What is Reverse Engineering ? You have an unexpected case:• You finished one project using Java• Your program runs fine• But, by accident, you delete the java file• How to handle this in your project?Reverse Engineering
What is Reverse Engineering ? Reverse Engineering is the process ofdiscovering the technological principles of adevice, object, or system through analysis ofits structure, function, and operation.
What is Reverse Engineering ? It often involves taking something (e.g.,a mechanical device, electroniccomponent, software program, or biological,chemical, or organic matter) apart andanalyzing its workings.
In Terms of Software To retrieve the source code of a program To study how the program performs certainoperations To improve the performance of a program To fix a bug To identify malicious content in a program
Reverse EngineeringApplications: Security Related• Reversing has been employed in encryptionresearch• With malicious software, on both ends of thefence• Crackers
Reverse EngineeringApplications: Software Development Related• Evaluating software quality and robustness• Achieving interoperability with proprietysoftware• Developing competing software
Why do we need RE ? Reasons• Product AnalysisTo examine how a product works, whatcomponents it consists of, estimate costs, andidentify potential patent infringement.• Lost DocumentationReverse engineering often is done becausethe documentation of a particular device has beenlost (or was never written), and the person who builtit is no longer available
Why do we need RE ? Reasons• Software ModernizationIn order to understand the as is state ofexisting or legacy software in order to properlyestimate the effort required to migrate systemknowledge into a to be state.• LearningLearn from others mistakes. Do not makethe same mistakes that others have already madeand subsequently corrected.
Why do we need RE ? Reasons• The original manufacturer of a product nolonger produces a product• The original manufacturer no longer exists,but a customer needs the product• To analyze the good and bad features ofcompetitors product• Strengthen the good features of a productbased on long-term usage of the product
Why do we need RE ? Benefits• Understand existing design• Quality improvements• Competitive advantages• Software reuse facilitation• No need to start from scratch
Two Levels of Reversing System Level Reversing• Running various tools on the program andutilizing various operating system services• To obtain information, inspect programexecutables, track program input and output,and so forth
Code Level Reversing• Extracting design concepts and algorithmsfrom a program• Observes the code from a very low-level• Many of these details are generatedautomatically by the compilerTwo Levels of Reversing
Procedure Collect information• Collect all possible information about the program.• Sources of information include source code, designdocuments and documentation for system calls andexternal routines. Examine information• Review the collected information• A plan for dissecting the program and recording therecovered information can be formulated during thisstage.
Procedure Extract structure• Identify the structure of the program and use this tocreate a set of structure charts.• Each node in the structure chart corresponds to aroutine called in the program• The chart records the calling hierarchy of theprogram. Record functionality• For each node in the structure chart, record theprocessing done in the program routinecorresponding to that node.
Procedure Record data-flow• The recovered program structure can be analysed toidentify data transformations in the software.• These transformation steps show the dataprocessing done in the program. Record control-flow• Identify the high-level control structure of theprogram and record it using control-flow diagrams.• This refers to high-level control that affects theoverall operation of the software.
Procedure Review recovered design• Review the design to verify that it correctly• represents the program.• Identify any missing items of information andattempt to locate them. Generate documentation• The final step is to generate design documentation.• Information explaining the purpose of the program,program-overview, history, etc will need to berecorded.
System Monitoring Tools• System-level reversing requires a variety of toolsthat sniff, monitor, explore, and otherwiseexpose the program being reversed• Display information gathered by the operatingsystem about the application and itsenvironmentReverse Engineering Tools
Disassembler• Converts exe to assembly - as best it can• Relatively simple process• Sometimes are difficult to understandReverse Engineering Tools
Debugger• Reversers use debuggers in disassemblymode• Reversers can install breakpoints in locationsof interest in the disassembled code andthen examine the state of the programReverse Engineering Tools
Decompiler• Decompile a binary programs into high levelsource language• Replace all binary code that could not bedecompiled with assembly codeReverse Engineering Tools
Unethical ??? The legal debate around reverse engineeringhas been going on for years The reverse engineering of software in theUS is generally a breach of contract asmost EULAs specifically prohibit it EU allows reverse engineering for thepurposes of interoperability.