SlideShare a Scribd company logo

Reverse engineering

Download as PPTX, PDF
Yuffie Valen
Yuffie Valen
Technology
1 of 24
What is Reverse Engineering ?  You have an unexpected case: • You finished one project using Java • Your program runs fine • But, by accident, you delete the java file • How to handle this in your project? Reverse Engineering
What is Reverse Engineering ?  Reverse Engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.
What is Reverse Engineering ?  It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings.
In Terms of Software  To retrieve the source code of a program  To study how the program performs certain operations  To improve the performance of a program  To fix a bug  To identify malicious content in a program
Reverse Engineering Applications:  Security Related • Reversing has been employed in encryption research • With malicious software, on both ends of the fence • Crackers
Reverse Engineering Applications:  Software Development Related • Evaluating software quality and robustness • Achieving interoperability with propriety software • Developing competing software
Why do we need RE ?  Reasons • Product Analysis To examine how a product works, what components it consists of, estimate costs, and identify potential patent infringement. • Lost Documentation Reverse engineering often is done because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available
Why do we need RE ?  Reasons • Software Modernization In order to understand the 'as is' state of existing or legacy software in order to properly estimate the effort required to migrate system knowledge into a 'to be' state. • Learning Learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
Why do we need RE ?  Reasons • The original manufacturer of a product no longer produces a product • The original manufacturer no longer exists, but a customer needs the product • To analyze the good and bad features of competitors' product • Strengthen the good features of a product based on long-term usage of the product
Why do we need RE ?  Benefits • Understand existing design • Quality improvements • Competitive advantages • Software reuse facilitation • No need to start from scratch
Two Levels of Reversing  System Level Reversing • Running various tools on the program and utilizing various operating system services • To obtain information, inspect program executables, track program input and output, and so forth
 Code Level Reversing • Extracting design concepts and algorithms from a program • Observes the code from a very low-level • Many of these details are generated automatically by the compiler Two Levels of Reversing
Requirements Analysis Design Implementation Forward engineering Reverse engineering Software engineering
Procedure  Collect information • Collect all possible information about the program. • Sources of information include source code, design documents and documentation for system calls and external routines.  Examine information • Review the collected information • A plan for dissecting the program and recording the recovered information can be formulated during this stage.
Procedure  Extract structure • Identify the structure of the program and use this to create a set of structure charts. • Each node in the structure chart corresponds to a routine called in the program • The chart records the calling hierarchy of the program.  Record functionality • For each node in the structure chart, record the processing done in the program routine corresponding to that node.
Procedure  Record data-flow • The recovered program structure can be analysed to identify data transformations in the software. • These transformation steps show the data processing done in the program.  Record control-flow • Identify the high-level control structure of the program and record it using control-flow diagrams. • This refers to high-level control that affects the overall operation of the software.
Procedure  Review recovered design • Review the design to verify that it correctly • represents the program. • Identify any missing items of information and attempt to locate them.  Generate documentation • The final step is to generate design documentation. • Information explaining the purpose of the program, program-overview, history, etc will need to be recorded.
 System Monitoring Tools • System-level reversing requires a variety of tools that sniff, monitor, explore, and otherwise expose the program being reversed • Display information gathered by the operating system about the application and its environment Reverse Engineering Tools
 Disassembler • Converts exe to assembly - as best it can • Relatively simple process • Sometimes are difficult to understand Reverse Engineering Tools
 Debugger • Reversers use debuggers in disassembly mode • Reversers can install breakpoints in locations of interest in the disassembled code and then examine the state of the program Reverse Engineering Tools
 Decompiler • Decompile a binary programs into high level source language • Replace all binary code that could not be decompiled with assembly code Reverse Engineering Tools
Unethical ???  The legal debate around reverse engineering has been going on for years  The reverse engineering of software in the US is generally a breach of contract as most EULAs specifically prohibit it  EU allows reverse engineering for the purposes of interoperability.
Reverse engineering

Recommended

Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
Parminder Singh
 
Software design
Software designSoftware design
Software design
Benazir Fathima
 
Reverse engineering in software engineering vaibhav
Reverse engineering in software engineering vaibhavReverse engineering in software engineering vaibhav
Reverse engineering in software engineering vaibhav
Mani Kanth
 
Software maintenance
Software maintenance Software maintenance
Software maintenance
Rajeev Sharan
 
Code Refactoring
Code RefactoringCode Refactoring
Code Refactoring
Harbinger Systems - HRTech Builder of Choice
 
Software design methodologies
Software design methodologiesSoftware design methodologies
Software design methodologies
Dr. C.V. Suresh Babu
 
6 - Architetture Software - Model transformation
6 - Architetture Software - Model transformation6 - Architetture Software - Model transformation
6 - Architetture Software - Model transformation
Majong DevJfu
 
Introduction to Software Project Management
Introduction to Software Project ManagementIntroduction to Software Project Management
Introduction to Software Project Management
Reetesh Gupta
 

Recommended

Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
Parminder Singh
 
Software design
Software designSoftware design
Software design
Benazir Fathima
 
Reverse engineering in software engineering vaibhav
Reverse engineering in software engineering vaibhavReverse engineering in software engineering vaibhav
Reverse engineering in software engineering vaibhav
Mani Kanth
 
Software maintenance
Software maintenance Software maintenance
Software maintenance
Rajeev Sharan
 
Code Refactoring
Code RefactoringCode Refactoring
Code Refactoring
Harbinger Systems - HRTech Builder of Choice
 
Software design methodologies
Software design methodologiesSoftware design methodologies
Software design methodologies
Dr. C.V. Suresh Babu
 
6 - Architetture Software - Model transformation
6 - Architetture Software - Model transformation6 - Architetture Software - Model transformation
6 - Architetture Software - Model transformation
Majong DevJfu
 
Introduction to Software Project Management
Introduction to Software Project ManagementIntroduction to Software Project Management
Introduction to Software Project Management
Reetesh Gupta
 
Software Verification & Validation
Software Verification & ValidationSoftware Verification & Validation
Software Verification & Validation
university of education,Lahore
 
Software Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse EngineeringSoftware Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse Engineering
Ali Raza
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Manish Kumar
 
Software design
Software designSoftware design
Software design
Syed Muhammad Hammad-ud-Din
 
Unit1
Unit1Unit1
Unit1
anuragmbst
 
Software Architecture
Software ArchitectureSoftware Architecture
Software Architecture
Prabhat gangwar
 
Software Engineering - Basics
Software Engineering - BasicsSoftware Engineering - Basics
Software Engineering - Basics
Purvik Rana
 
Software Development Life Cycle
Software Development Life CycleSoftware Development Life Cycle
Software Development Life Cycle
Slideshare
 
Structured system analysis
Structured system analysisStructured system analysis
Structured system analysis
learnt
 
Cocomo
CocomoCocomo
Cocomo
Yunis Lone
 
Requirements elicitation
Requirements elicitationRequirements elicitation
Requirements elicitation
Syed Zaid Irshad
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
jabedskakib
 
Rad model
Rad modelRad model
Rad model
Dyanara Pritz Menia
 
List of Software Development Model and Methods
List of Software Development Model and MethodsList of Software Development Model and Methods
List of Software Development Model and Methods
Riant Soft
 
Rational Unified Process
Rational Unified ProcessRational Unified Process
Rational Unified Process
Kumar
 
The Software Development Process
The Software Development ProcessThe Software Development Process
The Software Development Process
Cesar Augusto Nogueira
 
Slides chapter 2
Slides chapter 2Slides chapter 2
Slides chapter 2
Priyanka Shetty
 
Software requirement and specification
Software requirement and specificationSoftware requirement and specification
Software requirement and specification
Aman Adhikari
 
rules of formulating network planning model .
rules of formulating network planning model .rules of formulating network planning model .
rules of formulating network planning model .
ritambharaaatre
 
Resource Allocation In Software Project Management
Resource Allocation In Software Project ManagementResource Allocation In Software Project Management
Resource Allocation In Software Project Management
Syed Hassan Ali
 
Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse Engineering
Gopinath Chintala
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Syed Zillay Ali
 

More Related Content

What's hot

Software Development Life Cycle
Software Development Life CycleSoftware Development Life Cycle
Software Development Life Cycle
Slideshare
 
Structured system analysis
Structured system analysisStructured system analysis
Structured system analysis
learnt
 

What's hot (20)

Software Verification & Validation
Software Verification & ValidationSoftware Verification & Validation
Software Verification & Validation
 
Software Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse EngineeringSoftware Re-engineering Forward & Reverse Engineering
Software Re-engineering Forward & Reverse Engineering
 
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software EngineeringMaintenance, Re-engineering &Reverse Engineering in Software Engineering
Maintenance, Re-engineering &Reverse Engineering in Software Engineering
 
Software design
Software designSoftware design
Software design
 
Unit1
Unit1Unit1
Unit1
 
Software Architecture
Software ArchitectureSoftware Architecture
Software Architecture
 
Software Engineering - Basics
Software Engineering - BasicsSoftware Engineering - Basics
Software Engineering - Basics
 
Software Development Life Cycle
Software Development Life CycleSoftware Development Life Cycle
Software Development Life Cycle
 
Structured system analysis
Structured system analysisStructured system analysis
Structured system analysis
 
Cocomo
CocomoCocomo
Cocomo
 
Requirements elicitation
Requirements elicitationRequirements elicitation
Requirements elicitation
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Rad model
Rad modelRad model
Rad model
 
List of Software Development Model and Methods
List of Software Development Model and MethodsList of Software Development Model and Methods
List of Software Development Model and Methods
 
Rational Unified Process
Rational Unified ProcessRational Unified Process
Rational Unified Process
 
The Software Development Process
The Software Development ProcessThe Software Development Process
The Software Development Process
 
Slides chapter 2
Slides chapter 2Slides chapter 2
Slides chapter 2
 
Software requirement and specification
Software requirement and specificationSoftware requirement and specification
Software requirement and specification
 
rules of formulating network planning model .
rules of formulating network planning model .rules of formulating network planning model .
rules of formulating network planning model .
 
Resource Allocation In Software Project Management
Resource Allocation In Software Project ManagementResource Allocation In Software Project Management
Resource Allocation In Software Project Management
 

Viewers also liked

Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse Engineering
Gopinath Chintala
 
Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse Engineering
Dobromir Enchev
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineering
dswanson
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its application
mapqrs
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Saswat Padhi
 

Viewers also liked (20)

Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse Engineering
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Introduction to Reverse Engineering
Introduction to Reverse EngineeringIntroduction to Reverse Engineering
Introduction to Reverse Engineering
 
Reverse Engineering
Reverse EngineeringReverse Engineering
Reverse Engineering
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its application
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Binary exploitation - AIS3
Binary exploitation - AIS3Binary exploitation - AIS3
Binary exploitation - AIS3
 
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
SECCON 2016 Online CTF [Memory Analysis] Write-Up (ver.korean)
 
Bug hunting through_reverse_engineering
Bug hunting through_reverse_engineeringBug hunting through_reverse_engineering
Bug hunting through_reverse_engineering
 
Glibc malloc internal
Glibc malloc internalGlibc malloc internal
Glibc malloc internal
 
Sigreturn Oriented Programming
Sigreturn Oriented ProgrammingSigreturn Oriented Programming
Sigreturn Oriented Programming
 
Advanced heap exploitaion
Advanced heap exploitaionAdvanced heap exploitaion
Advanced heap exploitaion
 
Heap exploitation
Heap exploitationHeap exploitation
Heap exploitation
 
Play with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniquePlay with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit Technique
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Tools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning processTools for capacity planning, measurement of capacity, capacity planning process
Tools for capacity planning, measurement of capacity, capacity planning process
 
intra and inter personal relations
intra and inter personal relationsintra and inter personal relations
intra and inter personal relations
 
Measuring capacity lesson3
Measuring capacity lesson3Measuring capacity lesson3
Measuring capacity lesson3
 
Line balancing
Line balancing Line balancing
Line balancing
 

Similar to Reverse engineering

Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
Process model rup
Process model rupProcess model rup
Process model rup
Aryan Ajmer
 

Similar to Reverse engineering (20)

SE Unit-1.pptx
SE Unit-1.pptxSE Unit-1.pptx
SE Unit-1.pptx
 
Software Development
Software DevelopmentSoftware Development
Software Development
 
Software testing introduction
Software testing introductionSoftware testing introduction
Software testing introduction
 
Software Engineering Introduction
Software Engineering IntroductionSoftware Engineering Introduction
Software Engineering Introduction
 
Software Engineering in 6 hours of knowledge gate
Software Engineering in 6 hours of knowledge gateSoftware Engineering in 6 hours of knowledge gate
Software Engineering in 6 hours of knowledge gate
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
Unit_1(Software and Software Engineering).pptx
Unit_1(Software and Software Engineering).pptxUnit_1(Software and Software Engineering).pptx
Unit_1(Software and Software Engineering).pptx
 
Introduction to Requirement engineering
Introduction to Requirement engineeringIntroduction to Requirement engineering
Introduction to Requirement engineering
 
Software Engineering - Introdution.ppt
Software Engineering - Introdution.pptSoftware Engineering - Introdution.ppt
Software Engineering - Introdution.ppt
 
Processes of website application development
Processes of website application developmentProcesses of website application development
Processes of website application development
 
OOSE UNIT-1.pdf
OOSE UNIT-1.pdfOOSE UNIT-1.pdf
OOSE UNIT-1.pdf
 
Greate Introduction to Software Engineering @ Track IT Academy
Greate Introduction to Software Engineering @ Track IT AcademyGreate Introduction to Software Engineering @ Track IT Academy
Greate Introduction to Software Engineering @ Track IT Academy
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
 
Process model rup
Process model rupProcess model rup
Process model rup
 
Inventory managment system
Inventory managment systemInventory managment system
Inventory managment system
 
Lecture 2 (Software Processes)
Lecture 2 (Software Processes)Lecture 2 (Software Processes)
Lecture 2 (Software Processes)
 
Fa10 mcs-005
Fa10 mcs-005Fa10 mcs-005
Fa10 mcs-005
 
Coding - SDLC Model
Coding - SDLC ModelCoding - SDLC Model
Coding - SDLC Model
 
SE-Unit I.pptx
SE-Unit I.pptxSE-Unit I.pptx
SE-Unit I.pptx
 
Soft engg introduction and process models
Soft engg introduction and process modelsSoft engg introduction and process models
Soft engg introduction and process models
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Reverse engineering

  • 1.
  • 2. What is Reverse Engineering ?  You have an unexpected case: • You finished one project using Java • Your program runs fine • But, by accident, you delete the java file • How to handle this in your project? Reverse Engineering
  • 3. What is Reverse Engineering ?  Reverse Engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.
  • 4. What is Reverse Engineering ?  It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings.
  • 5. In Terms of Software  To retrieve the source code of a program  To study how the program performs certain operations  To improve the performance of a program  To fix a bug  To identify malicious content in a program
  • 6. Reverse Engineering Applications:  Security Related • Reversing has been employed in encryption research • With malicious software, on both ends of the fence • Crackers
  • 7. Reverse Engineering Applications:  Software Development Related • Evaluating software quality and robustness • Achieving interoperability with propriety software • Developing competing software
  • 8. Why do we need RE ?  Reasons • Product Analysis To examine how a product works, what components it consists of, estimate costs, and identify potential patent infringement. • Lost Documentation Reverse engineering often is done because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available
  • 9. Why do we need RE ?  Reasons • Software Modernization In order to understand the 'as is' state of existing or legacy software in order to properly estimate the effort required to migrate system knowledge into a 'to be' state. • Learning Learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
  • 10. Why do we need RE ?  Reasons • The original manufacturer of a product no longer produces a product • The original manufacturer no longer exists, but a customer needs the product • To analyze the good and bad features of competitors' product • Strengthen the good features of a product based on long-term usage of the product
  • 11. Why do we need RE ?  Benefits • Understand existing design • Quality improvements • Competitive advantages • Software reuse facilitation • No need to start from scratch
  • 12. Two Levels of Reversing  System Level Reversing • Running various tools on the program and utilizing various operating system services • To obtain information, inspect program executables, track program input and output, and so forth
  • 13.  Code Level Reversing • Extracting design concepts and algorithms from a program • Observes the code from a very low-level • Many of these details are generated automatically by the compiler Two Levels of Reversing
  • 15. Procedure  Collect information • Collect all possible information about the program. • Sources of information include source code, design documents and documentation for system calls and external routines.  Examine information • Review the collected information • A plan for dissecting the program and recording the recovered information can be formulated during this stage.
  • 16. Procedure  Extract structure • Identify the structure of the program and use this to create a set of structure charts. • Each node in the structure chart corresponds to a routine called in the program • The chart records the calling hierarchy of the program.  Record functionality • For each node in the structure chart, record the processing done in the program routine corresponding to that node.
  • 17. Procedure  Record data-flow • The recovered program structure can be analysed to identify data transformations in the software. • These transformation steps show the data processing done in the program.  Record control-flow • Identify the high-level control structure of the program and record it using control-flow diagrams. • This refers to high-level control that affects the overall operation of the software.
  • 18. Procedure  Review recovered design • Review the design to verify that it correctly • represents the program. • Identify any missing items of information and attempt to locate them.  Generate documentation • The final step is to generate design documentation. • Information explaining the purpose of the program, program-overview, history, etc will need to be recorded.
  • 19.  System Monitoring Tools • System-level reversing requires a variety of tools that sniff, monitor, explore, and otherwise expose the program being reversed • Display information gathered by the operating system about the application and its environment Reverse Engineering Tools
  • 20.  Disassembler • Converts exe to assembly - as best it can • Relatively simple process • Sometimes are difficult to understand Reverse Engineering Tools
  • 21.  Debugger • Reversers use debuggers in disassembly mode • Reversers can install breakpoints in locations of interest in the disassembled code and then examine the state of the program Reverse Engineering Tools
  • 22.  Decompiler • Decompile a binary programs into high level source language • Replace all binary code that could not be decompiled with assembly code Reverse Engineering Tools
  • 23. Unethical ???  The legal debate around reverse engineering has been going on for years  The reverse engineering of software in the US is generally a breach of contract as most EULAs specifically prohibit it  EU allows reverse engineering for the purposes of interoperability.