alt Hacker NewsI often wonder why on this forum of alleged hacker types, there seems to be such an impetus to push what all VC's are desperately bought into at the moment, whether it be crypto, or AI nonsense.
Oh wait... Right.
Asking for resources or asking "does anyone know where I can start?" Followed by a description of "here's where I'm at" has been table stakes for the uninitiated since time immemorial.
When I see "ask the LLM", all I hear is "prop up my investment portfolio".
To this OP in particular: try playing around with different binaries you already have source to, and using the RE tools to get a feel for their post compilation structure and flow; start by compiling with no compiler optimization. You'll want an understanding of what the structural primitives of "nothing up my sleeve" code reads and looks like post-compilation to build off of. Then start enabling different layers of optimization, again, to continue familiarizing yourself with output of modern compilers when dealing with fundamentally "honest" code.
Once you can eyeball things and get an intuitive sense for that sort of thing is where you jump off into dealing with dishonest code. Stuff put through obfuscators. Stuff designed to work in ways that hide what the actual intent of the code is, or things designed in ways that make it clear that the author had something up their sleeve.
It'll be a lot of work and memorization and pattern recognition building, and you'll have to put in the effort to get to know the hardware and memory architecture, and opcodes and ISA's, and virtual machines you're reversing for, but it will click eventually.
Just remember; odds are it won't make you money, and it will set time on fire. I cut my teeth on reversing some security firm's snake oil, and just trying to figure out why the code I wrote was acting weird after the compiler got done with it. (I have cursed at more compiler writers than about anyone but myself).
Then just remember that if someone got it to run, then it's gotta eventually make sense. The rest is all persistence on your part of laying bare their true, usually perverted motivations (generally boiling down to greed, job security, or wasting your goddamn time).
Would the world be nicer if that wasn't the case? Absolutely. I lived through a period where a lot of code wasn't "something up my sleeve" code. Now is not so much that time anymore. We've made programming too accessible to business types that now the interests of organization's at securing their power has a non-trivial distortion on how code gets written; which generally means user hostile in one way or another.
Replies
Thanks! I appreciate the insights. I definitely don't expect to make money out of that, I really just want to learn and understand :-).
I happened to be at Amazon during Covid, and at a certain point during the hiring craze, I was doing like 3 interviews a week. I have interviewed probably close to 500 people so far in my career as software.
Even pre llm, there was a clear indicator of someone who was skilled at coding versus someone who was not. The big thing that differentiated people was curiosity. When someone is curious, they would go look stuff up, experiment, figure out how to build things by failing over and over again, and eventually they would figure it out, but consequently, they have learned quite a lot more along the way.
And then there were people that were just following instructions, who in interviews though that them following instructions was virtue worthy.
Nowdays, this is even easier to tell who is who, because LLMs essentially shortcut that curiosity for you. You don't have to dig through the internet and play around with sandbox code, you can just ask an LLM and it will give you answers.
This is why I specifically said if you are hesitant of starting with LLMs, you should learn how to learn first, which usually starts with learning how to ask questions.