Reverse  engineering
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
655
On Slideshare
655
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
65
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What is Reverse Engineering ? You have an unexpected case:• You finished one project using Java• Your program runs fine• But, by accident, you delete the java file• How to handle this in your project?Reverse Engineering
  • 2. What is Reverse Engineering ? Reverse Engineering is the process ofdiscovering the technological principles of adevice, object, or system through analysis ofits structure, function, and operation.
  • 3. What is Reverse Engineering ? It often involves taking something (e.g.,a mechanical device, electroniccomponent, software program, or biological,chemical, or organic matter) apart andanalyzing its workings.
  • 4. In Terms of Software To retrieve the source code of a program To study how the program performs certainoperations To improve the performance of a program To fix a bug To identify malicious content in a program
  • 5. Reverse EngineeringApplications: Security Related• Reversing has been employed in encryptionresearch• With malicious software, on both ends of thefence• Crackers
  • 6. Reverse EngineeringApplications: Software Development Related• Evaluating software quality and robustness• Achieving interoperability with proprietysoftware• Developing competing software
  • 7. Why do we need RE ? Reasons• Product AnalysisTo examine how a product works, whatcomponents it consists of, estimate costs, andidentify potential patent infringement.• Lost DocumentationReverse engineering often is done becausethe documentation of a particular device has beenlost (or was never written), and the person who builtit is no longer available
  • 8. Why do we need RE ? Reasons• Software ModernizationIn order to understand the as is state ofexisting or legacy software in order to properlyestimate the effort required to migrate systemknowledge into a to be state.• LearningLearn from others mistakes. Do not makethe same mistakes that others have already madeand subsequently corrected.
  • 9. Why do we need RE ? Reasons• The original manufacturer of a product nolonger produces a product• The original manufacturer no longer exists,but a customer needs the product• To analyze the good and bad features ofcompetitors product• Strengthen the good features of a productbased on long-term usage of the product
  • 10. Why do we need RE ? Benefits• Understand existing design• Quality improvements• Competitive advantages• Software reuse facilitation• No need to start from scratch
  • 11. Two Levels of Reversing System Level Reversing• Running various tools on the program andutilizing various operating system services• To obtain information, inspect programexecutables, track program input and output,and so forth
  • 12.  Code Level Reversing• Extracting design concepts and algorithmsfrom a program• Observes the code from a very low-level• Many of these details are generatedautomatically by the compilerTwo Levels of Reversing
  • 13. RequirementsAnalysisDesignImplementationForwardengineeringReverseengineeringSoftware engineering
  • 14. Procedure Collect information• Collect all possible information about the program.• Sources of information include source code, designdocuments and documentation for system calls andexternal routines. Examine information• Review the collected information• A plan for dissecting the program and recording therecovered information can be formulated during thisstage.
  • 15. Procedure Extract structure• Identify the structure of the program and use this tocreate a set of structure charts.• Each node in the structure chart corresponds to aroutine called in the program• The chart records the calling hierarchy of theprogram. Record functionality• For each node in the structure chart, record theprocessing done in the program routinecorresponding to that node.
  • 16. Procedure Record data-flow• The recovered program structure can be analysed toidentify data transformations in the software.• These transformation steps show the dataprocessing done in the program. Record control-flow• Identify the high-level control structure of theprogram and record it using control-flow diagrams.• This refers to high-level control that affects theoverall operation of the software.
  • 17. Procedure Review recovered design• Review the design to verify that it correctly• represents the program.• Identify any missing items of information andattempt to locate them. Generate documentation• The final step is to generate design documentation.• Information explaining the purpose of the program,program-overview, history, etc will need to berecorded.
  • 18.  System Monitoring Tools• System-level reversing requires a variety of toolsthat sniff, monitor, explore, and otherwiseexpose the program being reversed• Display information gathered by the operatingsystem about the application and itsenvironmentReverse Engineering Tools
  • 19.  Disassembler• Converts exe to assembly - as best it can• Relatively simple process• Sometimes are difficult to understandReverse Engineering Tools
  • 20.  Debugger• Reversers use debuggers in disassemblymode• Reversers can install breakpoints in locationsof interest in the disassembled code andthen examine the state of the programReverse Engineering Tools
  • 21.  Decompiler• Decompile a binary programs into high levelsource language• Replace all binary code that could not bedecompiled with assembly codeReverse Engineering Tools
  • 22. Unethical ??? The legal debate around reverse engineeringhas been going on for years The reverse engineering of software in theUS is generally a breach of contract asmost EULAs specifically prohibit it EU allows reverse engineering for thepurposes of interoperability.