安笑生 yeah we can learn programming from reverse engineering stuffs 你好同志

lol

@@wanderingpalace 安笑生

@@wanderingpalace i love xi jinping's huge cawk

@@wanderingpalace no you absolutely can't

@@ayylmaoglow takes one to know one! unless you're a reptilian

read the book Code by Charles Petzold. You will understand how the CPU and assembler works even if you are a total noob. After that you will automatically understand how programming languages work, reverse engineering too and so on.

@Rajath Pai trust me. Petzold is a guru

@@ThisDaveAndThatJohn code by charles petzold?

Ok BOOMER

I prefer ollydbg 2.01 or x64dbg for 64 bit, ghidra makes really easy the reverse process, can get a source code... I prefer analyze asm instructions one by one for understand fully process but this isn't the best stategy.. one by one can take you a lot of time i use call stack window for locate specific part i want to analyze!

@@vladysmaximov6156 keep us posted mate

@@vladysmaximov6156 weird flex but ok

@@vladysmaximov6156 I tried out ghidra and improved my performance like 10 times (mainly due to being shit in reading asm fast).

@@vladysmaximov6156 You absolute pleb. Version 1.10 or GTFO.

Fully agree, amazing video! Simple step by step explanation is excellent!

hijacking this to say WE NEED PART 2

Inserts his too powerful(smart) to be kept alive meme*

looks pretty standard to me

Plot twist: he is the hacker who made wanna cry

marv b first 20 minutes is really basic stuff. Its just general reversing and assigning names

Yes

Just gotta learn GDB, Radare, OllyDBG for Windows, and assembly. And even then the assembly is the part that while takes the longest isn't too bad once you get used to it.

Oh and IDA / Binary Ninja are good too.

tbh, i think they knew that they would affect millions of devices. humble people

Kind, maybe not, but they were reasonable. Do as we ask and we promise all will be well. And see we have written in clear language what we want you to understand. Give us the money and have a nice day 😊

professionals have *standards*

cant get money from someone who cant understand what they are reading

@@kahlzun Investigations show that this was most likely an attack by the North-Korean Government-Controlled Lazarus hacking group to fund nuclear programs and Fatass Jong Un's Sanction-Bypassing Goldschlager run. Eh, probably not Goldschlager. The fatass is probably going for something more expensive.

they make locale translators for batch translating, prob took them about 5 minutes to translate all locales. The least impressive part

@@hiddenaether then why hide it with such levels of encryption? it would be easy to just use english, but instead they have the ambition to take on the world.

what the H E C C is a carrer

@@xyphoes345 it's a carrer

@@glowingone1774 isnt it meant to be a *career* tho

@@xyphoes345 no this is much different.

but wannacry isnt a man

RubenCO what language is this in?

@@elijahburnham7882 The left side of Ghidra is x86 Assembly and the right side is C.

​@@Slenderman63323you need low level knowledge to be able to do stuff like this since the c code that is outputed is very low level

@starshipeleven He could use a VM.

What is an entrusted place?

starshipeleven presumably you download the sample from within the VM, then disable the Ethernet adapter that gives the VM Internet access to prevent worms from going through the connection.

starshipeleven forgot about that option, thanks for reminding me.

Just something that scares me : They are easy accessible websites to download loads of virus to try antivirus and understanding how they work ? I hope they tell the user several warnings before sending the file

Hopefully tomorrow :) life has been busy

I have a few questions. I've done vb coding for years, but more as a supplement to my other work loads, I'm not a full blown dev. First, what was so hard about spotting the kill switch? There must have been a lot of the best devs looking at this code globally for 4 days, the guy who killed it even did that on accident. Secondly, and I'm not advocating for better viruses, but would a kill switch that the owner had exclusive controle over not be possible? They went to great lengths coding this but left the kill switch free for anyone to use.

That's awesome to hear, thank you! Feel free to let me know what else you have trouble with, maybe it's something I can feature in the future

@@stacksmashing I'll be sure to comment it when I find more stuff, but seeing you work already solves a lot of problems!

@@stacksmashing greaat tut, can please explain if possible im chrome devtools save the changes i make in offline? i want change a pwa web worker app that works online and offline but the changes i made nolt save when i restart the app, exist any trick to save?if i not save i only get the cache of pwa app and not possible open and edit i think, thanks

macOS*

@@rohitas2050 woops

more like Reclass: Am I a Joke to you ?

@@Elffi LOL

It might be finger pointing, but the US, UK, and Australia claimed that North Korea was behind the attack.

@@fatfr0g570 they formally asserted its origin as North Korea, the only 2 instruction pages not machine translated were english and chinese. more interestingly, the developers computers had Korean font families installed and build stamps indicated their timezone.

Trust me, it gets old fast.

@@Slenderman63323 Nahh, things are constantly changing which keeps it interesting. Unless you dont know what youre doing or looking at then yeah, I could see it getting "old fast"

Might be just Ghidra making it seem too easy 😃

It's a great one for sure, but does not yet have a debugger (though supposedly it'll be released soon). There are lots of tools: - Radare2 (and Cutter as its UI) - opensource & free - Retdec decompiler - opensource & free - IDA Pro + Hex-Rays decompiler (Expensive, a free version is available of IDA though) - de-facto industry standard etc :) I am very impressed with Ghidra for non x86/x64 stuff, so I like it so far! But as you can see in this video, the decompiler really isn't the best for x86/Windows

Nope this is macOS

it's macOS 2: electric boogaloo (system-wide dark theme included) get your copy today and save 50% off the normal cost!

Reported and removed, there is no room for stuff like this on here :)

@@stacksmashing and also not for the answer of that other random guy calling the guy in the already deleted comment a waste of Oxygen. not all People are capable of following this type of Content not even developers that are already programming for a very long time. i guess in this case calling you a "machine" is somewhat of a compliment although a rather dubious one.

@@urugulu1656 Did you see the comment that I was replying to. It had nothing to do with the video and was just an unprovoked attack on someone minding their own business.

@@stacksmashing what

you would NEVER make a good REV eng... your observation skills are poor... 1. Tool bar top (NOT windows), OSX or linux 2. Apple logo top left 3. APPLE finder logo left tool bar top

6 days ago part 2 was released

**laughs in multiple VMs running in Arch Linux** i use arch btw

@@watema3381 no one cares

@@bigbythebigbadwolf aparently you do cause you replied! also (incase you haven't noticed), it's an inside joke

@@watema3381 still no one cares

@@medo7dody ur prob crying behind ur screen: i dont care either but i gotta be an edgy loser so i can prove this guy wrong

Nsa? Of course

@@jayzah It was made by North Korean cybercrime organization codenamed 'Lazarus'

It probally have more than 1 author