What is Reverse Engineering?
Have you ever noticed, say any famous company like Apple made an application or introduced a new feature and after few days you find that some other company also introduced the same. The magic behind this is a technique known as reverse code engineering. They decode or reverse engineer their programs or applications to get the basic structure of the original program and then following the structure, codes their own application and what hackers do they reverse engineer the code and make keygens and patches to crack the application and in some cases releases the source codes like what happened in case of NORTON( Internet security Giant).
According to Wikipedia "Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g., a mechanical device, electronic component, biological, chemical or organic matter or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original".
Ahh.. more technology related. I will explain you in better way. As the name suggest reverse engineer means if you have something that is already made, in computer field say exe, binary or simply installer package. Now what reverse engineering is, decoding the exe or binary in such as fashion that we will get original source code or some what near to it or get the basic architecture of the design. Consider an example, you have a wall made of bricks, here bricks are base material to build the wall. Now what we want to do is we want to obtain all the bricks from the wall. Similarly we have an executable or dll file and we know programs are made from coding only, so source codes are base material in building executable. So we want to obtain the source code from the executable or some what near to it. As when you break wall also to get the bricks some bricks are also got broken and that's all depend type of material used to fix or mend bricks to make the wall. Similarly the retrieval of source code from executable depends upon how securely software is being packed and type of cryptography or packer is used by its designer.
I hope now you have got what exactly reverse engineering is...
What is the use or benefit of Reverse Engineering?
I can guarantee most of internet users use cracks or keygens or patches. Have you ever tried to understand how they are made. Ahhh... I know you haven't. So let me give you clear information. All the keygens or cracks or patches of software's are made by technique called Reverse Engineering. Oops... I was going to tell the benefits.. what i am telling...negative features... But these are features of reverse engineering my friends and most commonly used by all famous organizations as its a part of their Program promoting methodolgy. They wants users base that's why they themselves releases keygens and patches of their software's so that their market visibility ratio will be maintained otherwise open source will acquire their place. Like what famous companies like Microsoft, Adobe do, do you think they cant develop a software that can't be cracked. Its two easy but they avoid it because if they do so people will look for open source alternatives and by this, they will loose their customer base simply called Market visibility.
Other Beneficial Uses of Reverse Engineering:
Product analysis: To examine how a product works
Removal of copy protection, circumvention of access restrictions.
Security auditing.
Extremely useful when you lost documentation.
Academic/learning purposes.
Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
Last but not the least..Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
Common Terms Used in Reverse Engineering:
1. Debugger : A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). This helps in finding out loopholes in the applications and programs. Penetration testers uses debuggers to test their programs. Famous example of debugger is ollydbg. I will explain theses in detail in coming classes.
2. Disassembler: A disassembler is a computer program that translates machine language into assembly language. It behaves in completely opposite manner of an assembler.
3. Decompiler : A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. Note decompiler and disassembler are both different things. A decompiler translates the code into high language like C, C++ etc which disassembler generates a assembly code.
4. Packers or Unpackers: Packers do simply as their name suggests, they 'pack' or 'compress' a program much the same way a compressor like Pkzip does, packers then attach their own decryption / loading stub which 'unpacks' the program before resuming execution normally at the programs original entry point. The weakness of every packer is of course simple, if a program runs it must be unpacked at some stage and at said stage we can dump the program to disk.
5. Program Obfuscation: Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.
6. Hex Editing: As name suggests, we use hex editors to edit the binaries and exe's.
7. Cryptography: Cryptography is a technique to protect the data( any form ) in the computer world. Cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).
I will explain these terms in detail in my coming articles. Till then you can explore these topics on internet so that you will have some prior knowledge of Reverse Engineering terms.
Note: Reverse Code Engineering articles will going to be more advanced and technology oriented which surely requires prior knowledge of Assembly language specially registers and accumulators and several reverse engineering commands like JMP, DCL etc.. Don't worry i will try to cover these basics in my next article of reverse engineering where we will explore about assembly language and other registers related stuff. Till that time keep exploring things.
Reverse Code Engineering Tutorial Part 1
- Details
- Category: IT Security
- Hits: 2103