reverse reverse engineering presented at 44con 2015

by Richo Healey,

URL : https://speakerdeck.com/richo/reverse-reverse-engineering

Summary : Richo will walk attendees through the basic architecture of a traditional AOT compiler and runtime loader, and describe the parallels between this and the operation of a modern bytecode VM (python, ruby, etc). With this newfound knowledge, we'll tackle implementing a tool to reverse engineer a sample of obfuscated ruby. However, instead of analyzing the bytecode directly, we will instead implement a malicious, but otherwise fully functional VM, and use that to explore the various anti-analysis tricks deployed.
By the end of the talk, you will have extended insight into the conceptual inner workings of a compiler, and feel equipped to implement substitutes for the interesting parts of a traditional compilation/loader pipeline to trick opaque objects into telling you how they work, instead of the other way around. While the demos will focus on ruby, the techniques demonstrated are equally applicable to python, etc.