What is reverse engineering in computer world?
Programming language like C/C++, java is a program that allows us to write programs and be understood by a computer. Application is any compiled program that has been composed with the aid of a programming language.Reverse Engineering (RE) is the decompilation of any application, regardless of the programming language that was used to create it, so that one can acquire its source code or any part of it. So, Reverse engineering is the process of taking a compiled binary and attempting to recreate the original way the program works. Reverse engineering is a very important skill for information security researchers, hackers, application developer.
What is reverse engineering used for?
Here are just a few reasons that reverse engineering exists nowadays and its usage is increasing each year:
Malware analysis
Security / vulnerability research
Legacy application support
Compatibility fixes
Driver development.
There are both Legal and Illegal Aspects of reverse engineering.So let's first understand Aspects of reverse
engineering:
Illegal to distribute a crack/registration for copyrighted software : What comes in our minds when we hear RE, is cracking. Cracking is as old as the programs themselves. To crack a program, means to trace and use a serial number or any other sort of registration information, required for the proper operation of a program. Therefore, if a shareware program requires a valid registration information, a reverse engineer can provide that information by decompiling a particular part of the program.
Illegal to gain unauthorized access to any computer system:Consider a server which is located at the web address http://www.example.com. When we log on this server with ftp, telnet, http, or whatever else this server permits for its users, we can easily find out what operating system is running on this server. Then, we reverse engineer the security modules of this operating system and we look for exploits.
Illegal to crack copy protections : Take for example the NOKIA 5210 cell phone. The manufacturer claims that the security code is unbreakable. Once set, only a hard reset can unlock the phone. Wrong! In any locked cell phone type “*3001#12345#”. A secret menu will pop-up and display among all the other interesting stuff, your security code. This is what the customer service is using to retrieve your lost security code. But how could someone discover this secret sequence of numbers? It would take practically infinite number of random attempts to find something like this.
Simple. Dump the software in computer disks. Then RE the software and you’ll find plenty of “secret” codes.
Ethical and Legal Aspects:
Legality of reverse engineering is governed by copyright laws
Reverse engineering spyware is illegal in most countries
Copyright laws differ from country to country
Reverse engineering is legal only is few specific cases
Black box testing does not constitute reverse engineering
Reverse engineering for compatibility fixes is legal
Recovery of own lost source code
Recovery of data from legacy formats
Mal ware analysis and research
Security and vulnerability research
Copyright infringement investigations
Finding out the contents of any database you legally purchased
and many more....
Requirements:
1.Computer architecture knowledge: For reverse engineering, you should have the knowledge of target computer architecture. For example, Windows Anatomy like Windows API, File System, File Anatomy, File Header, Into PE Format, The PE Header, Image File Header etc.
2.Assembly programming of target processors : we need to learn many processor specific instructions and become familiar with the concepts of the assembly programming language. Mostly to better understand what is reverse engineering without source code,Assembly programming is must.
3.Mind :-)
Tools of the trade:
1.Hex editor :The hex editor is that a application allows for manipulation of the fundamental binary data that
constitutes a computer file.They also provide searching for specific bytes, saving sections of a binary to disk.There are many free hex editors out there, and most of them are fine. i would recommend Hex Editor Neo .
2. Disassembler : A disassembler will take a binary and break it down into human readable assembly. With a disassembler you can take a binary and see exactly how it functions (static analysis). They also extrapolate data such as function calls, passed variables and text strings. IDA pro is good Disassembler: IDA pro
3.Debugger : A debugger we can step through, break and edit the assembly while it is executing (dynamic analysis). They first analyze the binary, much like a disassembler Debuggers then allow the reverser to step through the code, running one line at a time and investigating the results.Ollydbg is a good Debugger: Ollydbg.
4. PE and resource viewers/editors : Every binary designed to run on a windows machine (and Linux for that matter) has a very specific section of data at the beginning of it that tells the operating system how to set up and initialize the program. It tells the OS how much memory it will require, what support DLLs the program needs to borrow code from, information about dialog boxes and such. This is called the Portable Executable, and all programs designed to run on windows needs to have one.
You can use CFF Explorer.
5.Search engine : of course, it is Google.
Getting Started :Here is the several steps which helps you:
-> First Master your tools.
-> Then Identify the target binary format
-> Then Identify the target processor
-> Then Identify the target operating system
Online resources :
1. Nice collection of tutorials aimed particularly for newbie reverse engineers.
Lenas Reversing for Newbies:https://tuts4you.com/download.php?list.17
2. Extensive collection of papers and articles on various topics of reverse engineering.
Tutorials, Papers, Dissertations, Essays and Guides : https://tuts4you.com/download.php?list.19
3. R4ndom’s Beginning Reverse Engineering Tutorials: http://thelegendofrandom.com/blog/sample-page
4. opensecuritytraining.info
Introduction To Reverse Engineering Software:http://opensecuritytraining.info/IntroductionToReverseEngineering.html
5. The PE file structure:
An In-Depth Look into the Win32 Portable Executable File Format .
Another PE file structure document : The PE file structure
6.CrackZ's Reverse Engineering Page: http://www.woodmann.com/crackz/
Books:
Reversing - Secrets of Reverse Engineering: The author walked you through the techniques which can be used in reverse/anti-reverse software. Most of them can be applied and used when you do your own code reverse. The book also teaches you how to protect your own application from reversing.
The.IDA.Pro.Book.2nd.Edition: IDA Pro is a very powerful tool that is very difficult to learn and use this is a book on how to use IDA, not a book on how to read dis-assembly.If you want to learn to use IDA Pro, this is by far the best book for you.
Hacker Disassembling Uncovered-Powerful Techniques To Safeguard Your Programming: It's a good primer to the art of reverse engineering. if you are a system and/or kernel mode programmer, then this is the book for you. This book deals with how to go about disassembling a program with holes without its source code.
Programming from the ground up : Programming from the Ground Up uses Linux assembly language to teach new programmers the most important concepts in programming. It takes you a step at a time through assembly language concepts.The examples are very simple and the language used throughout the book is very easy to understand.
Windows Operating System Internals
Practice :
1. This place is created by reversers for reversers, newbies and the experienced ones. Here you can test and improve your reversing skills by solving the tasks (usually called crackmes) given to you by the same fellow reversers as you. you can take challenges here: http://www.crackmes.de
if you like this post or have any question, please feel free to comment !
Programming language like C/C++, java is a program that allows us to write programs and be understood by a computer. Application is any compiled program that has been composed with the aid of a programming language.Reverse Engineering (RE) is the decompilation of any application, regardless of the programming language that was used to create it, so that one can acquire its source code or any part of it. So, Reverse engineering is the process of taking a compiled binary and attempting to recreate the original way the program works. Reverse engineering is a very important skill for information security researchers, hackers, application developer.
What is reverse engineering used for?
Here are just a few reasons that reverse engineering exists nowadays and its usage is increasing each year:
Malware analysis
Security / vulnerability research
Legacy application support
Compatibility fixes
Driver development.
There are both Legal and Illegal Aspects of reverse engineering.So let's first understand Aspects of reverse
engineering:
Illegal to distribute a crack/registration for copyrighted software : What comes in our minds when we hear RE, is cracking. Cracking is as old as the programs themselves. To crack a program, means to trace and use a serial number or any other sort of registration information, required for the proper operation of a program. Therefore, if a shareware program requires a valid registration information, a reverse engineer can provide that information by decompiling a particular part of the program.
Illegal to gain unauthorized access to any computer system:Consider a server which is located at the web address http://www.example.com. When we log on this server with ftp, telnet, http, or whatever else this server permits for its users, we can easily find out what operating system is running on this server. Then, we reverse engineer the security modules of this operating system and we look for exploits.
Illegal to crack copy protections : Take for example the NOKIA 5210 cell phone. The manufacturer claims that the security code is unbreakable. Once set, only a hard reset can unlock the phone. Wrong! In any locked cell phone type “*3001#12345#”. A secret menu will pop-up and display among all the other interesting stuff, your security code. This is what the customer service is using to retrieve your lost security code. But how could someone discover this secret sequence of numbers? It would take practically infinite number of random attempts to find something like this.
Simple. Dump the software in computer disks. Then RE the software and you’ll find plenty of “secret” codes.
Ethical and Legal Aspects:
Legality of reverse engineering is governed by copyright laws
Reverse engineering spyware is illegal in most countries
Copyright laws differ from country to country
Reverse engineering is legal only is few specific cases
Black box testing does not constitute reverse engineering
Reverse engineering for compatibility fixes is legal
Recovery of own lost source code
Recovery of data from legacy formats
Mal ware analysis and research
Security and vulnerability research
Copyright infringement investigations
Finding out the contents of any database you legally purchased
and many more....
Requirements:
1.Computer architecture knowledge: For reverse engineering, you should have the knowledge of target computer architecture. For example, Windows Anatomy like Windows API, File System, File Anatomy, File Header, Into PE Format, The PE Header, Image File Header etc.
2.Assembly programming of target processors : we need to learn many processor specific instructions and become familiar with the concepts of the assembly programming language. Mostly to better understand what is reverse engineering without source code,Assembly programming is must.
3.Mind :-)
Tools of the trade:
1.Hex editor :The hex editor is that a application allows for manipulation of the fundamental binary data that
constitutes a computer file.They also provide searching for specific bytes, saving sections of a binary to disk.There are many free hex editors out there, and most of them are fine. i would recommend Hex Editor Neo .
2. Disassembler : A disassembler will take a binary and break it down into human readable assembly. With a disassembler you can take a binary and see exactly how it functions (static analysis). They also extrapolate data such as function calls, passed variables and text strings. IDA pro is good Disassembler: IDA pro
3.Debugger : A debugger we can step through, break and edit the assembly while it is executing (dynamic analysis). They first analyze the binary, much like a disassembler Debuggers then allow the reverser to step through the code, running one line at a time and investigating the results.Ollydbg is a good Debugger: Ollydbg.
4. PE and resource viewers/editors : Every binary designed to run on a windows machine (and Linux for that matter) has a very specific section of data at the beginning of it that tells the operating system how to set up and initialize the program. It tells the OS how much memory it will require, what support DLLs the program needs to borrow code from, information about dialog boxes and such. This is called the Portable Executable, and all programs designed to run on windows needs to have one.
You can use CFF Explorer.
5.Search engine : of course, it is Google.
Getting Started :Here is the several steps which helps you:
-> First Master your tools.
-> Then Identify the target binary format
-> Then Identify the target processor
-> Then Identify the target operating system
Online resources :
1. Nice collection of tutorials aimed particularly for newbie reverse engineers.
Lenas Reversing for Newbies:https://tuts4you.com/download.php?list.17
2. Extensive collection of papers and articles on various topics of reverse engineering.
Tutorials, Papers, Dissertations, Essays and Guides : https://tuts4you.com/download.php?list.19
3. R4ndom’s Beginning Reverse Engineering Tutorials: http://thelegendofrandom.com/blog/sample-page
4. opensecuritytraining.info
Introduction To Reverse Engineering Software:http://opensecuritytraining.info/IntroductionToReverseEngineering.html
5. The PE file structure:
An In-Depth Look into the Win32 Portable Executable File Format .
Another PE file structure document : The PE file structure
6.CrackZ's Reverse Engineering Page: http://www.woodmann.com/crackz/
Books:
Reversing - Secrets of Reverse Engineering: The author walked you through the techniques which can be used in reverse/anti-reverse software. Most of them can be applied and used when you do your own code reverse. The book also teaches you how to protect your own application from reversing.
The.IDA.Pro.Book.2nd.Edition: IDA Pro is a very powerful tool that is very difficult to learn and use this is a book on how to use IDA, not a book on how to read dis-assembly.If you want to learn to use IDA Pro, this is by far the best book for you.
Hacker Disassembling Uncovered-Powerful Techniques To Safeguard Your Programming: It's a good primer to the art of reverse engineering. if you are a system and/or kernel mode programmer, then this is the book for you. This book deals with how to go about disassembling a program with holes without its source code.
Programming from the ground up : Programming from the Ground Up uses Linux assembly language to teach new programmers the most important concepts in programming. It takes you a step at a time through assembly language concepts.The examples are very simple and the language used throughout the book is very easy to understand.
Windows Operating System Internals
Practice :
1. This place is created by reversers for reversers, newbies and the experienced ones. Here you can test and improve your reversing skills by solving the tasks (usually called crackmes) given to you by the same fellow reversers as you. you can take challenges here: http://www.crackmes.de
if you like this post or have any question, please feel free to comment !