Reverse  engineering
Upcoming SlideShare
Loading in...5

Reverse engineering






Total Views
Slideshare-icon Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Reverse  engineering Reverse engineering Presentation Transcript

    • What is Reverse Engineering ? You have an unexpected case:• You finished one project using Java• Your program runs fine• But, by accident, you delete the java file• How to handle this in your project?Reverse Engineering
    • What is Reverse Engineering ? Reverse Engineering is the process ofdiscovering the technological principles of adevice, object, or system through analysis ofits structure, function, and operation.
    • What is Reverse Engineering ? It often involves taking something (e.g.,a mechanical device, electroniccomponent, software program, or biological,chemical, or organic matter) apart andanalyzing its workings.
    • In Terms of Software To retrieve the source code of a program To study how the program performs certainoperations To improve the performance of a program To fix a bug To identify malicious content in a program
    • Reverse EngineeringApplications: Security Related• Reversing has been employed in encryptionresearch• With malicious software, on both ends of thefence• Crackers
    • Reverse EngineeringApplications: Software Development Related• Evaluating software quality and robustness• Achieving interoperability with proprietysoftware• Developing competing software
    • Why do we need RE ? Reasons• Product AnalysisTo examine how a product works, whatcomponents it consists of, estimate costs, andidentify potential patent infringement.• Lost DocumentationReverse engineering often is done becausethe documentation of a particular device has beenlost (or was never written), and the person who builtit is no longer available
    • Why do we need RE ? Reasons• Software ModernizationIn order to understand the as is state ofexisting or legacy software in order to properlyestimate the effort required to migrate systemknowledge into a to be state.• LearningLearn from others mistakes. Do not makethe same mistakes that others have already madeand subsequently corrected.
    • Why do we need RE ? Reasons• The original manufacturer of a product nolonger produces a product• The original manufacturer no longer exists,but a customer needs the product• To analyze the good and bad features ofcompetitors product• Strengthen the good features of a productbased on long-term usage of the product
    • Why do we need RE ? Benefits• Understand existing design• Quality improvements• Competitive advantages• Software reuse facilitation• No need to start from scratch
    • Two Levels of Reversing System Level Reversing• Running various tools on the program andutilizing various operating system services• To obtain information, inspect programexecutables, track program input and output,and so forth
    •  Code Level Reversing• Extracting design concepts and algorithmsfrom a program• Observes the code from a very low-level• Many of these details are generatedautomatically by the compilerTwo Levels of Reversing
    • RequirementsAnalysisDesignImplementationForwardengineeringReverseengineeringSoftware engineering
    • Procedure Collect information• Collect all possible information about the program.• Sources of information include source code, designdocuments and documentation for system calls andexternal routines. Examine information• Review the collected information• A plan for dissecting the program and recording therecovered information can be formulated during thisstage.
    • Procedure Extract structure• Identify the structure of the program and use this tocreate a set of structure charts.• Each node in the structure chart corresponds to aroutine called in the program• The chart records the calling hierarchy of theprogram. Record functionality• For each node in the structure chart, record theprocessing done in the program routinecorresponding to that node.
    • Procedure Record data-flow• The recovered program structure can be analysed toidentify data transformations in the software.• These transformation steps show the dataprocessing done in the program. Record control-flow• Identify the high-level control structure of theprogram and record it using control-flow diagrams.• This refers to high-level control that affects theoverall operation of the software.
    • Procedure Review recovered design• Review the design to verify that it correctly• represents the program.• Identify any missing items of information andattempt to locate them. Generate documentation• The final step is to generate design documentation.• Information explaining the purpose of the program,program-overview, history, etc will need to berecorded.
    •  System Monitoring Tools• System-level reversing requires a variety of toolsthat sniff, monitor, explore, and otherwiseexpose the program being reversed• Display information gathered by the operatingsystem about the application and itsenvironmentReverse Engineering Tools
    •  Disassembler• Converts exe to assembly - as best it can• Relatively simple process• Sometimes are difficult to understandReverse Engineering Tools
    •  Debugger• Reversers use debuggers in disassemblymode• Reversers can install breakpoints in locationsof interest in the disassembled code andthen examine the state of the programReverse Engineering Tools
    •  Decompiler• Decompile a binary programs into high levelsource language• Replace all binary code that could not bedecompiled with assembly codeReverse Engineering Tools
    • Unethical ??? The legal debate around reverse engineeringhas been going on for years The reverse engineering of software in theUS is generally a breach of contract asmost EULAs specifically prohibit it EU allows reverse engineering for thepurposes of interoperability.