Scribd
Upload
17 views29 pages

SREN 410 Lecture Notes 1

The document provides an introduction to Software Reverse Engineering, outlining its purpose, methodologies, and tools. It distinguishes between security-related and software development-related reverse engineering, emphasizing the importance of low-level software understanding. Additionally, it highlights legal implications and encourages seeking legal counsel before engaging in high-risk reversing projects.

Uploaded by

lawrencechikopa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views29 pages

SREN 410 Lecture Notes 1

The document provides an introduction to Software Reverse Engineering, outlining its purpose, methodologies, and tools. It distinguishes between security-related and software development-related reverse engineering, emphasizing the importance of low-level software understanding. Additionally, it highlights legal implications and encourages seeking legal counsel before engaging in high-risk reversing projects.

Uploaded by

lawrencechikopa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

SREN-410

SOFTWARE REVERSE ENGINEERING

Lecture 1: Introduction to
Software Reverse Engineering
Course Lecturer: Dr. B. Kankuzi, Dept of
CSIT, MUST
PREAMBLE
 Prescribed textbooks
 Eilam, E. (2005). Reversing: Secrets of Reverse
Engineering. Indianapolis, IN: Wiley Publishing,
Inc.
 Dang, B., Gazet, A., Bachaalany, E. (2014).
Practical Reverse Engineering: x86, x64, ARM,
Windows Kernel, Reversing Tools, and
Obfuscation. Wiley.
 A study guide has also been provided.

2
LESSON OUTCOMES
 Define the concept of reverse engineering in
general.
 Explain the concept of software reverse
engineering and how it relates to the general
concept of reverse engineering.
 Distinguish different types of software reverse
engineering.
 Explain the role of low-level software in software
reverse engineering.
 Explain the various approaches to software
reverse engineering.
 Distinguish and practically install various tools
used in software reverse engineering.
 Explain legal implications of software reverse
engineering 3
INTRODUCTION
 Reverse engineering, in general, is the
process of extracting the knowledge or
design blueprints from anything man-made.
 Reverse engineering is usually conducted to
obtain missing knowledge, ideas, and design
philosophy when such information is
unavailable.
 Software reverse engineering is essentially
reverse engineering particularly applied to
software.
 This lecture gives a brief introduction to
software reverse engineering.
4
WHY SOFTWARE REVERSE ENGINEERING?
 In most industries, reverse engineering is for
the purpose of developing competing
products.
 In the software industry, however, this is not
the case because software is complex and as
such, reversing it to develop competing
software products might not be financially
viable.
 In the software industry, therefore, reversing
is for the purposes of security and as a tool
useful in software-development activities.
5
WHY SOFTWARE REVERSE ENGINEERING?
(CONT’D)
 Security-related software reverse
engineering is concerned with different
aspects of computer security.
 For example, malicious software can be reversed
in order to understand how it works in order to
develop an antidote for it.

6
WHY SOFTWARE REVERSE ENGINEERING?
(CONT’D)
 Software development-related software
reverse engineering is concerned with how
software developers can employ reversing
techniques to understand undocumented or
partially documented software.
 In other cases, reversing can be used to
determine the quality of third-party code, such
as a code library.

7
ROLE OF LOW-LEVEL SOFTWARE IN
SOFTWARE REVERSE ENGINEERING

 Low-level aspects of a program are often the


only thing one has to work with as a reverser
as high-level details are almost always
eliminated before a software program is
shipped to customers.
 In order to become an accomplished reverse
engineer, one must therefore develop a solid
understanding of low-level software and low-
level programming.

8
ROLE OF LOW-LEVEL SOFTWARE IN SOFTWARE
REVERSE ENGINEERING (CONT’D)

 A reverse engineer must thus be


knowledgeable of low-level software
concepts such as assembly language,
compilers, machine code, virtual machines,
byte code and operating systems.
 For example, assembly language is the lowest
level in the software chain, which makes
incredibly suitable for reversing - nothing moves
without it.

9
ROLE OF LOW-LEVEL SOFTWARE IN SOFTWARE
REVERSE ENGINEERING (CONT’D)

 To master the world of reversing, one must


develop a solid understanding of the chosen
platform’s assembly language.
 But it is important to note that every computer
platform has its own assembly language that is
usually quite different from all the rest.

10
APPROACHES TO SOFTWARE REVERSE
ENGINEERING

 There are many different approaches to the


software reverse engineering process.
 However, these approaches can be broadly
categorized into two:
 system-level reversing and code level reversing.

11
APPROACHES TO SOFTWARE REVERSE
ENGINEERING

 System-level reversing techniques help


determine the general structure of the
program and sometimes even locate areas of
interest within it.
 Once one establishes a general understanding of the
layout of the program and determine areas of special
interest within it, then they can proceed to more in-
depth work using code-level reversing techniques.

12
APPROACHES TO SOFTWARE REVERSE
ENGINEERING (CONT’D)

 Code-level reversing involves extracting


design concepts and algorithms from a
program binary.
 However, deciphering the sequences of low-level
instructions that make up a program is usually
no mean feat.
 Code-level reversing observes the code from a
very low-level where code details are generated
automatically by the compiler and not manually
by the software developer, which sometimes
makes it difficult to understand how they relate
to the program and to its functionality.
13
APPROACHES TO SOFTWARE REVERSE
ENGINEERING (CONT’D)

 This is why reversing requires a solid


understanding of the low-level aspects of
software, including the link between high-level
and low-level programming constructs, assembly
language, and the inner workings of compilers.

14
APPROACHES TO SOFTWARE REVERSE
ENGINEERING (CONT’D)

 There are two fundamental reversing


methodologies for code reversing: offline
analysis and live analysis.

15
APPROACHES TO SOFTWARE REVERSE
ENGINEERING (CONT’D)

 Offline analysis of code, also known as dead-


listing, means that one takes a binary
executable and uses a disassembler or a
decompiler to convert it into a human-
readable form and then manually reading
and analyzing parts of that output.
 The downside of offline code analysis is usually
that a better understanding of the code is
required because one can’t see the data that the
program deals with and how it flows.

16
APPROACHES TO SOFTWARE REVERSE
ENGINEERING (CONT’D)

 Live analysis involves the same conversion of


code into a human-readable form, but here
one does not just statically read the
converted code but instead runs it in a
debugger and observe its behaviour on a live
system.
 This provides far more information because one
can observe the program’s internal data and how
it affects the flow of the code.

17
TOOLS FOR SOFTWARE REVERSE
ENGINEERING

 Software reverse engineering hinges on tools


used to do the reverse engineering.
 Many of these tools are not specifically
created as reversing tools, but can be quite
useful nonetheless.
 There are four basic categories of tools that
are used in reverse engineering: system
monitoring tools, disassemblers, debuggers
and decompilers.

18
TOOLS FOR SOFTWARE REVERSE
ENGINEERING (CONT’D)

 System-monitoring tools are useful for


system-level reversing.
 System-level reversing requires a variety of
tools that sniff, monitor, explore, and
otherwise expose the program being
reversed.
 Some system-monitoring tools available for
Windows can be found at
http://www.sysinternals.com

19
TOOLS FOR SOFTWARE REVERSE
ENGINEERING (CONT’D)

 Disassemblers are programs that take a


program’s executable binary as input and
generate textual files that contain the
assembly language code for the entire
program or parts of it.
 IDA (Interactive Disassembler) by DataRescue (
http://www.datarescue.com ) is an extremely
powerful disassembler that supports a variety of
processor architectures.

20
TOOLS FOR SOFTWARE REVERSE
ENGINEERING (CONT’D)

 A debugger is a program that allows


software developers to observe their
program while it is running.
 The two most basic features in a debugger are
the ability to set breakpoints and the ability to
trace through code.
 Some example debuggers are OllyDbg (http://
http://home.t-online.de/home/Ollydbg and
WinDbg (http://
www.microsoft.com/whdc/devtools/debugging/d
efault.mspx

21
TOOLS FOR SOFTWARE REVERSE
ENGINEERING (CONT’D)

Fig 1: Assembly code on the left and decompiled code on the right 22
in Snowman
TOOLS FOR SOFTWARE REVERSE
ENGINEERING (CONT’D)

 Decompilers are the next step up from


disassemblers.
 A decompiler takes an executable binary file and
attempts to produce readable high-level
language code from it.
 It is however important to note that there are
significant elements in most high-level languages
that are just omitted during the compilation
process and are impossible to recover.
 Snowman, is a free native code to C/C++
decompiler available for download at
https://derevenets.com/
23
LEGAL IMPLICATIONS OF SOFTWARE
REVERSE ENGINEERING

 It is never going to be possible to accurately


predict beforehand whether a particular
reversing scenario is going to be considered
legal or not as that depends on many
factors.
 Copyright laws aim to protect software and other
intellectual property from any kind of
unauthorized tampering.
 Always seek legal counsel before getting
yourself into any high-risk reversing project.

24
CONCLUSION

 Software reverse engineering is essentially


reverse engineering particularly applied to
software.
 There are two categories of software reverse
engineering: security-related and software
development–related.
 In order to become an accomplished reverse
engineer, one must develop a solid
understanding of low-level software and low-
level programming.

25
CONCLUSION (CONT’D)

 There are two major approaches to the


software reverse engineering process
include: system-level reversing and code
level reversing.
 There are four basic categories of tools that
are used in reverse engineering: system
monitoring tools, disassemblers, debuggers
and decompilers.
 Always considered legal implications when
reversing any piece of software.
26
CONCLUSION (CONT’D)

 For further reading, read Unit 1 of the Study


Guide.

27
END OF LECTURE 1

THANK YOU!

28
REFERENCES & FURTHER READING
 Eilam, E. (2005). Reversing: Secrets of
Reverse Engineering. Indianapolis, IN: Wiley
Publishing, Inc.
 Dang, B., Gazet, A., Bachaalany, E. (2014).
Practical Reverse Engineering: x86, x64,
ARM, Windows Kernel, Reversing Tools, and
Obfuscation. Wiley.
 Eagle, C. (2011). The IDA Pro Book: The
Unofficial Guide to the World’s Most Popular
Disassembler, 2nd Edition. No Starch Press.
 Dennis, Y. (2016). Reverse Engineering for
Beginners (E-Reader Version). Retrieved
from http://beginners.re/RE4B-EN.pdf 29

You might also like