RE

making sense of stuff
  • run strings, strace, trace execution path in graph view (maybe get trace through gdb), get class list/function list

  • patch the binary for log messages

  • recognize crypto by looking up constants

  • have some unpackers ready (eg for UPX)

  • get a list of function names / class names as an overview

  • find main

  • look for refs to relevant strings(shift+f12) in the code (xref shortcut: x)

  • use placeholder names (eg. fruits) for unknown functions to make them recognizable

Decomplicate in ida:

  • use group nodes functionality

  • rename stuff.. (shortcut: n)

  • retype stuff.. (shortcut: y)

Other valid strategies:

  • reengineer the code, recompile it

  • clever hooks instead of tedious reversing

dynamic approaches:

  • breakpoints at all functions, run and see what breakpoints remain