reverse engineering

Reverse Engineering

Upload: yuffie-valen

Post on 30-Nov-2014




12 download




Page 1: Reverse  engineering

Reverse Engineering

Page 2: Reverse  engineering

What is Reverse Engineering ?

You have an unexpected case:• You finished one project using Java• Your program runs fine• But, by accident, you delete the java

file• How to handle this in your project?

Reverse Engineering

Page 3: Reverse  engineering

What is Reverse Engineering ?

Reverse Engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.

Page 4: Reverse  engineering

What is Reverse Engineering ?

It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings.

Page 5: Reverse  engineering

In Terms of Software

To retrieve the source code of a program To study how the program performs

certain operations To improve the performance of a program To fix a bug To identify malicious content in a


Page 6: Reverse  engineering

Reverse Engineering Applications:

Security Related

• Reversing has been employed in encryption research

• With malicious software, on both ends of the fence

• Crackers

Page 7: Reverse  engineering

Reverse Engineering Applications:

Software Development Related

• Evaluating software quality and robustness

• Achieving interoperability with propriety software

• Developing competing software

Page 8: Reverse  engineering

Why do we need RE ? Reasons

• Product Analysis To examine how a product works,

what components it consists of, estimate costs, and identify potential patent infringement.

• Lost DocumentationReverse engineering often is done

because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available

Page 9: Reverse  engineering

Why do we need RE ? Reasons

• Software ModernizationIn order to understand the 'as is'

state of existing or legacy software in order to properly estimate the effort required to migrate system knowledge into a 'to be' state.

• LearningLearn from others' mistakes. Do

not make the same mistakes that others have already made and subsequently corrected.

Page 10: Reverse  engineering

Why do we need RE ? Reasons

• The original manufacturer of a product no longer produces a product

• The original manufacturer no longer exists, but a customer needs the product

• To analyze the good and bad features of competitors' product

• Strengthen the good features of a product based on long-term usage of the product

Page 11: Reverse  engineering

Why do we need RE ? Benefits

• Understand existing design• Quality improvements• Competitive advantages• Software reuse facilitation• No need to start from scratch

Page 12: Reverse  engineering

Two Levels of Reversing System Level Reversing

• Running various tools on the program and utilizing various operating system services

• To obtain information, inspect program executables, track program input and output, and so forth

Page 13: Reverse  engineering

Code Level Reversing

• Extracting design concepts and algorithms from a program

• Observes the code from a very low-level

• Many of these details are generated automatically by the compiler

Two Levels of Reversing

Page 14: Reverse  engineering





Forward engineering

Reverse engineering

Software engineering

Page 15: Reverse  engineering

Procedure Collect information• Collect all possible information about the

program. • Sources of information include source code,

design documents and documentation for system calls and external routines.

Examine information• Review the collected information• A plan for dissecting the program and

recording the recovered information can be formulated during this stage.

Page 16: Reverse  engineering

Procedure Extract structure• Identify the structure of the program and use

this to create a set of structure charts. • Each node in the structure chart corresponds

to aroutine called in the program

• The chart records the calling hierarchy of the program.

Record functionality• For each node in the structure chart, record

the processing done in the program routine corresponding to that node.

Page 17: Reverse  engineering


Record data-flow• The recovered program structure can be

analysed to identify data transformations in the software.

• These transformation steps show the data processing done in the program.

Record control-flow• Identify the high-level control structure of the

program and record it using control-flow diagrams.

• This refers to high-level control that affects the overall operation of the software.

Page 18: Reverse  engineering


Review recovered design• Review the design to verify that it correctly• represents the program.• Identify any missing items of information and

attempt to locate them.

Generate documentation• The final step is to generate design

documentation.• Information explaining the purpose of the

program, program-overview, history, etc will need to be recorded.

Page 19: Reverse  engineering

System Monitoring Tools

• System-level reversing requires a variety of tools that sniff, monitor, explore, and otherwise expose the program being reversed

• Display information gathered by the operating system about the application and its environment

Reverse Engineering Tools

Page 20: Reverse  engineering

Disassembler• Converts exe to assembly - as best it


• Relatively simple process

• Sometimes are difficult to understand

Reverse Engineering Tools

Page 21: Reverse  engineering


• Reversers use debuggers in disassembly mode

• Reversers can install breakpoints in locations of interest in the disassembled code and then examine the state of the program

Reverse Engineering Tools

Page 22: Reverse  engineering


• Decompile a binary programs into high level source language

• Replace all binary code that could not be decompiled with assembly code

Reverse Engineering Tools

Page 23: Reverse  engineering

Unethical ???

The legal debate around reverse engineering has been going on for years

The reverse engineering of software in the US is generally a breach of contract as most EULAs specifically prohibit it

EU allows reverse engineering for the purposes of interoperability.

Page 24: Reverse  engineering

Thank You!!!