valkheim

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

IDAPython cheatsheet

Important links

Basic commands

Get informations on the binary

Reversing Raw Binary Firmware Files in Ghidra

This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.

Prep work in Binwalk

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

Elliptic Curve Cryptography (ECC)

Abstract

ECC is about a group created via:

a 2-dimension elliptic curve: an equation with unknowns x and y
- every Elliptic Curve follows this formula: y² + a₁ x y + a₃ y = x³ + a₂ x² + a₄ x + a₆ (for some specified a₁, a₂, a₃, a₄, a₆)
- actually, it can be shorten to this y² = x³ + a x + b (short weierstrass form) in practice because the characteristic (order of a prime field) 2 and 3 points in prime fields (except for binary (GF(2^x)) and GF(3^x) curves)

a curve of characteristic 2 (defined over GF(2^x)) can be simplified to y² + xy = x³ + ax² + b

Install ARCH Linux with encrypted file-system and UEFI

The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

Download the Arch ISO

Image from https://www.archlinux.org/

Copy to a USB drive

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

	--------------------------------------------------------------------------------
	<WinProcess "smss.exe" pid 368 at 0x5306908L>
	64
	[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
	--------------------------------------------------------------------------------
	<WinProcess "csrss.exe" pid 472 at 0x5306e48L>
	64

	Interfaces :
	Endpoints :

	////////
	// The vm module lets you run a string containing javascript code 'in
	// a sandbox', where you specify a context of global variables that
	// exist for the duration of its execution. This works more or less
	// well, and if you're in control of the code that's running, and you
	// have a reasonable protocol in mind// for how it expects a certain
	// context to exist and interacts with it --- like, maybe a plug-in
	// API for a program, with some endpoints defined for it that do
	// useful domain-specific things --- your life can go smoothly.

	sass/
	\|
	\|– base/
	\| \|– _reset.scss # Reset/normalize
	\| \|– _typography.scss # Typography rules
	\| ... # Etc…
	\|
	\|– components/
	\| \|– _buttons.scss # Buttons
	\| \|– _carousel.scss # Carousel

	# --------
	# Hardware
	# --------

	# Opcode - operational code
	# Assebly mnemonic - abbreviation for an operation

	# Instruction Code Format (IA-32)
	# - Optional instruction prefix
	# - Operational code