Have you ever noticed, say any famous company like Apple made an application or introduced a new feature and after few days you find that some other company also introduced the same. The magic behind this is a technique known as reverse code engineering. They decode or reverse engineer their programs or applications to get the basic structure of the original program and then following the structure, codes their own application and what hackers do they reverse engineer the code and make keygens and patches to crack the application and in some cases releases the source codes like what happened in case of NORTON( Internet security Giant).
According to Wikipedia “Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g., a mechanical device, electronic component, biological, chemical or organic matter or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original”.
more technology related. I will explain you in better way. As the name suggest reverse engineer means if you have something that is already made, in computer field say exe, binary or simply installer package. Now what reverse engineering is, decoding the exe or binary in such as fashion that we will get original source code or some what near to it or get the basic architecture of the design. Consider an example, you have a wall made of bricks, here bricks are base material to build the wall. Now what we want to do is we want to obtain all the bricks from the wall. Similarly we have an executable or dll file and we know programs are made from coding only, so source codes are base material in building executable. So we want to obtain the source code from the executable or some what near to it. As when you break wall also to get the bricks some bricks are also got broken and that’s all depend type of material used to fix or mend bricks to make the wall. Similarly the retrieval of source code from executable depends upon how securely software is being packed and type of cryptography or packer is used by its designer.
Beneficial Uses of Reverse Engineering
- Product analysis: To examine how a product works
- Removal of copy protection, circumvention of access restrictions.
- Security auditing.
- Extremely useful when you lost documentation.
- Academic/learning purposes.
- Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
Last but not the least..Learning: learn from others’ mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
Terms Used in Reverse Engineering
- Debugger : A debugger or debugging tool is a computer program that is used to test and debug other programs (the “target” program). This helps in finding out loopholes in the applications and programs. Penetration testers uses debuggers to test their programs. Famous example of debugger is ollydbg. I will explain theses in detail in coming classes.
- Disassembler: A disassembler is a computer program that translates machine language into assembly language. It behaves in completely opposite manner of an assembler.
- Decompiler : A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. Note decompiler and disassembler are both different things. A decompiler translates the code into high language like C, C++ etc which disassembler generates a assembly code.
- Packers or Unpackers: Packers do simply as their name suggests, they ‘pack’ or ‘compress’ a program much the same way a compressor like Pkzip does, packers then attach their own decryption / loading stub which ‘unpacks’ the program before resuming execution normally at the programs original entry point. The weakness of every packer is of course simple, if a program runs it must be unpacked at some stage and at said stage we can dump the program to disk.
- Program Obfuscation: Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.
- Hex Editing: As name suggests, we use hex editors to edit the binaries and exe’s.
- Cryptography: Cryptography is a technique to protect the data( any form ) in the computer world. Cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).