Reverse engineering


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Reverse engineering

  1. 1. What is Reverse Engineering ? You have an unexpected case:• You finished one project using Java• Your program runs fine• But, by accident, you delete the java file• How to handle this in your project?Reverse Engineering
  2. 2. What is Reverse Engineering ? Reverse Engineering is the process ofdiscovering the technological principles of adevice, object, or system through analysis ofits structure, function, and operation.
  3. 3. What is Reverse Engineering ? It often involves taking something (e.g.,a mechanical device, electroniccomponent, software program, or biological,chemical, or organic matter) apart andanalyzing its workings.
  4. 4. In Terms of Software To retrieve the source code of a program To study how the program performs certainoperations To improve the performance of a program To fix a bug To identify malicious content in a program
  5. 5. Reverse EngineeringApplications: Security Related• Reversing has been employed in encryptionresearch• With malicious software, on both ends of thefence• Crackers
  6. 6. Reverse EngineeringApplications: Software Development Related• Evaluating software quality and robustness• Achieving interoperability with proprietysoftware• Developing competing software
  7. 7. Why do we need RE ? Reasons• Product AnalysisTo examine how a product works, whatcomponents it consists of, estimate costs, andidentify potential patent infringement.• Lost DocumentationReverse engineering often is done becausethe documentation of a particular device has beenlost (or was never written), and the person who builtit is no longer available
  8. 8. Why do we need RE ? Reasons• Software ModernizationIn order to understand the as is state ofexisting or legacy software in order to properlyestimate the effort required to migrate systemknowledge into a to be state.• LearningLearn from others mistakes. Do not makethe same mistakes that others have already madeand subsequently corrected.
  9. 9. Why do we need RE ? Reasons• The original manufacturer of a product nolonger produces a product• The original manufacturer no longer exists,but a customer needs the product• To analyze the good and bad features ofcompetitors product• Strengthen the good features of a productbased on long-term usage of the product
  10. 10. Why do we need RE ? Benefits• Understand existing design• Quality improvements• Competitive advantages• Software reuse facilitation• No need to start from scratch
  11. 11. Two Levels of Reversing System Level Reversing• Running various tools on the program andutilizing various operating system services• To obtain information, inspect programexecutables, track program input and output,and so forth
  12. 12.  Code Level Reversing• Extracting design concepts and algorithmsfrom a program• Observes the code from a very low-level• Many of these details are generatedautomatically by the compilerTwo Levels of Reversing
  13. 13. RequirementsAnalysisDesignImplementationForwardengineeringReverseengineeringSoftware engineering
  14. 14. Procedure Collect information• Collect all possible information about the program.• Sources of information include source code, designdocuments and documentation for system calls andexternal routines. Examine information• Review the collected information• A plan for dissecting the program and recording therecovered information can be formulated during thisstage.
  15. 15. Procedure Extract structure• Identify the structure of the program and use this tocreate a set of structure charts.• Each node in the structure chart corresponds to aroutine called in the program• The chart records the calling hierarchy of theprogram. Record functionality• For each node in the structure chart, record theprocessing done in the program routinecorresponding to that node.
  16. 16. Procedure Record data-flow• The recovered program structure can be analysed toidentify data transformations in the software.• These transformation steps show the dataprocessing done in the program. Record control-flow• Identify the high-level control structure of theprogram and record it using control-flow diagrams.• This refers to high-level control that affects theoverall operation of the software.
  17. 17. Procedure Review recovered design• Review the design to verify that it correctly• represents the program.• Identify any missing items of information andattempt to locate them. Generate documentation• The final step is to generate design documentation.• Information explaining the purpose of the program,program-overview, history, etc will need to berecorded.
  18. 18.  System Monitoring Tools• System-level reversing requires a variety of toolsthat sniff, monitor, explore, and otherwiseexpose the program being reversed• Display information gathered by the operatingsystem about the application and itsenvironmentReverse Engineering Tools
  19. 19.  Disassembler• Converts exe to assembly - as best it can• Relatively simple process• Sometimes are difficult to understandReverse Engineering Tools
  20. 20.  Debugger• Reversers use debuggers in disassemblymode• Reversers can install breakpoints in locationsof interest in the disassembled code andthen examine the state of the programReverse Engineering Tools
  21. 21.  Decompiler• Decompile a binary programs into high levelsource language• Replace all binary code that could not bedecompiled with assembly codeReverse Engineering Tools
  22. 22. Unethical ??? The legal debate around reverse engineeringhas been going on for years The reverse engineering of software in theUS is generally a breach of contract asmost EULAs specifically prohibit it EU allows reverse engineering for thepurposes of interoperability.