Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently used on computer hardware and software. Software reverse engineering involves reversing a program’s machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements.
It is being widely used in computer hardware and software to enhance product features or fix certain bugs. For example, the programmer writes the code in a high-level language such as C, C++ etc.
As computers do not speak these languages, the code written in these programming languages needs to be assembled in a format that is machine specific. In short, the code written in high level language needs to be interpreted into low level or machine language.
The process of converting the code written in high level language into a low level language without changing the original program is known as reverse engineering. It’s similar to disassembling the parts of a vehicle to understand the basic functioning of the machine and internal parts etc. and thereafter making appropriate adjustments to give rise to a better performing or superior vehicle.
Types
Black Box Testing – It involves testing the product or software as an black box and focusing on inputs or outputs. It may involve fuzzing the target to find out critical vulnerabilities usually not identified in traditional testing. In addition to find out known security issues zero day security testing approach is also to be followed to analyze unknown vulnerabilities in the software product.
Binary Audit – In Binary Audit activity of reverse engineering following key points are included
- Review and test anti-debugging protections
- Review and test runtime control-flow obfuscation layers
- Review and test licensing mechanisms
- Look for and identify for any Malware, Trojan Injection or malicious code
Binary audit is essentially carried out on software product binaries, executable, dll’s, libraries, etc.
Fuzzing – Fuzz Testing or Fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash, generates errors. Various techniques including mutation based fuzzing and generation based fuzzing are applied.
Tools
The process of reverse engineering is accomplished by making use of some tools that are categorized into debuggers or disassemblers, hex editors, monitoring and decompile tools:
- Disassemblers – A disassembler is used to convert binary code into assembly code and also used to extract strings, imported and exported functions, libraries etc. The disassemblers convert the machine language into a user-friendly format. There are different dissemblers that specialize in certain things.
- Debuggers – This tool expands the functionality of a disassembler by supporting the CPU registers, the hex duping of the program, view of stack etc. Using debuggers, the programmers can set breakpoints and edit the assembly code at run time. Debuggers analyse the binary in a similar way as the disassemblers and allow the reverser to step through the code by running one line at a time to investigate the results.
- Hex Editors – These editors allow the binary to be viewed in the editor and change it as per the requirements of the software. There are different types of hex editors available that are used for different functions.
- PE and Resource Viewer – The binary code is designed to run on a windows based machine and has a very specific data which tells how to set up and initialize a program. All the programs that run on windows should have a portable executable that supports the DLLs the program needs to borrow from.
The reasons and goals for obtaining such information vary widely from everyday or socially beneficial actions, to criminal actions, depending upon the situation. Often no intellectual property rights are breached, such as when a person or business cannot recollect how something was done, or what something does, and needs to reverse engineer it to work it out for themselves. Reverse engineering is also beneficial in crime prevention, where suspected malware is reverse engineered to understand what it does, and how to detect and remove it, and to allow computers and devices to work together (“interoperate”) and to allow saved files on obsolete systems to be used in newer systems. By contrast, reverse engineering can also be used to “crack” software and media to remove their copy protection, or to create a (possibly improved) copy or even a knockoff; this is usually the goal of a competitor.
Law and Ethics
New court cases reveal that reverse engineering practices which are used to achieve interoperability with an independently created computer program, are legal and ethical. In December, 2002, Lexmark filed suit against SCC, accusing it of violating copyright law as well as the DMCA. SCC reverse engineered the code contained in Lexmark printer cartridge so that it could manufacture compatible cartages. According to Computerworld , Lexmark “alleged that SCC’s Smartek chips include Lexmark software that is protected by copyright. The software handles communication between Lexmark printers and toner cartridges; without it, refurbished toner cartridges won’t work with Lexmark’s printers.” The court ruled that “copyright law shouldn’t be used to inhibit interoperability between one vendor’s products and those of its rivals. In a ruling from the U.S. Copyright Office in October 2003, the Copyright Office said “the DMCA doesn’t block software developers from using reverse engineering to access digitally protected copyright material if they do so to achieve interoperability with an independently created computer program.”
This issue is largely debated and does not seem to have a clear cut answer. The number one argument against reverse engineering is that of intellectual property. If an individual or an organization produces a product or idea, is it ok for others to “disassemble” the product in order to discover the inner workings? Lexmark does not think so. Since Lexmark and companies like them spend time and money to develop products, they find it unethical that others can reverse engineer their products. There are also products like Bit Keeper that have been hurt by reverse engineering practices. Why should companies and individuals spend major resources to gather intellectual property that may be reversed engineered by competitors at a fraction of the cost?
There are also benefits to reverse engineering. Reverse engineering might be used as a way to allow products to interoperate. Also reverse engineering can be used as a check so that computer software isn’t performing harmful, unethical, or illegal activities.