Reverse Engineering

Edited by Dr. Prabir Sarkar

Reverse engineering is the process of extracting knowledge or

design information from anything man-made. The ultimate goals for
obtaining such information are varied. A typical goal for reverse
engineering a product is to create a (possibly improved) copy or even
a knockoff; this is usually the goal of a competitor.
Reverse engineering has its origins in the analysis of hardware for
commercial or military advantage.
However, the reverse engineering process in itself is not concerned
with creating a copy or changing the artifact in some way; it is only an
analysis in order to deduce design features from products with little or
no additional knowledge about the procedures involved in their original
production.

Reasons for reverse engineering

Interfacing. Reverse Engineering can be used when a system is
required to interface to another system. Such requirements typically
exist for interoperability.
Military or commercial espionage. Learning about an enemy's or
competitor's latest research by stealing or capturing a prototype and
dismantling it. It may result in development of similar product, or better
countermeasures for it.
Improve documentation shortcomings. Reverse engineering can be
done when documentation of a system for its design, production,
operation or maintenance have shortcomings and original designers are
not available to improve it. RE of software can provide the most current
documentation necessary for understanding the most current state of a
software system
Obsolescence. Integrated circuits often seem to have been designed
on obsolete, proprietary systems, which means that the only way to
incorporate the functionality into new technology is to reverse-engineer
the existing chip and then re-design it.
Software Modernization. RE is generally needed in order to

Product Security Analysis. To examine how a product works,

what are specifications of its components, estimate costs and
identify potential patent infringement. Acquiring sensitive data by
disassembling and analysing the design of a system component.
Another intent may be to remove copy protection, circumvention of
access restrictions.
Bug fixing. To fix (or sometimes to enhance) legacy software which
is no longer supported by its creators (e.g. Abandonware).
Creation of unlicensed/unapproved duplicates, such duplicates
are called sometimes clones in the computing domain.
Academic/learning purposes. RE for learning purposes may be
understand the key issues of an unsuccessful design and
subsequently improve the design.
Competitive technical intelligence. Understand what one's
competitor is actually doing, versus what they say they are doing.
Saving money, when one finds out what a piece of electronics is
capable of, it can spare a user from purchase of a separate product.
Repurposing, in which opportunities to repurpose stuff that is
otherwise obsolete can be incorporated into a bigger body of utility.

Reverse engineering of machines

As computer-aided design (CAD) has become more popular, reverse
engineering has become a viable method to create a 3D virtual
model of an existing physical part for use in 3D CAD, CAM, CAE or
other software.
The reverse-engineering process involves measuring an object and
then reconstructing it as a 3D model.
The physical object can be measured using 3D scanning
technologies like CMMs, laser scanners, structured light digitizers,
or Industrial CT Scanning (computed tomography). The measured
data alone, usually represented as a point cloud, lacks topological
information and is therefore often processed and modeled into a
more usable format such as a triangular-faced mesh, a set of
NURBS surfaces, or a CAD model.
Reverse engineering is also used by businesses to bring existing
physical geometry into digital product development environments,
to make a digital 3D record of their own products, or to assess
competitors' products.
It is used to analyse, for instance, how a product works, what it

Reverse engineering examples

Panzerschreck: The Germans captured an American Bazooka during
World War II, and reverse engineered it to create the larger
Panzerschreck.
The Panzerschreck was developed as a copy from captured bazookas of
American origin.
he Panzerschreck was larger and heavier than its American counterpart
(the Panzerschreck had an 88 mm calibre compared to the 60 mm calibre
of the bazooka).

Tupolev Tu-4: Three American B-29 bombers on missions over Japan

were forced to land in the USSR. The Soviets, who did not have a
similar strategic bomber, decided to copy the B-29. Within a few
years, they had developed the Tu-4, a near-perfect copy.

Purpose of Reverse Engineering

The purpose of Reverse Engineering is to understand how and why
a current design has come to be. Most often this task is completed on
physical products that can be taken apart, examined and put back
together for continued testing. These same Reverse Engineering
procedures are also useful in deciphering chemical compounds,
industrial procedures, manufacturing processes and computer
programs. Reverse Engineering is often chosen by engineers or design
teams who aim to build a competitive or superior product to one that
is currently on the market. In the end, the goal is to save time and
gain insight into how others have approached similar design
challenges. There is no need to reinvent the wheel if a successful
design already exists and can simply be improved upon. Dym and
Little explain reverse engineering as, examining competitive or
similar or prior products in great detail by dissecting them or literally
taking them apart. Questions to be asked would include, what does
this do? How does it work? And Why would you want to do that?

How to reverse engineer?

Reverse Engineering is primarily used as a tool during the first stages
of a complete design process. An engineer will often times
investigate the marketplace for products similar to his/her new
design that can be taken apart and examined inside and out for
insight and time savings. This investigation may begin with general
searches on the internet or in the Thomas Register for products with
certain similarities to the new product. This first step begins the
methodology behind Reverse Engineering. Once a product has been
located, the product will be tested and attempts will be made to
determine how exactly it functions. This will lead into disassembly
and a concrete understanding of how and why a design works. These
Reverse Engineering steps then lead the way to new designs,
redesigns and hopefully successful solutions.

Reverse Engineering
Methodology
Investigation, Prediction and Hypothesis
Concrete Experience: Function & Form

Reverse
Engineering

Design Models
Modeling &
Analysis

Design Analysis

Parametric
Redesign

Adaptive
Redesign

Original
Redesign

Redesign

Adapted from Otto and Woods Reverse Engineering and Redesign Methodology UT Austin. Department of Mechanical. Ohio State
University

Reverse Engineering
Methodology
1. Investigation, Prediction and Hypothesis

Develop black box model

Use / Experience product
List assumed working principles
Perform economic feasibility of redesign
State process description or activity
diagram

The first step of Reverse Engineering is Investigation, Prediction and

Hypothesis. The engineer is taking a step back and looking at the
product or process from a simple, consumer-oriented perspective. At
this stage we want to understand the basics of how and why it works.
Before cracking open the case, we want to begin predicting how the
product is put together. This serves as a brainstorming process for the
redesign and allows us to begin connecting engineering fundamentals
with the consumer oriented view of the product.

2. Concrete Experience: Function and Form

Plan and execute product disassembly
Group defined systems and components together
Experiment with product components
Develop free body diagrams
Identify function sharing and compatibility
Transform to engineering specs. and metrics

The second step of Reverse Engineering is gaining Concrete Experience

with the product. The engineer will first use the product, as
recommended by the manufacturer, to gain insight into the products
ability to handle the advertised performance criteria.
Then, the engineer will begin to plan the products disassembly in such a
way that it becomes clear how the products components interact with
one another.
This process is known as System Level Design and will be discussed in
greater detail later in the module. It is important to carefully illustrate the
disassembly of any product or component with photographs or sketches

3. Design Models
Identify actual physical principles
Constantly consider the customer
Create engineering models and metric ranges
Alternatively or concurrently build prototype
to test parameters
Once the product has been completely dismantled, tested, and measured
the process of designing or redesigning then begins. The design process
itself is a wide open subject, with an infinite number of recommended
pathways to take in order complete to the design process. In this case,
though, an engineer is building upon the experience he/she has gained by
Reverse Engineering products similar to or competing against their
design. Three specific design models (Parametric, Adaptive, Original)
Finally, intellectual property and ethical issues are directly tied to reverse
engineering. It is inappropriate, and often times unlawful, to claim the
design of another.
Small models and prototypes are also part of the early design stages.
These allow designers and engineers to test, on a small scale, how

4. Design Analysis
Calibrate model
Create engineering analysis, simulation or
optimization
Create experiment and testing procedures

Once a model has been designed the engineer should now begin to
design simple experiments to test and calibrate the model. The
advent of computer simulations has begun to offer unprecedented
design advantages over the traditional build-test-fail-rebuild
techniques of the past.
It is now possible for an engineer to completely model a new design
and measure stresses, strains, load bearing capabilities, center of
gravity, etc., under given loading conditions and initial conditions. A
testing procedure should be determined based on expected real
world situations and conditions.

5. Parametric Redesign
Optimize design parameters
Perform sensitivity analysis and tolerance
design
Build and test prototype
There are three basic redesign options once a product has been reverse
engineered. A parametric redesign is defined as an evolution of the
current design. New design variables are chosen in order to satisfy the
designers needs such as a stronger case, more robust mechanism or
faster motor. A list of acceptable design variable ranges should be
determined. The new prototype should be tested in order to identify
remaining areas for improvement.

6. Adaptive Redesign
Recommend new subsystems
Search for inventive solutions
Analyze force flows and component
combinations
Build and test prototype
Adaptive redesign traditionally leaves the current design
unaltered, but rather builds upon it in order to satisfy a new
function. New subsystems may be added to the current system
during this process.

7. Original Redesign
Develop new functional structure
Choose alternatives
Verify design concepts
Build and test prototype
An original redesign starts from scratch using the concepts, physical
principles and results from the reverse engineering process to
create a new product idea. New designs are often times inspired just
from the knowledge of how another product truly functions, what it
was made from, and how it was manufactured.

Reverse Engineering ?
Forward Engineering

Reverse Engineering

Requirements
Design
Source Code
Behavior

System Level Design

Develop black box model avoiding bias.
Graphic representation of the system or
object being designed, with inputs
shown entering on the left and outputs
leaving on the right.
Inputs

System

Outputs

System Level Design

Example: Radio

Power
RF Signal
User Choices
(Volume, Freq.)

RF=radio frequency

Heat & Noise

Convert RF
Signal To
Sound At
Desired Level

Sound
Status
Indications
(Volume, Freq.)

System Level Design

Continue with the glass box approach.
Identify sub-systems
Electrical
Mechanical
Task oriented

Define interactions and flow of forces

Intentional
Unintentional
Wires, signals, material, data, etc.

Glass Box Example

Ink Jet Printer

System Level Design

Final Breakdown

For every piece or component of

interest, discuss:
1)
2)
3)
4)
5)
6)
7)

How was it made

Why it was made this way
Design issues
The material it is made out of
Complexity and cost
Ergonomic issues
Interaction with other components

Reverse Engineering Example

Example Project
Black and Decker Cordless Screwdriver

SKIP

Reverse Engineering Example Project

1. Investigation, Prediction and Hypothesis
Develop Black Box Model
Assemble product and conduct a test
What goes in? What comes out? (i.e. power, noise,
heat)
Electric Power

Noise

On/Off Switch

Cordless

Power/Manual
Switch

Screwdriver

Screwdriver rotation
vibration, heat

Product Performance
Conduct a single test of the performance of the
product:
Record product performance attributes
No load Rotational speed: 150 rpm (claimed)
142 rpm (measured)
81:1 Gear reduction = 12,200 RPM for the motor
Drove in 94 #6, self tapping screws into dry pine
(not predrilled)

Product Market
What is the market for this product?
Great

for Everyday Use Black & Decker

Manual
Homeowners with need for occasional use

What are the costs associated with this

product?
Design - Manufacturing - Assembly
Packaging - Resale ($20.00)

Product Features
How long will this product last?
2 year full warranty provided

What features does this product have that

are important?

Cordless, rechargeable battery

Reversible direction
Power/manual switch
Relatively high torque
Relatively long battery life

Function and Form

2. Concrete Experience: Function and Form

Carefully begin Disassembly

Document steps and components with photographs,

sketches or video

Cordless Screwdriver SubSystems and Interactions

Group defined systems and subsystems together.

Battery/
charger

Motor

Case

Switch

Transmission

Screwdriver
Bit

Battery/Charger
Nickel Cadmium battery
Jack for connection to AC
transformer
Diode to half-wave rectify
the AC signal (charging)

Diode
Jack

Battery

Wires to
switch

Switch
rotation

Rotation of switching
device lines up the
contacts for either
forward or reverse
directions
Pushing the switching
device creates contact
between the upper
contacts
How important is size,
speed?
Was weight a
consideration?

Contacts
to motor
Contacts coming from battery

Switch

Sketch of Switch

Motor
2.4 V Motor
12200 RPM (no load)
3.567 Amps (no load)
Torque = .056 Nm (at
stall)
How important is size,
speed?
Was weight a
consideration?

Transmission

Sun gear: 6 teeth

Planet gear: 19 teeth
Ring gear: 48 teeth
Gear ratio = 81:1

Transmission

output to
screwdriver
bit

Second stage of
planetary gears

First stage of
planetary gears

(Ring gear not shown)

Screwdriver Bit
How fast does the bit
need to turn? Torque?
What is the bit made
of ?

Case
How was the case
made?
Was the case
designed to be
esthetically
pleasing?
Why isnt the case
made out of metal?
What sort of costs
are involved in the
manufacturing of
this case?

Feature List
metal leads extruded and bent
plastic switch injection molded
plastic switching mechanism injection molded
plastic gears injection molded
casing injection molding
metal bit extruded

Reassemble Product

Engineering Specifications
Transforming to engineering
specifications
Example - transmission Kinematics
1. Calculate gear ratio if carrier was fixed
r*

NS
6
1

NR
48
8

2. Calculate carrier speed out of first set of planetary gears

r * nS
18
1
1
nC *

nS nS 12200 rpm 1356 rpm

r 1 98
9
9

3. Calculate carrier speed out of second set of planetary gears

nC

1
1
nS 1356 rpm 151 rpm
9
9

Engineering Specifications
Transforming to engineering
specifications
r 2 mm
ps

rpr 16 mm

Ft1

rpp 6.33 mm

rps 8.33 mm

TS1 .056 Nm

9.33 N
3rs 3(.002m)

Tc1 3Ft1 rc 3(9.33 N )(.00833m) 0.233Nm

Ts 2 Tc1 0.233 Nm
Ft 2

Ts 2 0.233Nm

0.039 N
3rs 3(.002m)

Tc 2 3Ft 2 rc 3(0.039 N )(.00833m) 0.971Nm 8.6inlbf

Summary
Reverse engineering
Tool to understand current design solutions and
technology
Use dissection, experimentation and analysis
Save time and gain insight on current design
challenges and solutions