Vulnerability detection tools

Hello,
When a hacker finds a vulnerability in a program such as Signal or Telegram, did he\she use reverse engineering techniques to find the vulnerability or debugging or decompilation?
What tools are needed?

Thank you.

2 Likes

It really depends on the effort and type of situation the researcher is facing. Generally speaking, when there is no source code available, practicing some sort of reverse engineering is always a good practice. Depending on the application then you may be able to get a very high-level decompiled source code or just a low-level disassembled one, however, in both cases, having something it’s better than nothing.
Researchers usually also fuzz their target when possible, so that they can find some crashes and then investigate them through debugs, crash-dump, etc.
Moreover, they hunt also for logic bugs, and in these situations, the reversed source code can be a very time-saving element.

To summarize, there isn’t just a single technique, but in most cases, it’s a combination of all of them that can you lead to finding a vuln.

2 Likes

Hello,
Thank you so much for your reply.
So, for the close source program, the hacker uses Reverse Engineering, Decompilation and Fuzzing. Am I right? If yes, can you show me a list of programs?
For open source program, hacker reads source code and find the bugs with a debugger like the GDB? For open source programs, a tool like the IDA Pro or Ghidra is not needed?

1 Like

Hello,
No idea? I’m thankful if anyone shares his\her ideas and opinions.

1 Like

Let me premise that I am not an expert, especially in reversing and binary exploitation.

But anyway: for close source applications you use disassemblers and decompilers to try to get readable code. Some of the most popular ones are definitely IDA, Ghidra, BinaryNinja, and dnSpy. Some of these also act as debuggers, but in general, they are used precisely to debug errors, whether an open-source product or a close source product. Depending on the OS there are different debuggers: gdb on Linux, windbg, x64dbg, immunity, and others on windows.

On close source programs, fuzzing is also done to analyze how an application behaves when it receives unexpected characters. On open products, it is generally not necessary to do this because you can read from the code what would happen, but for closed products it is essential. To do fuzzing there are different tools depending on the type of application you need to fuzz: you can use burpsuite, wfuzz or ffuf to fuzz on the web, AFL or others to fuzz client applications

For open-source programs, you don’t need to use Ghidra or IDA because you already have the source code. Instead, it may come in handy to use a code review tool and then a debugger to check whether the identified vulnerabilities are false positives.