Boost PC performance: How more available memory can improve productivity
Reverse engineering
1.
2. What is Reverse Engineering ?
You have an unexpected case:
• You finished one project using Java
• Your program runs fine
• But, by accident, you delete the java file
• How to handle this in your project?
Reverse Engineering
3. What is Reverse Engineering ?
Reverse Engineering is the process of
discovering the technological principles of a
device, object, or system through analysis of
its structure, function, and operation.
4. What is Reverse Engineering ?
It often involves taking something (e.g.,
a mechanical device, electronic
component, software program, or biological,
chemical, or organic matter) apart and
analyzing its workings.
5. In Terms of Software
To retrieve the source code of a program
To study how the program performs certain
operations
To improve the performance of a program
To fix a bug
To identify malicious content in a program
7. Reverse Engineering
Applications:
Software Development Related
• Evaluating software quality and robustness
• Achieving interoperability with propriety
software
• Developing competing software
8. Why do we need RE ?
Reasons
• Product Analysis
To examine how a product works, what
components it consists of, estimate costs, and
identify potential patent infringement.
• Lost Documentation
Reverse engineering often is done because
the documentation of a particular device has been
lost (or was never written), and the person who built
it is no longer available
9. Why do we need RE ?
Reasons
• Software Modernization
In order to understand the 'as is' state of
existing or legacy software in order to properly
estimate the effort required to migrate system
knowledge into a 'to be' state.
• Learning
Learn from others' mistakes. Do not make
the same mistakes that others have already made
and subsequently corrected.
10. Why do we need RE ?
Reasons
• The original manufacturer of a product no
longer produces a product
• The original manufacturer no longer exists,
but a customer needs the product
• To analyze the good and bad features of
competitors' product
• Strengthen the good features of a product
based on long-term usage of the product
11. Why do we need RE ?
Benefits
• Understand existing design
• Quality improvements
• Competitive advantages
• Software reuse facilitation
• No need to start from scratch
12. Two Levels of Reversing
System Level Reversing
• Running various tools on the program and
utilizing various operating system services
• To obtain information, inspect program
executables, track program input and output,
and so forth
13. Code Level Reversing
• Extracting design concepts and algorithms
from a program
• Observes the code from a very low-level
• Many of these details are generated
automatically by the compiler
Two Levels of Reversing
15. Procedure
Collect information
• Collect all possible information about the program.
• Sources of information include source code, design
documents and documentation for system calls and
external routines.
Examine information
• Review the collected information
• A plan for dissecting the program and recording the
recovered information can be formulated during this
stage.
16. Procedure
Extract structure
• Identify the structure of the program and use this to
create a set of structure charts.
• Each node in the structure chart corresponds to a
routine called in the program
• The chart records the calling hierarchy of the
program.
Record functionality
• For each node in the structure chart, record the
processing done in the program routine
corresponding to that node.
17. Procedure
Record data-flow
• The recovered program structure can be analysed to
identify data transformations in the software.
• These transformation steps show the data
processing done in the program.
Record control-flow
• Identify the high-level control structure of the
program and record it using control-flow diagrams.
• This refers to high-level control that affects the
overall operation of the software.
18. Procedure
Review recovered design
• Review the design to verify that it correctly
• represents the program.
• Identify any missing items of information and
attempt to locate them.
Generate documentation
• The final step is to generate design documentation.
• Information explaining the purpose of the program,
program-overview, history, etc will need to be
recorded.
19. System Monitoring Tools
• System-level reversing requires a variety of tools
that sniff, monitor, explore, and otherwise
expose the program being reversed
• Display information gathered by the operating
system about the application and its
environment
Reverse Engineering Tools
20. Disassembler
• Converts exe to assembly - as best it can
• Relatively simple process
• Sometimes are difficult to understand
Reverse Engineering Tools
21. Debugger
• Reversers use debuggers in disassembly
mode
• Reversers can install breakpoints in locations
of interest in the disassembled code and
then examine the state of the program
Reverse Engineering Tools
22. Decompiler
• Decompile a binary programs into high level
source language
• Replace all binary code that could not be
decompiled with assembly code
Reverse Engineering Tools
23. Unethical ???
The legal debate around reverse engineering
has been going on for years
The reverse engineering of software in the
US is generally a breach of contract as
most EULAs specifically prohibit it
EU allows reverse engineering for the
purposes of interoperability.