Reverse

Engineering

What is Reverse
Engineering ?

You have an unexpected case:

You finished one project using Java
Your program runs fine
But, by accident, you delete the java
file
How to handle this in your project?

Reverse Engineering

What is Reverse
Engineering ?

Reverse Engineering is theprocessof

discovering the technological principles
of a device, object, or system through
analysis of its structure,function, and
operation.

What is Reverse
Engineering ?

It often involves taking something (e.g.,

amechanical device,electronic
component,software program, or
biological, chemical, or organic matter)
apart and analyzing its workings.

In Terms of Software

To retrieve the source code of a program

To study how the program performs
certain operations
To improve the performance of a program
To fix abug
To identify malicious content in a
program

Reverse Engineering
Applications:

Security Related
Reversing has been employed in
encryption research
With malicious software, on both ends
of the fence
Crackers

Reverse Engineering
Applications:

Software Development Related

Evaluating software quality and
robustness
Achieving interoperability with propriety
software
Developing competing software

Why do we need RE ?

Reasons
Product Analysis
To examine how a product works, what
components it consists of, estimate costs, and
identify potential patent infringement.

Lost Documentation
Reverse engineering often is done
because the documentation of a particular
device has been lost (or was never written),
and the person who built it is no longer

Why do we need RE ?

Reasons
Software Modernization
In order to understand the 'as is' state of
existing or legacy software in order to properly
estimate the effort required to migrate system
knowledge into a 'to be' state.

Learning
Learn from others' mistakes. Do not
make the same mistakes that others have
already made and subsequently corrected.

Why do we need RE ?

Reasons
The original manufacturer of a product
no longer produces a product
The original manufacturer no longer
exists, but a customer needs the
product
To analyze the good and bad features of
competitors' product
Strengthen the good features of a
product based on long-term usage of

Why do we need RE ?

Benefits
Understand existing design
Quality improvements
Competitive advantages
Software reuse facilitation
No need to start from scratch

Two Levels of Reversing

System Level Reversing

Running various tools on the program

and utilizing various operating system
services

To obtain information, inspect program

executables, track program input and
output, and so forth

Two Levels of Reversing

Code Level Reversing

Extracting design concepts and

algorithms from a program

Observes the code from a very low-level

Many of these details are generated

automatically by the compiler

Requirement
s

Analysis
Forward
engineering

Reverse
engineering
Design

Implementation

Software engineering

Procedure

Collect information

Collect all possible information about the

program.
Sources of information include source code,
design documents and documentation for
system calls and external routines.

Examine information

Review the collected information

A plan for dissecting the program and
recording the recovered information can be
formulated during this stage.

Procedure

Extract structure

Identify the structure of the program and use

this to create a set of structure charts.
Each node in the structure chart corresponds
to a
routine called in the program
The chart records the calling hierarchy of the
program.

Record functionality

For each node in the structure chart, record

the processing done in the program routine
corresponding to that node.

Procedure

Record data-flow

The recovered program structure can be

analysed to identify data transformations in
the software.
These transformation steps show the data
processing done in the program.

Record control-flow

Identify the high-level control structure of the

program and record it using control-flow
diagrams.
This refers to high-level control that affects the

Procedure

Review recovered design

Review the design to verify that it correctly

represents the program.
Identify any missing items of information and
attempt to locate them.

Generate documentation

The final step is to generate design

documentation.
Information explaining the purpose of the
program, program-overview, history, etc will

Reverse Engineering Tools

System Monitoring Tools

System-level reversing requires a variety
of tools that sniff, monitor, explore, and
otherwise expose the program being
reversed
Display information gathered by the
operating system about the application
and its environment

Reverse Engineering Tools

Disassembler
Converts exe to assembly - as best it
can
Relatively simple process
Sometimes are difficult to
understand

Reverse Engineering Tools

Debugger
Reversers use debuggers in
disassembly mode
Reversers can install breakpoints in
locations of interest in the
disassembled code and then examine
the state of the program

Reverse Engineering Tools

Decompiler

Decompile a binary programs into high level

source language

Replace all binary code that could not be

decompiled with assembly code

Unethical ???

The legal debate around reverse

engineering has been going on for
years

The reverse engineering of software in

the US is generally a breach of contract
as mostEULAsspecifically prohibit it

EU allows reverse engineering for the

purposes of interoperability.

Thank
You!!!