Indians

EasyMalware Reverse Engineering

Overview

You’ve uncovered a mysterious assembly file that seems to hide a secret within the way data is written to memory. At first glance, the instructions look like they’re just moving numbers around, but the real trick lies in how those values are stored and interpreted depending on endianness. Pay close attention to how the bytes are arranged, and notice when the code chooses to reverse them. Piece together the scattered fragments in memory, and you’ll find the hidden message waiting to be revealed.

flag format: flag{}

Lab Details

Prerequisites & Requirements

  • Familiarity with 64-bit registers (rax, rbp, rsp) and data sizes (QWORD = 8 bytes)
  • Understanding basic instructions: mov, sub/add, and push/pop
  • Understanding endianness: Little-Endian and Big-Endian
  • Knowledge of stack memory layout and local variable storage
  • Ability to convert Hexadecimal values to ASCII characters
  • Understanding how string literals are packed into integer registers

What will you learn?

  • Manual deobfuscation using bswap instruction to scramble data
  • Memory reconstruction and how 64-bit values translate to bytes
  • Static analysis of data construction and string fragmentation
  • Why text strings appear reversed in assembly due to Little-Endian storage

Tools

  • Text Editor / Notepad for manual tracking of stack slots
  • CyberChef / Python for verifying endianness conversions
  • ASCII Table for converting hexadecimal bytes to human-readable format

Job Positions

Malware Analyst

Tags

Static AnalysisMalware AnalysisAssemblyOpcodesStringsObfuscationMemory Dump