Habilidades anti-reversing-techniques
📦

anti-reversing-techniques

Seguro

Analyze anti-reversing and protection techniques

Security researchers and malware analysts encounter protected binaries that use anti-debugging and obfuscation to evade analysis. This skill provides documented techniques to identify and bypass these protections during authorized security work.

Soporta: Claude Codex Code(CC)
🥉 75 Bronce
1

Descargar el ZIP de la skill

2

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

3

Activa y empieza a usar

Pruébalo

Usando "anti-reversing-techniques". The binary calls ptrace(PTRACE_TRACEME) and exits if it returns -1. What is happening?

Resultado esperado:

This is Linux anti-debugging via self-tracing. The process attempts to trace itself with ptrace. If a debugger is already attached, the call fails with -1, triggering the exit. Bypass: Use LD_PRELOAD to hook ptrace and always return 0, or patch the check to ignore the return value.

Usando "anti-reversing-techniques". I see XOR decryption on strings and API hashing to avoid string literals. How do I analyze this?

Resultado esperado:

For XOR strings: identify the key (often single-byte), then decrypt at rest using a script or FLOSS. For API hashing: determine the hash algorithm, build a database of known API hashes, and match them (use HashDB IDA plugin). Dynamic analysis can also resolve APIs at runtime by logging GetProcAddress calls.

Auditoría de seguridad

Seguro
v1 • 2/24/2026

This skill contains educational documentation about anti-reversing techniques for legitimate security work. Static analysis flagged 62 patterns, but all are false positives - the detected code exists only as markdown documentation examples, not executable code. The skill explicitly requires written authorization before use and targets malware analysts, penetration testers, and CTF participants.

2
Archivos escaneados
585
Líneas analizadas
0
hallazgos
1
Auditorías totales
No se encontraron problemas de seguridad
Auditado por: claude

Puntuación de calidad

38
Arquitectura
100
Mantenibilidad
87
Contenido
50
Comunidad
100
Seguridad
100
Cumplimiento de la especificación

Lo que puedes crear

Malware Analysis

Security analysts dissect malicious software to understand its behavior, extract indicators of compromise, and develop detection signatures.

Authorized Penetration Testing

Pentesters analyze client software protections during approved engagements to identify security weaknesses and provide remediation guidance.

CTF and Security Training

Participants in capture-the-flag competitions learn reverse engineering skills by solving challenges with protected binaries.

Prueba estos prompts

Identify Anti-Debugging Technique 
I'm analyzing a binary with written authorization. The code checks IsDebuggerPresent() and reads PEB.BeingDebugged. Explain what this technique does and how to bypass it in a debugger for my analysis.
Analyze Obfuscated Code 
I found a function with control flow flattening using a state machine and switch statement. The original logic is obscured. Help me reconstruct the original control flow and identify the state transitions.
Unpack a Protected Binary 
I have a packed executable identified as UPX. Guide me through the dynamic unpacking process: finding the OEP, dumping memory, and fixing the import table using x64dbg and Scylla.
VM-Based Protection Analysis 
The binary uses VMProtect-style code virtualization. I've identified the VM entry point and handler table. Help me understand the virtual instruction set and plan a devirtualization approach.

Mejores prácticas

  • Always verify written authorization and document your scope before analyzing protected software
  • Use isolated analysis environments (VMs or dedicated machines) to prevent malware escape
  • Preserve evidence and maintain chain-of-custody when analyzing malware for legal proceedings

Evitar

  • Never analyze software without explicit written authorization from the owner
  • Do not share bypass techniques publicly that could enable piracy or unauthorized access
  • Do not skip legal compliance review - DMCA and CFAA violations carry serious penalties

Preguntas frecuentes

Is using this skill legal?
This skill is for authorized security work only. You must have explicit written permission from the software owner, or operate within a legitimate context like CTFs, malware analysis of samples you have rights to analyze, or approved penetration testing. Unauthorized bypassing may violate the CFAA, DMCA anti-circumvention provisions, or similar laws.
What tools do I need to apply these techniques?
Common tools include x64dbg or GDB for debugging, IDA Pro or Ghidra for static analysis, ScyllaHide for anti-anti-debugging, FLOSS for string deobfuscation, and Scylla for unpacking. Many have free versions or alternatives.
Can this skill help me crack software?
No. This skill is designed for defensive security work like malware analysis and authorized testing. Using these techniques to bypass protections for piracy is illegal and unethical.
How do I know if I have authorization?
Authorization should be explicit, written, and define scope. For malware analysis, ensure you have rights to the samples. For pentesting, have a signed engagement letter. For CTFs, participation implies authorization for challenge systems.
What if I accidentally analyze something without authorization?
Stop immediately. Do not share findings. Consult legal counsel if concerned. Some contexts like academic research may have protections, but unauthorized analysis carries legal risk.
Are there skills this cannot help with?
This skill does not cover hardware reverse engineering, firmware analysis, or specialized packers requiring proprietary tools. It focuses on common software protection techniques encountered in malware and commercial protectors.

Detalles del desarrollador

Autor

sickn33

Licencia

MIT

Repositorio

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/anti-reversing-techniques

Ref.

main

Estructura de archivos

📁 resources/

📄 implementation-playbook.md

📄 SKILL.md