seem perfectly valid to me, how is that 'not the correct approach' ? anything aiding you in extra knowledge about the target you're inspecting (or OS) could help you. Learning the basic mechanism of the assembly language for the cpu your target runs on is very useful (or the IL for the .NET virtual machine in your case).
    Same goes for P-code on visal basic or Bytecode on Java.

    What helped me a lot in the past is playing devil's advocate: what would i (playing the author of a protection mechanism) try to make the reversers job as frustrating as possible ? i.e. learn how to create obstacles youself. patching a few jumps is fun for beginners, but will not suffice in todays realworld applications. .



  4. correction: i meant the ReverseWithMe suggestions.

    ...you seem pretty active in the .NET field, i've never bothered trying that area, since i'm more of an oldschool nativecode guy, same goes for java.

  5. Hey CynicalBaldy,
    even though we have different opinions on this subject, I appreciate you taking your time and writing the comments. :)

    Let me repeat one sentence you seem to have missed: "But you don’t need to know all that at the start of your journey."

    All those ReverseWithMe suggestions are valid - for gaining extra knowledge. But they are not useful for a beginner who is just starting with RE. Or at least I believe so.

  6. Oh, I didn't know that you have a nice blog like this. Gotta read the past articles.

    Please keep up the good work, kao :)

  7. Hi Kao,

    I was wondering, I Was checking your great blog and tutorials on de4dot, but still having problems, is it possible that u add me to your contacts {email_removed_to_save_you_from_spam}?


    • Hi Pedro,
      I'm not providing one-on-one help like TeamViewer sessions, Skype calls or similar. But if you ask your question here in comments and I think that the answer can be useful to more than one person, I might make a blog post about it.

  8. I think Kao is right.
    1.Learn how to use 1 debugger from beginner -> intermediate(ida,olly)
    (Not read a book about it,just learn,open it,and figure out how it work by yourself and google,most book,ebook how to use like (IDA Pro Book,Olly cook book,etc is useless for beginner)
    2.Basic of Assembly (the file in first tutorial of lena151 is enough to know BASIC)
    3.PE (just learn basic of PE)
    And you ready to start learning from lena151 tutorial but...Think and make question : How? Why? not just do it step by step... (and google too)

    • When you downloaded the file from Tuts4You server, there was a message box telling you the password. If you didn't read it, it's your fault..


  9. Hey Kao,
    I recently began going through the reversinghero challenges ({hidden link}). What is your opinion about it?

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

 +  3  =  6