SlideShare a Scribd company logo

Introduction to Software Reverse Engineering

Download as PPTX, PDF
Teodoro Cipresso
Teodoro Cipresso

CS266 Software Reverse Engineering (SRE) Introduction to Software Reverse Engineering Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu Department of Computer Science San José State University Spring 2015

Software
1 of 17
CS266 Software Reverse Engineering (SRE) Introduction to Software Reverse Engineering Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu Department of Computer Science San José State University Spring 2015 The information in this presentation is taken from the thesis “Software reverse engineering education” available at http://scholarworks.sjsu.edu/etd_theses/3734/ where all citations can be found.
Introduction to Software Reverse Engineering  From very early on in life we engage in constant investigation of existing things to understand how and even why they work.  Software Reverse Engineering (SRE) calls upon this investigative nature when one needs to learn how and why, often in the absence of adequate documentation, an existing piece of software—helpful or malicious—works.  More formally, SRE can be described as the practice of analyzing a software system to create abstractions that identify the individual components and their dependencies, and, if possible, the overall system architecture [1],[2].  Once the components and design of an existing system have been recovered, it becomes possible to repair and even enhance them.  Events in recent history have caused SRE to become a very active area of research. 2
Introduction to Software Reverse Engineering (cont’d)  In the early nineties, the Y2K problem spurred the need for the development of tools that could read large amounts of source or binary code for the 2-digit year vulnerability [2].  in the mid to late nineties, the adoption of the Internet by businesses brought about the need to understand in-house legacy systems so that the information held within them could be made available on the Web [3].  The desire for businesses to expand to the Internet for what was promised to be limitless potential for new revenue caused the creation of many Business to Consumer (B2C) web sites. 3
Introduction to Software Reverse Engineering (cont’d)  Today’s technology is unfortunately tomorrow’s legacy system.  It may seem that the need for SRE can be lessened by simply maintaining good documentation for all software that is written.  It would definitely decrease the need, but not become a reality.  Going forward, “the” vision is to include SRE incrementally, as part of the normal development, or “forward engineering” of software systems.  This would help avoid the typical situation where detailed information about a software system such as its architecture, design constraints, and trade-offs are found only in the memory of its developer [1]. 4
Reverse Engineering in Software Development  While a great deal of software that has been written is no longer in use, a considerable amount has survived for decades and continues to run the global economy.  The reality of the situation is that 70% of the source code in the entire world is written in COBOL [3]...  Compounding the situation is the fact that a great deal of legacy code is poorly designed and documented [3].  COBOL programs are in use globally in governmental and military agencies, in commercial enterprises, and on operating systems such as IBM's z/OS®, Microsoft's Windows®, and the POSIX families (Unix/Linux etc.) [6]. 5
Reverse Engineering in Software Development (cont’d)  In 1997, the Gartner Group reported that 80% of the world's business ran on COBOL with over 200 billion lines of code in existence and with an estimated 5 billion lines of new code annually [6]. More recently…  [http://simplicity.laserfiche.com/content/looking-job-hows-your-cobol]  This article from Aug 04, 2014 suggests millennials learn COBOL   COBOL supports 90 percent of Fortune 500 business systems every day.  70 percent of all critical business logic and data is written in COBOL.  COBOL powers 85 percent of all daily business transactions processed.  1.5 million new lines of COBOL code are written every day.  Do we have source code for all of these applications? 6
Reverse Engineering in Software Development (cont’d)  Whenever computer scientists or software engineers are engaged with evolving an existing system, fifty to ninety percent of the work effort is spent on program understanding [3]…  “Practice with reverse engineering techniques improves ability to understand a given system quickly and efficiently.”  Even though several tools already exist to aid software engineers with the program understanding process, the tools focus on transferring information about a software system’s design into the mind of the developer [1].  [4] states “commercial reverse engineering tools produce various kinds of output, but software engineers usually don’t how to interpret and use these pictures and reports.” 7
Reverse Engineering in Software Development (cont’d) 8 Software development process in a typical enterprise software system.
Reverse Engineering in Software Development (cont’d) 9 Development-related software reverse engineering scenarios.
Reverse Engineering in Software Development (cont’d)  Achieving Interoperability with Proprietary Software:  Develop applications or device drivers that interoperate (use) proprietary libraries in operating systems or applications.  Verification that Implementation Matches Design:  Verify that code produced during the forward development process matches the envisioned design by reversing the code back into an abstract design.  Evaluating Software Quality and Robustness:  Ensure the quality of software before purchasing it by performing heuristic analysis of the binaries to check for certain instruction sequences that appear in poor quality code. 10
Reverse Engineering in Software Development (cont’d)  Legacy Software Maintenance, Re-engineering, and Evolution:  Recover the design of legacy software modules when source is not available to make possible the maintenance, evolution, and reuse of the modules. 11
Reverse Engineering in Software Development (cont’d)  From the perspective of a software company, it is highly desirable that the its products are difficult to pirate and reverse engineer.  Making software difficult to reverse engineer seems to be in conflict with the idea of being able to recover the software’s design later on for maintenance and evolution.  Manufacturers usually don’t apply anti-reverse engineering transformations to software binaries until it is packaged for shipment to customers.  invest time in making software difficult to reverse engineer if there are algorithms that make the product stand out from the competition.  Making software difficult to pirate or reverse engineer is often a moving target and requires special skills and understanding on the part of the developer. 12
Reverse Engineering in Software Security (cont’d)  [3] “to defeat a crook you have to think like one.”  By reverse engineering viruses or other malicious software, programmers can learn their inner workings and witness first-hand how vulnerabilities find their way into computer programs.  Interpreted languages like Java, JavaScript, Python…, which do not require programmers to manage low-level system details, have become ubiquitous.  In favor of productivity, programmers have increasingly lost touch with what happens in a system during execution of programs. 13
Reverse Engineering in Software Security (cont’d) 14 Security-related software reverse engineering scenarios.
Reverse Engineering in Software Security (cont’d)  Detecting and Neutralizing Viruses and Malware:  Detect, analyze, or neutralize (clean) malware, viruses, spyware, and adware.  Testing Cryptographic Algorithms for Weaknesses:  Test the level of data security provided by a given cryptographic algorithm by analyzing it for weaknesses.  Testing DRM or License Protection (anti-reversing):  Protect software and media digital-rights through application and testing of anti-reversing techniques. 15
Reverse Engineering in Software Security (cont’d)  Auditing the Security of Program Binaries:  Audit a program for security vulnerabilities without access to the source code by scanning instruction sequences for potential exploits. 16
17

Recommended

Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine Code
Teodoro Cipresso
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineeringsiddu019
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Manish Kumar
 
Software Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse EngineeringSoftware Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse Engineering
Ali Raza
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software Reengineering
Bradley Irby
 
A presentation on forward engineering
A presentation on forward engineeringA presentation on forward engineering
A presentation on forward engineering
GTU
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software Reengineering
Deniz Kılınç
 
Software reengineering
Software reengineeringSoftware reengineering
Software reengineeringArudra Vishen
 

Recommended

Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine Code
Teodoro Cipresso
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineeringsiddu019
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Manish Kumar
 
Software Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse EngineeringSoftware Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse Engineering
Ali Raza
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software Reengineering
Bradley Irby
 
A presentation on forward engineering
A presentation on forward engineeringA presentation on forward engineering
A presentation on forward engineering
GTU
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software Reengineering
Deniz Kılınç
 
Software reengineering
Software reengineeringSoftware reengineering
Software reengineeringArudra Vishen
 
Software Reuse
Software ReuseSoftware Reuse
Software Reuse
prince mukherjee
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software ReengineeringAbdul Wahid
 
Reengineering including reverse & forward Engineering
Reengineering including reverse & forward EngineeringReengineering including reverse & forward Engineering
Reengineering including reverse & forward EngineeringMuhammad Chaudhry
 
Ui design final
Ui design finalUi design final
Ui design final
Indu Sharma Bhardwaj
 
Software reuse ppt.
Software reuse ppt.Software reuse ppt.
Software reuse ppt.
Sumit Biswas
 
Software component reuse repository
Software component reuse repositorySoftware component reuse repository
Software component reuse repository
Sandeep Singh
 
Software Re-Engineering in Software Engineering SE28
Software Re-Engineering in Software Engineering SE28Software Re-Engineering in Software Engineering SE28
Software Re-Engineering in Software Engineering SE28koolkampus
 
Software Reuse: Challenges and Business Success
Software Reuse: Challenges and Business SuccessSoftware Reuse: Challenges and Business Success
Software Reuse: Challenges and Business Success
University of Zurich
 
Software resuse
Software resuseSoftware resuse
Software resuse
Indu Sharma Bhardwaj
 
A cost model for software reuse
A cost model for software reuseA cost model for software reuse
A cost model for software reuse
asas402
 
Mit104 software engineering
Mit104 software engineeringMit104 software engineering
Mit104 software engineering
smumbahelp
 
software project management
software project managementsoftware project management
software project management
deep sharma
 
Software engineering: design for reuse
Software engineering: design for reuseSoftware engineering: design for reuse
Software engineering: design for reuseMarco Brambilla
 
Cots integration
Cots integrationCots integration
Cots integrationSaransh Garg
 
Reusability
ReusabilityReusability
Reusability
university of education,Lahore
 
SE18_Lec 00_Course Outline
SE18_Lec 00_Course OutlineSE18_Lec 00_Course Outline
SE18_Lec 00_Course Outline
Amr E. Mohamed
 
CS6201 Software Reuse - Design Patterns
CS6201 Software Reuse - Design PatternsCS6201 Software Reuse - Design Patterns
CS6201 Software Reuse - Design Patterns
Kwangshin Oh
 
C.R.U.I.S.E. - Component Reuse In Software Engineering
C.R.U.I.S.E. - Component Reuse In Software EngineeringC.R.U.I.S.E. - Component Reuse In Software Engineering
C.R.U.I.S.E. - Component Reuse In Software Engineering
Vanilson Buregio
 
SWE-401 - 4. Software Requirement Specifications
SWE-401 - 4. Software Requirement Specifications SWE-401 - 4. Software Requirement Specifications
SWE-401 - 4. Software Requirement Specifications
ghayour abbas
 
SWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software EngineeringSWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software Engineering
ghayour abbas
 
Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
Parminder Singh
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web Applications
Porfirio Tramontana
 

More Related Content

What's hot

Software Reuse
Software ReuseSoftware Reuse
Software Reuse
prince mukherjee
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software ReengineeringAbdul Wahid
 
Reengineering including reverse & forward Engineering
Reengineering including reverse & forward EngineeringReengineering including reverse & forward Engineering
Reengineering including reverse & forward EngineeringMuhammad Chaudhry
 
Ui design final
Ui design finalUi design final
Ui design final
Indu Sharma Bhardwaj
 
Software reuse ppt.
Software reuse ppt.Software reuse ppt.
Software reuse ppt.
Sumit Biswas
 
Software component reuse repository
Software component reuse repositorySoftware component reuse repository
Software component reuse repository
Sandeep Singh
 
Software Re-Engineering in Software Engineering SE28
Software Re-Engineering in Software Engineering SE28Software Re-Engineering in Software Engineering SE28
Software Re-Engineering in Software Engineering SE28koolkampus
 
Software Reuse: Challenges and Business Success
Software Reuse: Challenges and Business SuccessSoftware Reuse: Challenges and Business Success
Software Reuse: Challenges and Business Success
University of Zurich
 
Software resuse
Software resuseSoftware resuse
Software resuse
Indu Sharma Bhardwaj
 
A cost model for software reuse
A cost model for software reuseA cost model for software reuse
A cost model for software reuse
asas402
 
Mit104 software engineering
Mit104 software engineeringMit104 software engineering
Mit104 software engineering
smumbahelp
 
software project management
software project managementsoftware project management
software project management
deep sharma
 
Software engineering: design for reuse
Software engineering: design for reuseSoftware engineering: design for reuse
Software engineering: design for reuseMarco Brambilla
 
Reusability
ReusabilityReusability
Reusability
university of education,Lahore
 
SE18_Lec 00_Course Outline
SE18_Lec 00_Course OutlineSE18_Lec 00_Course Outline
SE18_Lec 00_Course Outline
Amr E. Mohamed
 
CS6201 Software Reuse - Design Patterns
CS6201 Software Reuse - Design PatternsCS6201 Software Reuse - Design Patterns
CS6201 Software Reuse - Design Patterns
Kwangshin Oh
 
C.R.U.I.S.E. - Component Reuse In Software Engineering
C.R.U.I.S.E. - Component Reuse In Software EngineeringC.R.U.I.S.E. - Component Reuse In Software Engineering
C.R.U.I.S.E. - Component Reuse In Software Engineering
Vanilson Buregio
 
SWE-401 - 4. Software Requirement Specifications
SWE-401 - 4. Software Requirement Specifications SWE-401 - 4. Software Requirement Specifications
SWE-401 - 4. Software Requirement Specifications
ghayour abbas
 
SWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software EngineeringSWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software Engineering
ghayour abbas
 

What's hot (20)

Software Reuse
Software ReuseSoftware Reuse
Software Reuse
 
Software Reengineering
Software ReengineeringSoftware Reengineering
Software Reengineering
 
Reengineering including reverse & forward Engineering
Reengineering including reverse & forward EngineeringReengineering including reverse & forward Engineering
Reengineering including reverse & forward Engineering
 
Ui design final
Ui design finalUi design final
Ui design final
 
Software reuse ppt.
Software reuse ppt.Software reuse ppt.
Software reuse ppt.
 
Software component reuse repository
Software component reuse repositorySoftware component reuse repository
Software component reuse repository
 
Software Re-Engineering in Software Engineering SE28
Software Re-Engineering in Software Engineering SE28Software Re-Engineering in Software Engineering SE28
Software Re-Engineering in Software Engineering SE28
 
Software Reuse: Challenges and Business Success
Software Reuse: Challenges and Business SuccessSoftware Reuse: Challenges and Business Success
Software Reuse: Challenges and Business Success
 
Software resuse
Software resuseSoftware resuse
Software resuse
 
A cost model for software reuse
A cost model for software reuseA cost model for software reuse
A cost model for software reuse
 
Mit104 software engineering
Mit104 software engineeringMit104 software engineering
Mit104 software engineering
 
software project management
software project managementsoftware project management
software project management
 
Software engineering: design for reuse
Software engineering: design for reuseSoftware engineering: design for reuse
Software engineering: design for reuse
 
Cots integration
Cots integrationCots integration
Cots integration
 
Reusability
ReusabilityReusability
Reusability
 
SE18_Lec 00_Course Outline
SE18_Lec 00_Course OutlineSE18_Lec 00_Course Outline
SE18_Lec 00_Course Outline
 
CS6201 Software Reuse - Design Patterns
CS6201 Software Reuse - Design PatternsCS6201 Software Reuse - Design Patterns
CS6201 Software Reuse - Design Patterns
 
C.R.U.I.S.E. - Component Reuse In Software Engineering
C.R.U.I.S.E. - Component Reuse In Software EngineeringC.R.U.I.S.E. - Component Reuse In Software Engineering
C.R.U.I.S.E. - Component Reuse In Software Engineering
 
SWE-401 - 4. Software Requirement Specifications
SWE-401 - 4. Software Requirement Specifications SWE-401 - 4. Software Requirement Specifications
SWE-401 - 4. Software Requirement Specifications
 
SWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software EngineeringSWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software Engineering
 

Viewers also liked

Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
Parminder Singh
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web Applications
Porfirio Tramontana
 
Reverse Engineering for Documenting Software Architectures, a Literature Review
Reverse Engineering for Documenting Software Architectures, a Literature ReviewReverse Engineering for Documenting Software Architectures, a Literature Review
Reverse Engineering for Documenting Software Architectures, a Literature Review
Editor IJCATR
 
Reverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the SoftwareReverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the Software
Satria Ady Pradana
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureDharmalingam Ganesan
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its applicationmapqrs
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
ananya0122
 
Why z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIsWhy z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIs
Teodoro Cipresso
 
Reengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy SoftwareReengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy Software
Teodoro Cipresso
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
Teodoro Cipresso
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine Code
Teodoro Cipresso
 
Reversing and Patching Java Bytecode
Reversing and Patching Java BytecodeReversing and Patching Java Bytecode
Reversing and Patching Java Bytecode
Teodoro Cipresso
 
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Teodoro Cipresso
 
Bitonic Sort in Shared SIMD Array Processor
Bitonic Sort in Shared SIMD Array ProcessorBitonic Sort in Shared SIMD Array Processor
Bitonic Sort in Shared SIMD Array Processor
Asanka Dilruk
 
Make Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EEMake Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EE
Teodoro Cipresso
 

Viewers also liked (17)

Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web Applications
 
Reverse Engineering for Documenting Software Architectures, a Literature Review
Reverse Engineering for Documenting Software Architectures, a Literature ReviewReverse Engineering for Documenting Software Architectures, a Literature Review
Reverse Engineering for Documenting Software Architectures, a Literature Review
 
Reverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the SoftwareReverse Engineering - Protecting and Breaking the Software
Reverse Engineering - Protecting and Breaking the Software
 
Reverse Engineering of Software Architecture
Reverse Engineering of Software ArchitectureReverse Engineering of Software Architecture
Reverse Engineering of Software Architecture
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its application
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Why z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIsWhy z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIs
 
Reengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy SoftwareReengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy Software
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine Code
 
Reversing and Patching Java Bytecode
Reversing and Patching Java BytecodeReversing and Patching Java Bytecode
Reversing and Patching Java Bytecode
 
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
 
Bitonic Sort in Shared SIMD Array Processor
Bitonic Sort in Shared SIMD Array ProcessorBitonic Sort in Shared SIMD Array Processor
Bitonic Sort in Shared SIMD Array Processor
 
Make Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EEMake Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EE
 
Array Processor
Array ProcessorArray Processor
Array Processor
 
CO Module 5
CO Module 5CO Module 5
CO Module 5
 

Similar to Introduction to Software Reverse Engineering

International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
IJERD Editor
 
se01.ppt
se01.pptse01.ppt
se01.ppt
xiso
 
Slides chapter 1
Slides chapter 1Slides chapter 1
Slides chapter 1gvkmku
 
SE Introduction sharbani bhattacharya
SE Introduction sharbani bhattacharyaSE Introduction sharbani bhattacharya
SE Introduction sharbani bhattacharya
Sharbani Bhattacharya
 
Software Development Life Cycle
Software Development Life Cycle Software Development Life Cycle
Software Development Life Cycle
Dr. Ranjan Kumar Mishra
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of Code
IRJET Journal
 
Lecture 2 | Industry, Career Paths, Essential Skills
Lecture 2 | Industry, Career Paths, Essential SkillsLecture 2 | Industry, Career Paths, Essential Skills
Lecture 2 | Industry, Career Paths, Essential Skills
osamahjaleel
 
SE chp1 update and learning management .pptx
SE chp1 update and learning management .pptxSE chp1 update and learning management .pptx
SE chp1 update and learning management .pptx
ssuserdee5bb1
 
SOFDESG 01 Introduction.pdf
SOFDESG 01 Introduction.pdfSOFDESG 01 Introduction.pdf
SOFDESG 01 Introduction.pdf
JimCValencia1
 
Slides chapter 1
Slides chapter 1Slides chapter 1
Slides chapter 1
13harpreet
 
ccs356-software-engineering-notes.pdf
ccs356-software-engineering-notes.pdfccs356-software-engineering-notes.pdf
ccs356-software-engineering-notes.pdf
VijayakumarKadumbadi
 
Intro
IntroIntro
Intro
hinaaaa123
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
ssusere16bd9
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
ssusere16bd9
 
software
softwaresoftware
software
mansab MIRZA
 
software development and programming languages
software development and programming languages software development and programming languages
software development and programming languages
PraShant Kumar
 
You're the Engineer! Think Big!
You're the Engineer! Think Big!You're the Engineer! Think Big!
You're the Engineer! Think Big!
Fatih Karatana
 
Software engineering
Software engineeringSoftware engineering
Software engineering
Prakash Poudel
 
SE-TEXT-BOOK_Material.doc
SE-TEXT-BOOK_Material.docSE-TEXT-BOOK_Material.doc
SE-TEXT-BOOK_Material.doc
DrPreethiD1
 

Similar to Introduction to Software Reverse Engineering (20)

International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
se01.ppt
se01.pptse01.ppt
se01.ppt
 
Slides chapter 1
Slides chapter 1Slides chapter 1
Slides chapter 1
 
SE Introduction sharbani bhattacharya
SE Introduction sharbani bhattacharyaSE Introduction sharbani bhattacharya
SE Introduction sharbani bhattacharya
 
Software Development Life Cycle
Software Development Life Cycle Software Development Life Cycle
Software Development Life Cycle
 
IRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of CodeIRJET- Obfuscation: Maze of Code
IRJET- Obfuscation: Maze of Code
 
Lecture 2 | Industry, Career Paths, Essential Skills
Lecture 2 | Industry, Career Paths, Essential SkillsLecture 2 | Industry, Career Paths, Essential Skills
Lecture 2 | Industry, Career Paths, Essential Skills
 
SE chp1 update and learning management .pptx
SE chp1 update and learning management .pptxSE chp1 update and learning management .pptx
SE chp1 update and learning management .pptx
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
SOFDESG 01 Introduction.pdf
SOFDESG 01 Introduction.pdfSOFDESG 01 Introduction.pdf
SOFDESG 01 Introduction.pdf
 
Slides chapter 1
Slides chapter 1Slides chapter 1
Slides chapter 1
 
ccs356-software-engineering-notes.pdf
ccs356-software-engineering-notes.pdfccs356-software-engineering-notes.pdf
ccs356-software-engineering-notes.pdf
 
Intro
IntroIntro
Intro
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
 
SE Lecture 1.ppt
SE Lecture 1.pptSE Lecture 1.ppt
SE Lecture 1.ppt
 
software
softwaresoftware
software
 
software development and programming languages
software development and programming languages software development and programming languages
software development and programming languages
 
You're the Engineer! Think Big!
You're the Engineer! Think Big!You're the Engineer! Think Big!
You're the Engineer! Think Big!
 
Software engineering
Software engineeringSoftware engineering
Software engineering
 
SE-TEXT-BOOK_Material.doc
SE-TEXT-BOOK_Material.docSE-TEXT-BOOK_Material.doc
SE-TEXT-BOOK_Material.doc
 

Recently uploaded

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 

Recently uploaded (20)

In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 

Introduction to Software Reverse Engineering

  • 1. CS266 Software Reverse Engineering (SRE) Introduction to Software Reverse Engineering Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu Department of Computer Science San José State University Spring 2015 The information in this presentation is taken from the thesis “Software reverse engineering education” available at http://scholarworks.sjsu.edu/etd_theses/3734/ where all citations can be found.
  • 2. Introduction to Software Reverse Engineering  From very early on in life we engage in constant investigation of existing things to understand how and even why they work.  Software Reverse Engineering (SRE) calls upon this investigative nature when one needs to learn how and why, often in the absence of adequate documentation, an existing piece of software—helpful or malicious—works.  More formally, SRE can be described as the practice of analyzing a software system to create abstractions that identify the individual components and their dependencies, and, if possible, the overall system architecture [1],[2].  Once the components and design of an existing system have been recovered, it becomes possible to repair and even enhance them.  Events in recent history have caused SRE to become a very active area of research. 2
  • 3. Introduction to Software Reverse Engineering (cont’d)  In the early nineties, the Y2K problem spurred the need for the development of tools that could read large amounts of source or binary code for the 2-digit year vulnerability [2].  in the mid to late nineties, the adoption of the Internet by businesses brought about the need to understand in-house legacy systems so that the information held within them could be made available on the Web [3].  The desire for businesses to expand to the Internet for what was promised to be limitless potential for new revenue caused the creation of many Business to Consumer (B2C) web sites. 3
  • 4. Introduction to Software Reverse Engineering (cont’d)  Today’s technology is unfortunately tomorrow’s legacy system.  It may seem that the need for SRE can be lessened by simply maintaining good documentation for all software that is written.  It would definitely decrease the need, but not become a reality.  Going forward, “the” vision is to include SRE incrementally, as part of the normal development, or “forward engineering” of software systems.  This would help avoid the typical situation where detailed information about a software system such as its architecture, design constraints, and trade-offs are found only in the memory of its developer [1]. 4
  • 5. Reverse Engineering in Software Development  While a great deal of software that has been written is no longer in use, a considerable amount has survived for decades and continues to run the global economy.  The reality of the situation is that 70% of the source code in the entire world is written in COBOL [3]...  Compounding the situation is the fact that a great deal of legacy code is poorly designed and documented [3].  COBOL programs are in use globally in governmental and military agencies, in commercial enterprises, and on operating systems such as IBM's z/OS®, Microsoft's Windows®, and the POSIX families (Unix/Linux etc.) [6]. 5
  • 6. Reverse Engineering in Software Development (cont’d)  In 1997, the Gartner Group reported that 80% of the world's business ran on COBOL with over 200 billion lines of code in existence and with an estimated 5 billion lines of new code annually [6]. More recently…  [http://simplicity.laserfiche.com/content/looking-job-hows-your-cobol]  This article from Aug 04, 2014 suggests millennials learn COBOL   COBOL supports 90 percent of Fortune 500 business systems every day.  70 percent of all critical business logic and data is written in COBOL.  COBOL powers 85 percent of all daily business transactions processed.  1.5 million new lines of COBOL code are written every day.  Do we have source code for all of these applications? 6
  • 7. Reverse Engineering in Software Development (cont’d)  Whenever computer scientists or software engineers are engaged with evolving an existing system, fifty to ninety percent of the work effort is spent on program understanding [3]…  “Practice with reverse engineering techniques improves ability to understand a given system quickly and efficiently.”  Even though several tools already exist to aid software engineers with the program understanding process, the tools focus on transferring information about a software system’s design into the mind of the developer [1].  [4] states “commercial reverse engineering tools produce various kinds of output, but software engineers usually don’t how to interpret and use these pictures and reports.” 7
  • 8. Reverse Engineering in Software Development (cont’d) 8 Software development process in a typical enterprise software system.
  • 9. Reverse Engineering in Software Development (cont’d) 9 Development-related software reverse engineering scenarios.
  • 10. Reverse Engineering in Software Development (cont’d)  Achieving Interoperability with Proprietary Software:  Develop applications or device drivers that interoperate (use) proprietary libraries in operating systems or applications.  Verification that Implementation Matches Design:  Verify that code produced during the forward development process matches the envisioned design by reversing the code back into an abstract design.  Evaluating Software Quality and Robustness:  Ensure the quality of software before purchasing it by performing heuristic analysis of the binaries to check for certain instruction sequences that appear in poor quality code. 10
  • 11. Reverse Engineering in Software Development (cont’d)  Legacy Software Maintenance, Re-engineering, and Evolution:  Recover the design of legacy software modules when source is not available to make possible the maintenance, evolution, and reuse of the modules. 11
  • 12. Reverse Engineering in Software Development (cont’d)  From the perspective of a software company, it is highly desirable that the its products are difficult to pirate and reverse engineer.  Making software difficult to reverse engineer seems to be in conflict with the idea of being able to recover the software’s design later on for maintenance and evolution.  Manufacturers usually don’t apply anti-reverse engineering transformations to software binaries until it is packaged for shipment to customers.  invest time in making software difficult to reverse engineer if there are algorithms that make the product stand out from the competition.  Making software difficult to pirate or reverse engineer is often a moving target and requires special skills and understanding on the part of the developer. 12
  • 13. Reverse Engineering in Software Security (cont’d)  [3] “to defeat a crook you have to think like one.”  By reverse engineering viruses or other malicious software, programmers can learn their inner workings and witness first-hand how vulnerabilities find their way into computer programs.  Interpreted languages like Java, JavaScript, Python…, which do not require programmers to manage low-level system details, have become ubiquitous.  In favor of productivity, programmers have increasingly lost touch with what happens in a system during execution of programs. 13
  • 14. Reverse Engineering in Software Security (cont’d) 14 Security-related software reverse engineering scenarios.
  • 15. Reverse Engineering in Software Security (cont’d)  Detecting and Neutralizing Viruses and Malware:  Detect, analyze, or neutralize (clean) malware, viruses, spyware, and adware.  Testing Cryptographic Algorithms for Weaknesses:  Test the level of data security provided by a given cryptographic algorithm by analyzing it for weaknesses.  Testing DRM or License Protection (anti-reversing):  Protect software and media digital-rights through application and testing of anti-reversing techniques. 15
  • 16. Reverse Engineering in Software Security (cont’d)  Auditing the Security of Program Binaries:  Audit a program for security vulnerabilities without access to the source code by scanning instruction sequences for potential exploits. 16
  • 17. 17