Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

TDOH 南區 WorkShop 2016 Reversing on Windows

adr
October 01, 2016
Technology
0
250

TDOH 南區 WorkShop 2016 Reversing on Windows

Reversing about PE (portable-executable) and cracking on Windows for education.

adr

October 01, 2016
Tweet

More Decks by adr

See All by adr
Skrull Like A King: 從重兵看守的天眼防線殺出重圍
aaaddress1
3
1.5k
Rebuild The Heaven's Gate: from 32 bit Hell back to Heaven Wonderland
aaaddress1
0
1.1k
重建天堂之門:從 32bit 地獄一路打回天堂聖地
aaaddress1
0
400
Reversing In Wonderland: Neural Network Based Malware Detection Techniques
aaaddress1
2
700
CYBERSEC: 唉唷,你的簽章根本沒在驗啦。
aaaddress1
1
3.9k
SITCON: Playing Win32 Like a K!NG ;)
aaaddress1
2
1.1k
NTUST [2019]: Windows Reversing
aaaddress1
0
1.1k
Duplicate Paths Attack: Get Elevated Privilege from Forged Identities
aaaddress1
0
1.5k
SDN Final Report
aaaddress1
0
440

Other Decks in Technology

See All in Technology
もう一度、 事業を支えるシステムに。
leveragestech
6
3k
TypeScript100%で作るMovable Typeプラグイン
usualoma
2
260
データ共有による新しい価値の創造
iotcomjpadmin
0
180
SAP Community and Developer Update
sygyzmundovych
0
360
Windows Server 2025 Pay as you Go ライセンスを試す
murachiakira
0
180
メインテーマはKubernetes
nwiizo
2
300
Bytebaseで実現する データベース管理の効率化
shogo452
1
130
2024/11/29_失敗談から学ぶ! エンジニア向けre:Invent攻略アンチパターン集
hiashisan
0
180
生成AIを活用したIT運用高度化への挑戦
iotcomjpadmin
0
170
全社員に向けて生成AI活用を促進!~電通総研の生成AI活用ロードマップ~
iotcomjpadmin
0
170
プラットフォームエンジニアリングアーキテクチャ道場 on AWS & EKS Kubernetes / Platform Engineering Architecture Dojo
riita10069
7
16k
iOS 18 から追加された SwiftUI の傾向について調べてみる
swiftty
2
100

Featured

See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
52
5k
For a Future-Friendly Web
brad_frost
175
9.4k
Code Review Best Practice
trishagee
64
17k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Docker and Python
trallard
40
3.1k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k

Transcript

  1. aaaddress1 at The Declaration of Hacker (TDOH) Reversing On WINDOWS

  2. aaaddress1 at The Declaration of Hacker (TDOH) Who Am I

  3. aaaddress1 at The Declaration of Hacker (TDOH) ⾺聖豪 (aaaddress1, aka

    adr) 義守⼤學資訊⼯程三年級 Reverse Engineering, Pwn C/C++, C#, x86, Node.js Blog: Adr.Horse, 30cm.tw Speaker ✓ HITCON 2015 ✓ SITCON 2016 ✓ Besides Las Vegas 2016 ✓ TDOHxNTSTU Security Lecture Reversing Windows Pwn

  4. aaaddress1 at The Declaration of Hacker (TDOH) MapleHack CrackShield Tower

    Of Savior Hack Adr’s FB Isu.30cm.tw AIDS PykemonGo, MadPocket My Little Ransomware

  5. aaaddress1 at The Declaration of Hacker (TDOH) introduction

  6. aaaddress1 at The Declaration of Hacker (TDOH) 這是⼀一場屬於⼯工具⼈人 C/C++ 的開發⾃自我修養

  7. aaaddress1 at The Declaration of Hacker (TDOH) 今天務必保持清醒!

  8. aaaddress1 at The Declaration of Hacker (TDOH) 此議程內容需要⼤大量量艱深 C/C++ 開發底⼦子

    如有任何問題請立即舉⼿手 break; 我!

  9. aaaddress1 at The Declaration of Hacker (TDOH) Trial https://goo.gl/ky7SsW Slide

    https://goo.gl/HBLtkm

  10. aaaddress1 at The Declaration of Hacker (TDOH) Outline

  11. aaaddress1 at The Declaration of Hacker (TDOH) Requirement ✓IDA (Pro)

    ✓OllyDbg ✓Cheat Engine ✓Windows7 x86 ✓Dev C++

  12. aaaddress1 at The Declaration of Hacker (TDOH) Windows PE &

    Process ✓Have fun in PE structure ✓Import Address Table (IAT) ✓ImageBase & Find the entry

  13. aaaddress1 at The Declaration of Hacker (TDOH) Assembly ✓sizeof( variable

    ) ✓eax, ebx, ecx, edx, etc ✓add, sub, inc, dec ✓xor ✓Flag & Branch ✓Loop ✓x86 Calling Convention Function Call esp & ebp

  14. aaaddress1 at The Declaration of Hacker (TDOH) Analyzer ✓IDA (Pro)

    PE, IAT, EAT Strings List Flow Chart Function & Variable Anti-Trace ✓OllyDbg Create Process & Attach Hook & Trace ✓Cheat Engine Create Process & Attach Memory Scan for data Hook & Trace

  15. aaaddress1 at The Declaration of Hacker (TDOH) Bonus ✓IDA Dynamic

    Analysis ✓Patch Executable file patch Dynamic Patch ✓Cheat Engine PE View ✓Assembly & Special

  16. aaaddress1 at The Declaration of Hacker (TDOH) Portable Executable

  17. aaaddress1 at The Declaration of Hacker (TDOH)

  18. aaaddress1 at The Declaration of Hacker (TDOH) Return 0 for

    what?

  19. aaaddress1 at The Declaration of Hacker (TDOH) View → Open

    subviews → Proximity browser IDA

  20. aaaddress1 at The Declaration of Hacker (TDOH) IDA

  21. aaaddress1 at The Declaration of Hacker (TDOH) IDA

  22. aaaddress1 at The Declaration of Hacker (TDOH) IDA The return

    value of main function is the ‘Exit Status’

  23. aaaddress1 at The Declaration of Hacker (TDOH) IDA PE Loader

    will find ‘_start’ function from Exports Address Table (EAT) View → Open subviews → Exports

  24. aaaddress1 at The Declaration of Hacker (TDOH) Is it true?

    Nope, Not at all. It will take too much time to search.

  25. aaaddress1 at The Declaration of Hacker (TDOH) Wiki

  26. aaaddress1 at The Declaration of Hacker (TDOH) Wiki

  27. aaaddress1 at The Declaration of Hacker (TDOH) Wiki The head

    of PE file is DOS header, and that starts with sginature 0x5A4D

  28. aaaddress1 at The Declaration of Hacker (TDOH) Wiki That’s why

    it’s also called DOS-MZ

  29. aaaddress1 at The Declaration of Hacker (TDOH) Wiki And (DOS

    Header + 0x3C) stores the offset of NT Header

  30. aaaddress1 at The Declaration of Hacker (TDOH) Wiki This is

    the real header of PE

  31. aaaddress1 at The Declaration of Hacker (TDOH) Wiki (NT Header

    + 0x028) stores the offset of the first entry function that as known as ‘start’ function.

  32. aaaddress1 at The Declaration of Hacker (TDOH) Wiki (NT Header

    + 0x034) stores the offset of the PE file loaded at where in memory e.g. 0x400000

  33. aaaddress1 at The Declaration of Hacker (TDOH) CE Right click

    → ‘Go to address’ → Input ‘main.exe’ You will find the main.exe loaded at 0x400000 MZ

  34. aaaddress1 at The Declaration of Hacker (TDOH) CE 0x0000110b +

    0x400000 = 0x40110b That’s the same as the address in IDA

  35. aaaddress1 at The Declaration of Hacker (TDOH) If you understand

    the whole PE structure, you can make a great PE packer :P

  36. aaaddress1 at The Declaration of Hacker (TDOH) IMPORT ADDRESS TABLE

  37. aaaddress1 at The Declaration of Hacker (TDOH) View → Open

    subviews → Imports IDA IAT stores all API program calls

  38. aaaddress1 at The Declaration of Hacker (TDOH) Double Click &

    Show the API detail at IAT IDA

  39. aaaddress1 at The Declaration of Hacker (TDOH) Strings List

  40. aaaddress1 at The Declaration of Hacker (TDOH) View → Open

    subviews → Strings IDA

  41. aaaddress1 at The Declaration of Hacker (TDOH) IDA

  42. aaaddress1 at The Declaration of Hacker (TDOH) Assembly: Data

  43. aaaddress1 at The Declaration of Hacker (TDOH) C Data Type

  44. aaaddress1 at The Declaration of Hacker (TDOH) Program counter

  45. aaaddress1 at The Declaration of Hacker (TDOH) Stack Pointer

  46. aaaddress1 at The Declaration of Hacker (TDOH) Base Pointer

  47. aaaddress1 at The Declaration of Hacker (TDOH) Byte Byte Byte

    Byte EAX = 4Byte = int = long Register Type

  48. aaaddress1 at The Declaration of Hacker (TDOH) Byte Byte Byte

    Byte AX = 2 Byte = Short Register Type

  49. aaaddress1 at The Declaration of Hacker (TDOH) Byte Byte Byte

    Byte AH = 1 Byte = Char Register Type

  50. aaaddress1 at The Declaration of Hacker (TDOH) Byte Byte Byte

    Byte AL = 1 Byte = Char Register Type

  51. aaaddress1 at The Declaration of Hacker (TDOH) Assembly: Opcode

  52. aaaddress1 at The Declaration of Hacker (TDOH) Nop (0x90) →

    Nothing to do.

  53. aaaddress1 at The Declaration of Hacker (TDOH) Mov dest,source →

    dest = source Mov dest, [source] → source = value of dest

  54. aaaddress1 at The Declaration of Hacker (TDOH)

  55. aaaddress1 at The Declaration of Hacker (TDOH)

  56. aaaddress1 at The Declaration of Hacker (TDOH) Add dest,source →

    dest += source Add dest, [source] → dest += value of source

  57. aaaddress1 at The Declaration of Hacker (TDOH) Sub dest, source

    → dest -= source Sub dest, [source] → dest -= value of source

  58. aaaddress1 at The Declaration of Hacker (TDOH) Inc dest →

    dest ++ Inc [dest] → (value of dest)++

  59. aaaddress1 at The Declaration of Hacker (TDOH) Dec dest →

    dest -- Dec [dest] → (value of dest)--

  60. aaaddress1 at The Declaration of Hacker (TDOH) Cmp [source], value

    //Compare *(long*)source with value Je blockOne // Jump to blockOne if they’re equal Jl blockTwo // Jump to blockTwo if [source] less than value Jg blockThree // Jump to blockThree if [source] greater than value

  61. aaaddress1 at The Declaration of Hacker (TDOH) Cmp [source], value

    //Compare *(long*)source with value Jne blockOne // Jump to blockOne if they’re not equal Jnl blockTwo // Jump to blockTwo if [source] not less than value Jng blockThree // Jump to blockThree if [source] not greater than value

  62. aaaddress1 at The Declaration of Hacker (TDOH) Test [source], value

    //Compare *(long*)source with value Jz blockOne // Jump to blockOne if ([source] - value) is zero Ja blockTwo // Jump to blockTwo if ([source] - value) is above zero Jb blockThree // Jump to blockThree if ([source] - value) is below zero

  63. aaaddress1 at The Declaration of Hacker (TDOH) Test v.s. Cmp

    Using Cmp & Jl/Je/Jg If source & dest are signed number Using Test & Jb/Jz/Ja If source & dest are unsigned

  64. aaaddress1 at The Declaration of Hacker (TDOH) Jmp near +0x200

    → EIP = EIP + 0x200

  65. aaaddress1 at The Declaration of Hacker (TDOH) Jmp long 0x400000

    → EIP = 0x400000

  66. aaaddress1 at The Declaration of Hacker (TDOH) Ret → EIP

    = [ESP+0] & pop [ESP+0]

  67. aaaddress1 at The Declaration of Hacker (TDOH) Ret 0x0C →

    pop 0x0C bytes from stack, i.e. ESP += 0x0C 
 → EIP = [ESP+0] & pop [ESP+0]

  68. aaaddress1 at The Declaration of Hacker (TDOH) Xor dest, source

    → mov dest, ‘A’ //0x41 → xor dest, 0x20 //dest is ‘a’(0x61) now

  69. aaaddress1 at The Declaration of Hacker (TDOH) Xor dest, source

    → mov dest, ‘a’ //0x61 → xor dest, 0x20 //dest is ‘A’(0x41) now

  70. aaaddress1 at The Declaration of Hacker (TDOH) 0100 0001 ‘A’(0x41)

    0x20 0010 0000 Xor ‘a’(0x61) 0110 0001

  71. aaaddress1 at The Declaration of Hacker (TDOH) Assembly: Function Call

  72. aaaddress1 at The Declaration of Hacker (TDOH)

  73. aaaddress1 at The Declaration of Hacker (TDOH)

  74. aaaddress1 at The Declaration of Hacker (TDOH)

  75. aaaddress1 at The Declaration of Hacker (TDOH)

  76. aaaddress1 at The Declaration of Hacker (TDOH)

  77. aaaddress1 at The Declaration of Hacker (TDOH) void Func() {

    int A = 0; Int B = 1; Int C = 2; } [EBP - 4] =0 [EBP - 8] =1 [EBP - C] =2 push EBP mov EBP,ESP sub ESP, LEN

  78. aaaddress1 at The Declaration of Hacker (TDOH) void Func() {

    nFunc(ARG1,ARG2,ARG3…); } push ebb mov ebp,esp . . push arg3 push arg2 push arg1 call nFunc

  79. aaaddress1 at The Declaration of Hacker (TDOH)

  80. aaaddress1 at The Declaration of Hacker (TDOH)

  81. aaaddress1 at The Declaration of Hacker (TDOH)

  82. aaaddress1 at The Declaration of Hacker (TDOH)

  83. aaaddress1 at The Declaration of Hacker (TDOH) [EBP+0 ] =

    Pointer to old EBP [EBP+4 ] = Return Address [EBP+8 ] = Parameter 1 [EBP+C] = Parameter 2 [EBP+10]= Parameter 3 …etc

  84. aaaddress1 at The Declaration of Hacker (TDOH) Assembly: Calling Convention

  85. aaaddress1 at The Declaration of Hacker (TDOH) Stack ESP +

    0 ESP + 4 ESP + 8 ESP + C ESP + 10 ESP + 14

  86. aaaddress1 at The Declaration of Hacker (TDOH) Stack ESP +

    0 Old EBP ESP + 4 ESP + 8 ESP + C ESP + 10 ESP + 14 _______EIP

  87. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP +

    0 =ESP Old EBP EBP + 4 EBP + 8 EBP + C EBP + 10 EBP + 14 _______EIP

  88. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP Buffer EBP - 4 Buffer EBP + 0 Old EBP EBP + 4 EBP + 8 EBP + C _______EIP

  89. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP 1 EBP - 4 Buffer EBP + 0 Buffer EBP + 4 Old EBP EBP + 8 EBP + C _______EIP

  90. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP return Address EBP - 4 1 EBP + 0 Buffer EBP + 4 Buffer EBP + 8 Old EBP EBP + C _______EIP

  91. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP return Address EBP - 4 1 EBP + 0 Buffer EBP + 4 Buffer EBP + 8 Old EBP EBP + C

  92. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP Old EBP EBP - 4 return Address EBP + 0 1 EBP + 4 Buffer EBP + 8 Buffer EBP + C Old EBP _______EIP

  93. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP +

    0 =ESP Old EBP EBP + 4 return Address EBP + 8 1 EBP + C Buffer EBP + 10 Buffer EBP + 14 Old EBP _______EIP

  94. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP +

    0 =ESP Old EBP EBP + 4 return Address EBP + 8 1 EBP + C Buffer EBP + 10 Buffer EBP + 14 Old EBP _______EIP

  95. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP return Address EBP - 4 1 EBP + 0 Buffer EBP + 4 Buffer EBP + 8 Old EBP EBP + C _______EIP

  96. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP return Address EBP - 4 1 EBP + 0 Buffer EBP + 4 Buffer EBP + 8 Old EBP EBP + C _______EIP

  97. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    8 =ESP 1 EBP - 4 Buffer EBP + 0 Buffer EBP + 4 Old EBP EBP + 8 EBP + C _______EIP

  98. aaaddress1 at The Declaration of Hacker (TDOH) Stack EBP -

    4 =ESP Buffer EBP + 0 Buffer EBP + 4 Old EBP EBP + 8 EBP + C EBP + 10 _______EIP

  99. aaaddress1 at The Declaration of Hacker (TDOH) x86 Disassembly &

    Calling Conventions

  100. aaaddress1 at The Declaration of Hacker (TDOH) It’s time to

    talk about each register meanings and their functions used for.

  101. aaaddress1 at The Declaration of Hacker (TDOH) I collect the

    simple parts from wiki, and they’re real useful for reversing. read more: x86 Disassembly/Calling Conventions

  102. aaaddress1 at The Declaration of Hacker (TDOH)

  103. aaaddress1 at The Declaration of Hacker (TDOH) CDECL

  104. aaaddress1 at The Declaration of Hacker (TDOH)

  105. aaaddress1 at The Declaration of Hacker (TDOH) STDCALL

  106. aaaddress1 at The Declaration of Hacker (TDOH)

  107. aaaddress1 at The Declaration of Hacker (TDOH) FASTCALL

  108. aaaddress1 at The Declaration of Hacker (TDOH)

  109. aaaddress1 at The Declaration of Hacker (TDOH) C++ THISCALL

  110. aaaddress1 at The Declaration of Hacker (TDOH) DEBUGGing

  111. aaaddress1 at The Declaration of Hacker (TDOH) Debug: Ollydbg

  112. aaaddress1 at The Declaration of Hacker (TDOH) Debug: Cheat Engine

  113. aaaddress1 at The Declaration of Hacker (TDOH) Debug: IDA Pro

  114. aaaddress1 at The Declaration of Hacker (TDOH) Trial: TDOH Hello

    World

  115. aaaddress1 at The Declaration of Hacker (TDOH) Play the game

    & Find the flag :P

  116. aaaddress1 at The Declaration of Hacker (TDOH) Game Time

  117. aaaddress1 at The Declaration of Hacker (TDOH)

  118. aaaddress1 at The Declaration of Hacker (TDOH) IDA

  119. aaaddress1 at The Declaration of Hacker (TDOH) IDA

  120. aaaddress1 at The Declaration of Hacker (TDOH) Live Demo IDA,

    CE, Olly

  121. aaaddress1 at The Declaration of Hacker (TDOH) ‘Generate Pseudocode(F5)’ of

    IDA Pro might lose something important in assembly for accessible reading. It’s important to use debugger and trace opcode of every step. IDA

  122. aaaddress1 at The Declaration of Hacker (TDOH) Trial: Lucky Day

  123. aaaddress1 at The Declaration of Hacker (TDOH) Game Time

  124. aaaddress1 at The Declaration of Hacker (TDOH)

  125. aaaddress1 at The Declaration of Hacker (TDOH)

  126. aaaddress1 at The Declaration of Hacker (TDOH)

  127. aaaddress1 at The Declaration of Hacker (TDOH)

  128. aaaddress1 at The Declaration of Hacker (TDOH) TDOH{Debug_is_Fun!}

  129. aaaddress1 at The Declaration of Hacker (TDOH)

  130. aaaddress1 at The Declaration of Hacker (TDOH) Live Demo IDA,

    CE, Olly

  131. aaaddress1 at The Declaration of Hacker (TDOH) Game Time 清华⽹网络安全技术协会

  132. aaaddress1 at The Declaration of Hacker (TDOH)

  133. aaaddress1 at The Declaration of Hacker (TDOH) Game Time

  134. aaaddress1 at The Declaration of Hacker (TDOH)

  135. aaaddress1 at The Declaration of Hacker (TDOH)

  136. aaaddress1 at The Declaration of Hacker (TDOH)

  137. aaaddress1 at The Declaration of Hacker (TDOH)

  138. aaaddress1 at The Declaration of Hacker (TDOH)

  139. aaaddress1 at The Declaration of Hacker (TDOH)

  140. aaaddress1 at The Declaration of Hacker (TDOH)

  141. aaaddress1 at The Declaration of Hacker (TDOH)

  142. aaaddress1 at The Declaration of Hacker (TDOH) Live Demo IDA,

    CE, Olly

  143. aaaddress1 at The Declaration of Hacker (TDOH) GAME TIme AIS3

    2016 Final Binary 1

  144. aaaddress1 at The Declaration of Hacker (TDOH) Game Time

  145. aaaddress1 at The Declaration of Hacker (TDOH) Using ‘Strings Window’

    to figure out the format string of printf and double click for detail.

  146. aaaddress1 at The Declaration of Hacker (TDOH) Click the xref

    and follow

  147. aaaddress1 at The Declaration of Hacker (TDOH)

  148. aaaddress1 at The Declaration of Hacker (TDOH) Just check every

    char of the input is lower case

  149. aaaddress1 at The Declaration of Hacker (TDOH)

  150. aaaddress1 at The Declaration of Hacker (TDOH) RC4 but a

    little diffrent. I will take this function into three parts for you understanding well.

  151. aaaddress1 at The Declaration of Hacker (TDOH)

  152. aaaddress1 at The Declaration of Hacker (TDOH)

  153. aaaddress1 at The Declaration of Hacker (TDOH)

  154. aaaddress1 at The Declaration of Hacker (TDOH) If the result

    after RC4 cipher is the same as input, that will be the really key.

  155. aaaddress1 at The Declaration of Hacker (TDOH)

  156. aaaddress1 at The Declaration of Hacker (TDOH) Live Demo IDA,

    CE, Olly

  157. aaaddress1 at The Declaration of Hacker (TDOH) Game TIme 特訓99

  158. aaaddress1 at The Declaration of Hacker (TDOH)

  159. aaaddress1 at The Declaration of Hacker (TDOH) I prepare the

    same one but patched. If you can set bullet count to zero, the game will give you flag.

  160. aaaddress1 at The Declaration of Hacker (TDOH) Game Time

  161. aaaddress1 at The Declaration of Hacker (TDOH)

  162. aaaddress1 at The Declaration of Hacker (TDOH)

  163. aaaddress1 at The Declaration of Hacker (TDOH)

  164. aaaddress1 at The Declaration of Hacker (TDOH) Live Demo IDA,

    CE, Olly

  165. aaaddress1 at The Declaration of Hacker (TDOH) Game Time CrackMe#1

    [UBC] by bRaINbuSY

  166. aaaddress1 at The Declaration of Hacker (TDOH) Game Time

  167. aaaddress1 at The Declaration of Hacker (TDOH)

  168. aaaddress1 at The Declaration of Hacker (TDOH) We don’t care

    those, that don’t make any effect on the checking Here is used for SEH ExceptionList but it’s not the point

  169. aaaddress1 at The Declaration of Hacker (TDOH) We can make

    it simple like this.

  170. aaaddress1 at The Declaration of Hacker (TDOH) We should figure

    how to get this value ( you can debug and get this without doubt, but it’s import to know how it works for creating a keygen)

  171. aaaddress1 at The Declaration of Hacker (TDOH)

  172. aaaddress1 at The Declaration of Hacker (TDOH)

  173. aaaddress1 at The Declaration of Hacker (TDOH)

  174. aaaddress1 at The Declaration of Hacker (TDOH)

  175. aaaddress1 at The Declaration of Hacker (TDOH) Live Demo IDA,

    CE, Olly

  176. aaaddress1 at The Declaration of Hacker (TDOH) Q&A [email protected]