Monday, 23 November 2009

The book for Windows bug hunters, Gray Hat Python review

« Hacking VoIP: Protocols, Attacks, and Countermeasures, review | Main | Juletip 1: Pakker, pakker og pakker »

Gray Hat Python: Python programming for hackers and reverse engineers by Justin Seitz

ISBN: 978-1593271923

Paperback: 232 pages

Publisher: No Starch Press April 1, 2009

Review by Henrik Lund Kramshoej, hlk@kramse.org

November 2009

This book was a joy to read, but take notice of the reverse engineer part in the title.

The content of this book is a presentation of tools that use Python as part of their automation. The tools selected range from debuggers, fuzzers and onto emulators which can be driven using python. The book is laid out in 12 chapters which progress from setting up the environment to more advanced exercises.

The selection of tools is very good and the content fits together with lots of cross references.

Target audience

Focus for this book is running debugging tools automatically using python to do work for you. These features will allow you the reader the opportunity to go hunting for bugs more efficiently and with less manual work. With this in mind the target audience is not python beginners, though the programs shown are not very hard to follow. The real target audience are bug hunters and the ones that understand the issues, but are spending to much of their own time doing it.

If you are an absolute beginner in debugging I would recommend that you buy this book as a bundle with The Art of Hacking by Jon Erickson or perhaps The Shellcoders Handbook. If you have not experienced assembler ever you would probably also need an introduction to assembly programming.

Practical book

The structure of this book is very workbook-like and encourages you to run the many examples and experiment while doing them. Each one of the labs can also be performed in a short while allowing you to make use of short breaks from other stuff and do these.

The books does not have a lot of pages, but a lot of insight and the author clearly has great knowledge and experience in the reverse engineering arena. He also brings you up to speed by allowing you to start running the programs immediately, and while they run you can read the manuals how to do more advanced stuff by yourself later :-)

The techniques and methods described will also allow you to dive into programs that are not meant for debugging, because the author describes how to attack programs - while manuals typically tell you what options you have, but not the situations you should use those options.

To summarize the Good stuff

Short - this book is short, so you can actually finish it
Practical - using the tools described you will be able to get started quickly, even if you really haven't learned about debuggers before
Very workbook like - making sure that you are always interested in trying out the examples Cross references and references to material found on the internet makes this book indispensable

The Bad stuff about this book

I use mostly Unix and this book is mostly about hacking Windows, from applications down to Windows drivers. While I might not be the target audience, this focus has allowed the book to stay on track. I would have liked more about Unix systems, since Python is of course also used a lot in Unix.

Conclusion

This book has brought me through a lot of exercises, even if I didn't finish each and every one of them the first time. I will keep returning to this book to do more of the exercises and experiment more with Sulley and the other programs presented.

The book has persuaded me that I need to use more python and especially it has allowed be to go further with the debuggers I already know of. The level might not be suitable for the most advanced reverse engineers but for the rest of us it is a treasure of good information!

The matter is presented clearly and can be understood by almost anyone, even if they haven't really looked into debuggers before. The reason this book is so successful is partly because it does not repeat material from manuals for the tools, but require you to use existing tools with manuals and show you how to run them.

This book should be bundled with the Art of Hacking, showing you what hacking software is about and this book show how to automate the hacking with python. I can highly recommend it for people that need to do reverse engineering and running of code through debuggers and emulators.