Sign in Subscribe
3 min read SREP

Reverse Engineering Basics

Photo by Oskar Yildiz on Unsplash
Photo by Oskar Yildiz on Unsplash

What is Reverse Engineering?

Reverse engineering [...] is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accomplishes a task with very little (if any) insight into exactly how it does so.

Source: Wikipedia

In the following, I will deal with software reverse engineering: starting with some machine code or bytecode, I would like to understand how it was implemented and what it does when the source code is not available.

Is it Lawful?

Is software reverse engineering actually lawful? The answer to this question obviously depends on the country.

In the USA,

[…] even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful if it has been legitimately obtained. Reverse engineering of computer software often falls under both contract law as a breach of contract as well as any other relevant laws. That is because most end user license agreements specifically prohibit it [...] According to Section 103(f) of the Digital Millennium Copyright Act (17 U.S.C. § 1201 (f)), a person in legal possession of a program may reverse-engineer and circumvent its protection if that is necessary to achieve “interoperability” [...]

Source: Wikipedia

In Europe,

The European Union Computer Programs Directive controls the legal protection of computer programs under the copyright law of the European Union. [...] The program may also be decompiled if this is necessary to ensure it operates with another program or device (Art. 6), but the results of the decompilation may not be used for any other purpose without infringing the copyright in the program.

Source: Wikipedia

In practice, most people think that reverse engineering is lawful. But you have to be very careful with the information you get during the process and what you do with it, because publishing or using that information in certain ways can be unlawful.

Goals of Reverse Engineering

What is reverse engineering useful for, actually?

There are many reasons for performing reverse engineering in various fields. Reverse engineering has its origins in the analysis of hardware for commercial or military advantage. However, the reverse engineering process may not always be concerned with creating a copy or changing the artifact in some way. It may be used as part of an analysis to deduce design features from products with little or no additional knowledge about the procedures involved in their original production.

Source: Wikipedia

In the following, we list and discuss some of the goals of software reverse engineering.

Malware Analysis

Malware authors almost never release the source code of their software, and leaks of malicious codebases are rare. Reverse engineering is a necessary step in understanding how a piece of malware works, designing an identification and protection method, and performing attribution. This is the activity that fills part of a typical day for a malware analyst.

Vulnerability Analysis

Reverse engineering is often an inevitable step in discovering, understanding, and exploiting software vulnerabilities.

By understanding the inner workings of an application, security analysts can identify potential vulnerabilities, such as misuse of APIs, invalid trust assumptions, or use of weak cryptography, for instance. Tracing data flows through the code can help pinpoint places where inputs are improperly sanitized or validated. Analyzing code related to memory management can reveal vulnerabilities such as buffer overflows, use-after-free or double-free.

Intellectual Property

When you publish intellectual property (like a "patent application"), you can legally protect how it's used. One way to prove that a competitor has used one of your patents without permission is to do reverse engineering.

Interoperability

Software is often released in binary form, without any published specifications. In this case, the only way to write interoperable software is through reverse engineering: historical examples include IBM PC-compatible computers, Samba (SMB/CIFS protocol), StarOffice (Microsoft Office documents), and the Wine emulator (Windows API).

An interesting case is the Skype protocol: Skype clients have been shipped with heavy software protection mechanisms to prevent compatible implementations.

Compiler Validation

Sometimes you need to do reverse engineering to check the output of a compiler, whether to verify its correctness, to study the effect of optimizations, or for security purposes, such as verifying branch-free, constant-time implementations, the absence of backdoors, and so on.

Malicious Aspects

Cybercriminals use reverse engineering to crack license or digital rights management (DRM) systems, write game cheats, extract cryptographic secrets, design mechanisms to bypass security checks, and so on.

In the next episode, I will discuss a typical software reverse engineering process. Stay tuned!

Thanks for reading Crumbs of Cybersecurity! Subscribe for free to receive new posts.

Subscribe