Advanced Reverse Engineering
This path picks up where reading a simple crackme leaves off. You will trace x86 recursion by hand, port your assembly skills to ARM and RISC-V, decompile Android APKs down to their native libraries, solve keygen constraint systems, and emulate custom bytecode virtual machines. It assumes you already know how to run a binary, read basic disassembly, and drive GDB.
- Step 01
Deep x86 Assembly Tracing
Before you can defeat obfuscation you need to trace assembly fluently. The asm series walks you from loops and conditionals into full recursive call stacks where you must track return values and string pointers across multiple frames. Do these with pen and paper first, then verify in GDB.
- Step 02
Beyond x86: ARM, RISC-V, and Go
Real-world targets are not all x86. The ARMssembly series teaches you to trace ARM32 arithmetic and recursion, riscy business drops you into the RISC-V instruction set, and gogo forces you to navigate Go's unfamiliar calling conventions and runtime structures with stripped symbols.
- Step 03
Android APK Reversing
Mobile reversing is its own discipline. The droids ladder takes you from finding a flag sitting in plain sight in the resources, through tracing a button-click validator with jadx, into native .so library analysis, and finally bypassing anti-tampering integrity checks. Work them in order.
- Step 04
Keygens and Constraint Solving
A keygenme asks you to produce input that satisfies a complex algorithmic constraint over your bytes. The fast way is not brute force but modeling the constraints and solving them, often with a SAT or SMT solver like z3. These challenges are the perfect excuse to add symbolic execution to your toolkit.
- Step 05
Custom VMs and Dynamic Instrumentation
The toughest reversing challenges build their own bytecode interpreter or only behave correctly on a remote server. You either emulate the VM, or you stop fighting static analysis and instrument the running process. Frida lets you hook and patch at runtime, and timing side-channels recover input one byte at a time from a black-box checker.