Fr3DBr wrote:Technology i have to point a few things here.
Reverse Engineering is less about a method, and more about a talent lol.
I can do things, which i don't know many of the times how i manage to accomplish then but it happens, you find a slighest pattern, a string or something that gives you a ray of light...
then you start following it (and there is where you need asm knowledge and debugging attempts) to try to understand what the desired code is doing, this is the part i am not so talented like our friend
kLabMouse, he just
pwnz in that area...
Still there are some small things i can do, to get hints or discover some things, like backtracing methods, or emulating a small piece of asm code to check how it works, even maybe making small injection blocks and so on to modify something...
But this do not have a manual, book or even a predefined logic, each application and each compiler have its instrisics and its own ways to deal with, its a really big subworld or in another way to say it, its just a multiverse, with many alternatives and different routes to follow.
Yea, actually I already expected to get an answer like this...
But instead of talent I believe you mean experience, because talent is something people are born with (which may accelerate the acquirement of knowledge and experience though)
Let me tell you a story about a russian chess player Kasparov, an undoubted smart guy. (having talent)
But talent alone didn't instantaneously make him a good chess player.
He went trough a few stages.
His parents, chess players teached him the basics of chess. (knowing the basics)
They then set him up with a chess problem to solve. (being challenged)
He started to study chess on his own and proposed a solution to the problem. (determination to gather knowledge and motivation to succeed)
Then he went to a chess school. (gathering more knowledge from experienced people)
Think about all the games he must have played by now (building up experience)
He later became the greatest chess player of all time. (because he built up enough a-posteriori-knowledge)
(a-posteriori-knowledge = knowledge that you build up from your own experience when nobody is at your level to learn any useful knowledge from anymore)
Fr3DBr, I realize that one can reach the point where experience becomes as important or even more important than knowledge.
From what I've observed kLab is talented, likes challenges, is motivated to crack any official antibot and has tons of RE experience.
It amazes me, he told me exactly how the kRO login password was encrypted, I later implemented (which is imo, the easy part) that and was baffled that it just worked exactly how kLab predicted.
You probably know your way around RE too, Fr3DBr.
But look at it from my point of view. I don't even know the basics and where to start, what tools to use and how to use them.
I still believe that we can all learn from kLab doing what he does best, as his RE skill level exceeds ours. (we can learn knowledge from people with experience)
All that is needed is 1 example. Where I could learn the basics from, and others maybe to improve their knowledge.
If he could just repeat the steps he took to get crack 1 antibot and document them, that would be very useful.
I know not all anti-bots are the same, but there are certainly similarities in the used techniques
(like while not all chess games are the same, there are similar stances, techniques, tactics and strategies).
While the path you follow trough the code might be different, the techniques used are the same.
Btw, I learned perl from reading, debugging and adding features in kore's codebase which also sometimes is spaggetti-like multiverse (like asm). But I doubt I can do the same with the RO client's "asm code", its just too big. I've used IDA a few times to extract some strings, but that is all I can do really.
So to start learning these techniques, I think I'm better off writing small C app's and try to RE them (with IDA i suppose)?