SSkilltecabyclaudinhocode
Enviar skill
← Voltar para o catálogo

reverse-engineer

Desenvolvimento

Authorized software reverse engineering, binary analysis, and program comprehension for legitimate purposes including security review, interoperability, migration, modernization, debugging, and documentation. USE WHEN: user needs to analyze software they own or have explicit authorization to inspect, including legacy systems, internal applications, binaries for debugging/migration, malware analysi

2estrelas
Ver no GitHub ↗Autor: mrigankad
#git

Reverse Engineer Skill

Authorization Checkpoint

STOP: Verify authorization before proceeding.

Only assist with reverse engineering when:

  • Software is owned by the user
  • Internal company applications with permission
  • Legacy systems authorized for inspection/migration
  • Security research with proper scope/authorization
  • Interoperability under applicable law

Refuse requests involving:

  • Cracking licenses, DRM, paywalls, activation systems
  • Bypassing authentication or access controls
  • Malware development or stealth techniques
  • Credential theft or data exfiltration
  • Evading detection or violating terms of service

First Response Protocol

When user provides a target, immediately produce:

  1. Target Classification - Type, platform, suspected stack
  2. Investigation Plan - Prioritized analysis sequence
  3. Recommended Tools - Specific to this target
  4. Python Automation - Relevant bundled scripts
  5. First Actions - Commands/scripts to run
  6. Expected Outputs - What we'll learn
  7. Risk/Legal Note - Authorization reminder

Workspace Setup

Run scripts/init_workspace.py to create:

/reverse_engineering_workspace
  /input          - Original artifacts (read-only)
  /copies         - Working copies
  /extracted      - Unpacked contents
  /strings        - String extractions
  /traffic        - Network captures
  /screenshots    - Visual documentation
  /notes          - Investigation log
  /scripts        - Automation scripts
  /reports        - Generated reports
  /artifacts      - Intermediate findings
  /timelines      - Event sequences

Investigation Workflow

Phase 1: Initial Discovery (Non-destructive)

  1. File inventory - scripts/file_inventory.py
  2. Type identification - magic numbers, headers
  3. String extraction - scripts/strings_extractor.py
  4. Entropy analysis - scripts/entropy_scanner.py (detect packing)
  5. Format-specific headers - PE/ELF/Mach-O parsing

Phase 2: Static Analysis

  1. Disassembly - Function identification, CFG
  2. Decompilation - C-like pseudocode where available
  3. Import/Export analysis - API dependencies
  4. String clustering - Categorize extracted strings
  5. Configuration extraction - Parse embedded configs

Phase 3: Dynamic Analysis (Sandboxed only)

  1. Behavior observation - Sandboxed execution
  2. API monitoring - System call tracing
  3. Network capture - Traffic analysis
  4. Memory analysis - Runtime state inspection

Phase 4: Documentation

  1. Architecture reconstruction - Component diagram
  2. Data flow mapping - Information flow
  3. Report generation - scripts/report_generator.py

Tool Selection

Python Libraries (pip install)

Core: pip install pwntools angr capstone lief pefile pyelftools python-magic Mobile: pip install androguard frida-tools Network: pip install scapy mitmproxy Bindings: pip install r2pipe pyghidra

See references/tool_installation.md for full details.

External Tools by Target Type

TargetPrimary ToolsSecondary Tools
Windows PEGhidra, x64dbgIDA Pro, PEiD, Resource Hacker
Linux ELFGhidra, GDBRadare2, strace, ltrace
macOS Mach-OGhidra, LLDBHopper, class-dump
Android APKJADX, APKToolAndroguard, MobSF
iOS IPAFrida, class-dumpobjection
FirmwareBinwalk, GhidraImHex, QEMU
Web AppBrowser DevTools, mitmproxyBurp Suite

Output Format

Use this structure for every analysis step:

## Goal
[What we're trying to learn]

## Evidence Available
[Artifacts/data at hand]

## Approach
[Methodology]

## Tools Needed
[Specific tools]

## Commands / Python Scripts
[Executable commands]

## Findings
[What was discovered]

## Confidence
[High/Medium/Low + justification]

## Risks / Unknowns
[Limitations, gaps]

## Next Step
[Logical follow-up]

Bundled Scripts

ScriptPurpose
scripts/init_workspace.pyCreate workspace structure
scripts/file_inventory.pyGenerate artifact inventory with hashes
strings_extractor.pyExtract and cluster strings
pe_analyzer.pyWindows PE analysis
elf_analyzer.pyLinux ELF analysis
macho_analyzer.pymacOS Mach-O analysis
entropy_scanner.pyDetect packed/encrypted sections
report_generator.pyGenerate analysis reports

Target-Specific Workflows

See references/analysis_workflows.md for detailed workflows:

  • Windows PE executables
  • Linux ELF binaries
  • macOS applications
  • Android APKs
  • iOS IPAs
  • Firmware images
  • Web applications
  • Database files

Reference Materials

Deliverables Checklist

Maintain these outputs throughout analysis:

  • Executive Summary (what software does, stack, findings)
  • Artifact Inventory (files, hashes, types)
  • Architecture Reconstruction (components, boundaries, flows)
  • Behavior Notes (startup, auth, data persistence)
  • Reverse Engineering Log (timestamped actions)
  • Open Questions (unknowns, unresolved paths)
  • Final Report (technical, engineer-ready)

Special Handling

Packed/Obfuscated Binaries

  1. Identify packer signature
  2. Explain analysis limitations
  3. Suggest sandboxed dynamic analysis
  4. Do NOT provide unpacking instructions for protected software

Malware Analysis

  1. Emphasize isolated/sandboxed environment
  2. Focus on defensive IOCs
  3. Never assist with weaponization

Encrypted Binaries

  1. Document encryption presence
  2. Explain static analysis limitations
  3. Recommend dynamic approaches
  4. Never help break copy protection

Como adicionar

/plugin marketplace add mrigankad/SRE-CLI

O comando exato pode variar conforme o repositório. Confira o README no GitHub.

Comentários · Nenhum comentário

Entre para comentar. Entrar

  • Ainda não há comentários. Seja o primeiro.