Introduction to Reverse Engineering Gergely Erdộlyi Research Manager Agenda Reverse Engineering Intro Ethical and Legal Aspects Process of Reverse Engineering Tools of the Trade February 02, 09 Page What is Reverse Engineering? 1/2 February 02, 09 Page What is Reverse Engineering? 1/2 Image Copyright â 2005 BAE Systems February 02, 09 Page What is Reverse Engineering? 1/2 Image Copyright â 2005 BAE Systems Image Copyright â 2005 BAE Systems February 02, 09 Page What is Reverse Engineering? 2/2 Image Copyright â 2005 BAE Systems February 02, 09 Page Reverse Code Engineering Reverse Engineering is also known as RE or RCE RE: RCE: Reverse Engineering Reverse Code Engineering RE is the process of understanding an existing product Malware analysis and security research often involves RE February 02, 09 Page Compilation Process Compilation Linking Source Code Object File Executable Human readable Binary code with Binary code with text file readable symbols no symbols Code Readability February 02, 09 Page Compilation Results February 02, 09 Page Compilation Results int ExecFile(char *FileName) { PyObject* PyFileObject = PyFile_FromString(FileName, "r"); if (!PyFileObject) { return 0; } if (PyRun_SimpleFile(PyFile_AsFile(PyFileObject), FileName) == 0) { Py_DECREF(PyFileObject); return 1; } else { Py_DECREF(PyFileObject); return 0; } } February 02, 09 Page Illegal Activities Image Copyright â 2005 Klaus with K February 02, 09 Page Illegal Activities Illegal to reverse engineer and sell a competing product Illegal to crack copy protections Illegal to distribute a crack/registration for copyrighted software Illegal to gain unauthorized access to any computer system Copyright protected software is off-limits in most cases Spyware/Adware with companies behind them are included February 02, 09 Page Decompilation Process Disassembly Decompilation Executable Disassembly Source Code Binary code with Reverse engineer Human no symbols readable code readable code Code Readability February 02, 09 Page Disassembly Results February 02, 09 Page Disassembly Results text:00401250 text:00401260 text:00401270 text:00401280 text:00401290 text:004012A0 text:004012B0 text:004012C0 text:004012D0 text:004012E0 text:004012F0 E8 10 4B 55 A3 55 A3 55 55 83 00 BB 89 FF 89 57 89 57 8B 8B EC 89 DA 04 FF E5 00 E5 00 0D 0D 7C 44 0E 24 FF 83 E8 83 E8 54 34 B8 24 00 E8 8D EC B8 EC 98 A3 A3 70 38 89 27 B6 08 FE 08 FE 57 57 B5 8D 44 D5 00 C7 FF C7 FF 00 00 4E 44 24 0E 00 04 FF 04 FF 89 89 00 24 04 00 00 24 90 24 90 E5 E5 89 60 A1 8B 00 01 8D 02 8D 5D 5D 44 89 2C 15 8D 00 B4 00 B4 FF FF 24 44 A3 2C BF 00 26 00 26 E1 E1 34 24 57 A3 00 00 00 00 00 8D 90 B8 3C 00 57 00 FF 00 FF 00 74 90 74 B8 8B 00 00 15 00 15 00 26 90 30 90 40 E9 00 18 00 18 00 00 90 4F 13 F++a ởD$ ớ,ỳW.ù@ $F'+a ùĐ,ỳW.T KỡƯ ỡ+ Uởsõ8Ư $ Đ ỳW.F+ƯẫỡƯ& Uởsõ8Ư $ Đ ỳW.FƯẫỡƯ& UùTỳW.ởs]òỡt& Uù4ỳW.ởs]òẫẫẫẫ õ8|+pƯN.ởD$4+t0O ởD$8ỡD$`ởD$[...]... laws Copyright laws differ from country to country Reverse engineering is legal only is few specific cases Black box testing does not constitute reverse engineering Reverse engineering for compatibility fixes is legal Reverse engineering spyware is illegal in most countries When in doubt, do not reverse engineer! February 02, 09 Page Legal Uses of Reverse Engineering Recovery of own lost source... Commonly Used Tools Hex editor/viewer Disassembler Search engine Debugger Script language February 02, 09 Page Most Commonly Used Tools Hex editor/viewer Disassembler Search engine Debugger Script language February 02, 09 Page Most Commonly Used Tools Hex editor/viewer Disassembler Search engine Debugger Script language February 02, 09 Page Most Commonly Used Tools Hex editor/viewer ... Page Illegal Activities Image Copyright â 2005 Klaus with K February 02, 09 Page Illegal Activities Illegal to reverse engineer and sell a competing product Illegal to crack copy protections Illegal to distribute a crack/registration for copyrighted software Illegal to gain unauthorized access to any computer system Copyright protected software is off-limits in most cases Spyware/Adware with companies... engine Debugger Script language February 02, 09 Page Most Commonly Used Tools Hex editor/viewer Disassembler Search engine Debugger Script language February 02, 09 Page Most Commonly Used Tools Hex editor/viewer Disassembler Search engine Debugger Script language February 02, 09 Page Getting Started Master your tools Identify the target binary format Identify the target processor Identify... $tùl$xõ-|+ỡƯ February 02, 09 Page Uses of Reverse Engineering Malware analysis Security / vulnerability research Driver development Compatibility fixes Legacy application support February 02, 09 Page Ethical and Legal Aspects Disclaimer: I am not a lawyer, but here we go Image: Public Domain February 02, 09 Page Ethical and Legal Aspects Legality of reverse engineering is governed by copyright laws... off-limits in most cases Spyware/Adware with companies behind them are included February 02, 09 Page Decompilation Process Disassembly Decompilation Executable Disassembly Source Code Binary code with Reverse engineer Human no symbols readable code readable code Code Readability February 02, 09 Page Disassembly Results February 02, 09 Page Disassembly Results text:00401250 text:00401260 text:00401270 ... is Reverse Engineering? 2/2 Image Copyright â 2005 BAE Systems February 02, 09 Page Reverse Code Engineering Reverse Engineering is also known as RE or RCE RE: RCE: Reverse Engineering Reverse. .. Reverse Engineering Intro Ethical and Legal Aspects Process of Reverse Engineering Tools of the Trade February 02, 09 Page What is Reverse Engineering? 1/2 February 02, 09 Page What is Reverse. .. does not constitute reverse engineering Reverse engineering for compatibility fixes is legal Reverse engineering spyware is illegal in most countries When in doubt, not reverse engineer! February