Today I will teach you the basics of Reverse Code Engineering, simply called RCE, and in future hacking classes we will discuss it in-depth with practical reverse engineering examples. We will cover complete reverse code engineering concepts one by one. I have divided the tutorial into 8-10 different parts which will give you a complete idea of RCE and different tools like IDA pro and other debuggers like ollydbg, disassemblers, obfuscators etc.
Today we will discuss what exactly reverse code engineering is, how it’s useful for ethical hacking, and common terms used in reverse engineering. In my next post, I will share the coding tutorials for Assembly Language and Register manipulation and memory heap basics that I normally use to reverse engineer any program, software, or windows file. Let’s begin.
|Reverse Engineering Introduction|
What is Reverse Engineering?
Have you ever noticed a time when a famous company, such as Apple, unveils a new app or feature, only to see other companies release something similar in the following days? The magic behind this is a technique known as reverse code engineering. They decode or reverse engineer their programs or applications to get the basic structure of the original program and then following the structure, code their own application. Hackers reverse engineer the code and make keygens and patches to crack the applications, and in some cases release the source codes, like what happened in the case of NORTON (an internet security giant).
According to Wikipedia “Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation. It often involves taking something (e.g., a mechanical device, electronic component, biological, chemical or organic matter or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original.
Let me explain in a different way. As the name suggests, reverse engineering means that if something is already made in computer field like exe, binary, or simply installer package, you decode the exe or binary in such as fashion that we will get original source code or something that closely resembles it, to get the basic architecture of the design. Consider an example, you have a wall made of bricks, here bricks are the base material that built the wall. Now we want to obtain all the bricks from the wall. Similarly, we have an executable or dll file and we know programs are made from coding only, so source codes are the base material in the building’s executable. We want to obtain the source code from the executable, or something that closely resembles it. When you break the wall to get the bricks, some bricks got broken, the type of material used to mend the bricks and rebuild the wall is very important. Similarly, the retrieval of the source code from executable depends upon how securely software is being packed and what type of cryptography or packer is used by its designer.
What is the features of Reverse Engineering?
I can guarantee internet users use cracks or keygens or patches. Have you ever tried to understand how they are made? All keygens or cracks or patches in various software are made by a technique called Reverse Engineering. These are features of reverse engineering and most commonly used by famous organizations as a part of their programs promoting methodology. Companies need a user base, so they themselves release keygens and patches of their software so that their market visibility ratio will be maintained, otherwise open source will acquire their place. Even famous companies like Microsoft and Adobe avoid releasing software that can’t be cracked, because if they do so people will look for open source alternatives and the companies will lose their customer base. This is called Market Visibility.
Other Benefitsof Reverse Engineering:
- Product analysis: To examine how a product works
- Removal of copy protection, circumvention of access restrictions.
- Security auditing.
- Extremely useful when you lost documentation.
- Academic/learning purposes.
- Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
- Last but not the least..Learning: learn from others’ mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
Common Terms Used in Reverse Engineering:
1. Debugger : A debugger or debugging tool is a computer program that is used to test and debug other programs (the “target” program). This helps in finding out loopholes in the applications and programs. Penetration testers uses debuggers to test their programs. A famous example of debugger is ollydbg. I will explain these in detail in future classes.
2. Disassembler: A disassembler is a computer program that translates machine language into assembly language. It behaves in completely opposite manner of an assembler.
3. Decompiler : A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. Note decompiler and disassembler are both different things. A decompiler translates the code into high language like C, C etc which disassembler generates a assembly code.
4. Packers or unpackers: Packers do simply as their name suggests, they ‘pack’ or ‘compress’ a program much the same way a compressor like Pkzip does. Packers then attach their own decryption / loading stub which ‘unpacks’ the program before resuming execution normally at the programs original entry point. The weakness of every packer is of course simple, if a program runs it must be unpacked at some stage and at said stage we can dump the program to disk.
5. Program Obfuscation: Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.
6. Hex Editing: As the name suggests, we use hex editors to edit the binaries and exe’s.
7. Cryptography: Cryptography is a technique to protect data (any form) in the computer world. Cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).
I will explain these terms in detail in my coming articles. Till then you can explore these topics on internet so that you will have some prior knowledge of Reverse Engineering terms.