Upload
yuffie-valen
View
787
Download
12
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Reverse Engineering
What is Reverse Engineering ?
You have an unexpected case:• You finished one project using Java• Your program runs fine• But, by accident, you delete the java
file• How to handle this in your project?
Reverse Engineering
What is Reverse Engineering ?
Reverse Engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.
What is Reverse Engineering ?
It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings.
In Terms of Software
To retrieve the source code of a program To study how the program performs
certain operations To improve the performance of a program To fix a bug To identify malicious content in a
program
Reverse Engineering Applications:
Security Related
• Reversing has been employed in encryption research
• With malicious software, on both ends of the fence
• Crackers
Reverse Engineering Applications:
Software Development Related
• Evaluating software quality and robustness
• Achieving interoperability with propriety software
• Developing competing software
Why do we need RE ? Reasons
• Product Analysis To examine how a product works,
what components it consists of, estimate costs, and identify potential patent infringement.
• Lost DocumentationReverse engineering often is done
because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available
Why do we need RE ? Reasons
• Software ModernizationIn order to understand the 'as is'
state of existing or legacy software in order to properly estimate the effort required to migrate system knowledge into a 'to be' state.
• LearningLearn from others' mistakes. Do
not make the same mistakes that others have already made and subsequently corrected.
Why do we need RE ? Reasons
• The original manufacturer of a product no longer produces a product
• The original manufacturer no longer exists, but a customer needs the product
• To analyze the good and bad features of competitors' product
• Strengthen the good features of a product based on long-term usage of the product
Why do we need RE ? Benefits
• Understand existing design• Quality improvements• Competitive advantages• Software reuse facilitation• No need to start from scratch
Two Levels of Reversing System Level Reversing
• Running various tools on the program and utilizing various operating system services
• To obtain information, inspect program executables, track program input and output, and so forth
Code Level Reversing
• Extracting design concepts and algorithms from a program
• Observes the code from a very low-level
• Many of these details are generated automatically by the compiler
Two Levels of Reversing
Requirements
Analysis
Design
Implementation
Forward engineering
Reverse engineering
Software engineering
Procedure Collect information• Collect all possible information about the
program. • Sources of information include source code,
design documents and documentation for system calls and external routines.
Examine information• Review the collected information• A plan for dissecting the program and
recording the recovered information can be formulated during this stage.
Procedure Extract structure• Identify the structure of the program and use
this to create a set of structure charts. • Each node in the structure chart corresponds
to aroutine called in the program
• The chart records the calling hierarchy of the program.
Record functionality• For each node in the structure chart, record
the processing done in the program routine corresponding to that node.
Procedure
Record data-flow• The recovered program structure can be
analysed to identify data transformations in the software.
• These transformation steps show the data processing done in the program.
Record control-flow• Identify the high-level control structure of the
program and record it using control-flow diagrams.
• This refers to high-level control that affects the overall operation of the software.
Procedure
Review recovered design• Review the design to verify that it correctly• represents the program.• Identify any missing items of information and
attempt to locate them.
Generate documentation• The final step is to generate design
documentation.• Information explaining the purpose of the
program, program-overview, history, etc will need to be recorded.
System Monitoring Tools
• System-level reversing requires a variety of tools that sniff, monitor, explore, and otherwise expose the program being reversed
• Display information gathered by the operating system about the application and its environment
Reverse Engineering Tools
Disassembler• Converts exe to assembly - as best it
can
• Relatively simple process
• Sometimes are difficult to understand
Reverse Engineering Tools
Debugger
• Reversers use debuggers in disassembly mode
• Reversers can install breakpoints in locations of interest in the disassembled code and then examine the state of the program
Reverse Engineering Tools
Decompiler
• Decompile a binary programs into high level source language
• Replace all binary code that could not be decompiled with assembly code
Reverse Engineering Tools
Unethical ???
The legal debate around reverse engineering has been going on for years
The reverse engineering of software in the US is generally a breach of contract as most EULAs specifically prohibit it
EU allows reverse engineering for the purposes of interoperability.
Thank You!!!