Post on 30-Nov-2014
Embed Size (px)
- 1. What is Reverse Engineering ? You have an unexpected case: You finished one project using Java Your program runs fine But, by accident, you delete the java file How to handle this in your project?Reverse Engineering
2. What is Reverse Engineering ? Reverse Engineering is the process ofdiscovering the technological principles of adevice, object, or system through analysis ofits structure, function, and operation. 3. What is Reverse Engineering ? It often involves taking something (e.g.,a mechanical device, electroniccomponent, software program, or biological,chemical, or organic matter) apart andanalyzing its workings. 4. In Terms of Software To retrieve the source code of a program To study how the program performs certainoperations To improve the performance of a program To fix a bug To identify malicious content in a program 5. Reverse EngineeringApplications: Security Related Reversing has been employed in encryptionresearch With malicious software, on both ends of thefence Crackers 6. Reverse EngineeringApplications: Software Development Related Evaluating software quality and robustness Achieving interoperability with proprietysoftware Developing competing software 7. Why do we need RE ? Reasons Product AnalysisTo examine how a product works, whatcomponents it consists of, estimate costs, andidentify potential patent infringement. Lost DocumentationReverse engineering often is done becausethe documentation of a particular device has beenlost (or was never written), and the person who builtit is no longer available 8. Why do we need RE ? Reasons Software ModernizationIn order to understand the as is state ofexisting or legacy software in order to properlyestimate the effort required to migrate systemknowledge into a to be state. LearningLearn from others mistakes. Do not makethe same mistakes that others have already madeand subsequently corrected. 9. Why do we need RE ? Reasons The original manufacturer of a product nolonger produces a product The original manufacturer no longer exists,but a customer needs the product To analyze the good and bad features ofcompetitors product Strengthen the good features of a productbased on long-term usage of the product 10. Why do we need RE ? Benefits Understand existing design Quality improvements Competitive advantages Software reuse facilitation No need to start from scratch 11. Two Levels of Reversing System Level Reversing Running various tools on the program andutilizing various operating system services To obtain information, inspect programexecutables, track program input and output,and so forth 12. Code Level Reversing Extracting design concepts and algorithmsfrom a program Observes the code from a very low-level Many of these details are generatedautomatically by the compilerTwo Levels of Reversing 13. RequirementsAnalysisDesignImplementationForwardengineeringReverseengineeringSoftware engineering 14. Procedure Collect information Collect all possible information about the program. Sources of information include source code, designdocuments and documentation for system calls andexternal routines. Examine information Review the collected information A plan for dissecting the program and recording therecovered information can be formulated during thisstage. 15. Procedure Extract structure Identify the structure of the program and use this tocreate a set of structure charts. Each node in the structure chart corresponds to aroutine called in the program The chart records the calling hierarchy of theprogram. Record functionality For each node in the structure chart, record theprocessing done in the program routinecorresponding to that node. 16. Procedure Record data-flow The recovered program structure can be analysed toidentify data transformations in the software. These transformation steps show the dataprocessing done in the program. Record control-flow Identify the high-level control structure of theprogram and record it using control-flow diagrams. This refers to high-level control that affects theoverall operation of the software. 17. Procedure Review recovered design Review the design to verify that it correctly represents the program. Identify any missing items of information andattempt to locate them. Generate documentation The final step is to generate design documentation. Information explaining the purpose of the program,program-overview, history, etc will need to berecorded. 18. System Monitoring Tools System-level reversing requires a variety of toolsthat sniff, monitor, explore, and otherwiseexpose the program being reversed Display information gathered by the operatingsystem about the application and itsenvironmentReverse Engineering Tools 19. Disassembler Converts exe to assembly - as best it can Relatively simple process Sometimes are difficult to understandReverse Engineering Tools 20. Debugger Reversers use debuggers in disassemblymode Reversers can install breakpoints in locationsof interest in the disassembled code andthen examine the state of the programReverse Engineering Tools 21. Decompiler Decompile a binary programs into high levelsource language Replace all binary code that could not bedecompiled with assembly codeReverse Engineering Tools 22. Unethical ??? The legal debate around reverse engineeringhas been going on for years The reverse engineering of software in theUS is generally a breach of contract asmost EULAs specifically prohibit it EU allows reverse engineering for thepurposes of interoperability.