Cybersecurity, Techno Buzz

What and from where to start learning Reverse Engineering

Making an application using n number of options of programming languages using various algorithms and concepts is not as tougher as to find out the equivalent code (or same same code) from executable binary files. In technical term, we call it “Reverse Engineering”.

In real life, think about a situation where CID has to find the killer, the weapon and the way or the reason for murder. What they do exactly is an example of Reverse Engineering. Whatever Danny Denzongappa (villain) did in Robot movie to make robot based on Rajnikanth’s ideas was nothing but Reverse Engineering. Whatever you do to find out the way how it was built and how it works is an example of Reverse Engineering.

News according to “Times of India”:

According to NSD, there are less than 5,000 reverse engineering experts currently in India. NSD in collaboration with various Academic Institutions across India aims to increase the number of reverse engineering professionals in the country to 1 lakh by 2015, through training and awareness.

I am always curious to know more about malware analysis and how things work by dismantling stuffs. So, I am just sharing this article as a collection of my leanings which I have known so far about basics of Reverse Engineering and it may help others as well. Please share your thoughts and experience with us, if possible.

So, what is Reverse Engineering?

In Software Engineering term, if you reverse the way Software model is developed, you would experience Reverse Engineering there.

Below image can explain the term better:

forward vs reverse engineering
forward vs reverse engineering

For whom it is?

This is useful and used by System and Network Administrators, Auditors, Security Consultants, Hardware hackers and Security Managers who are responsible for protecting the organization from malicious code or activities. And it is useful of course for Security researchers and real hackers 😉

How it can be useful for us (Ethical way)?

  • Recovery of lost information:

Suppose you have a device but don’t know how it was designed, programmed and launched in production system. There is no documentation at all. By that time Reverse Engineering suffice our needs to replace the documentation and working principles (one way or the other if not exactly the same) of such mysterious object.

 

One more example I wish to include which many students would agree. Let’s say you developed an application using Java and by mistake sourcecodes got deleted. How you will show it to your instructor now? Obviously you would need Reverse Engineering!

  • It helps in maintenance of the system by finding anomalies, bugs, loopholes etc. and hence helps in saving maintenance cost economically.
  • It can help in migrating from platform to other or to write an application from one language to other without losing the quality of the software or hardware.
  • It helps us in figuring out how application is build. Advanced SQL injection can be treated as an action of reverse engineering as we try to read programmer’s mind how the query would have been written and how the program will render it.

Where Reverse Engineering can be used?

  • To build similar technologies or machines by figuring out how existing model works like Robot movie 😉
  • For security and risk analysis of any software or hardware product
  • Can be used in bug fixing like Zero day exploit
  • Reverse Engineering is not so easy and always require an in depth analysis, so it can be always preferred as higher studies subject.
  • Well, in long term it will save money of a company or organization too

What are prerequisites to work and work in Reverse Engineering?

  • S. Concepts and good knowledge of Windows internals, Linux Kernel
  • Networking Concepts
  • Extensive knowledge of data and packet analysis tools like wireshark.
  • Knowledge of low level language like C and Assembly is must.
  • Zeal to learn the things harder way and mostly by self-study 😀

Difficulties in Reverse Engineering

  • It is a new research area under software maintenance domain
  • It includes activities of understanding the system and recovery information from system
  • Sound knowledge of O.S. and Programming is must for Reverse Engineering
  • Patience and moral support is what is required at personal level in such activities.

 

Books:The art of Assembly Language and Assembly Language for x86 Processors

Certification:There are many certifications but the most valuable (costly as well) is GREM (GIAC Reverse Engineering Malware)

Community: Nullcon, Defcon etc.

Online Tutorials: http://opensecuritytraining.info/Training.html

Institutes famous for reverse Engineering: Carnegie Mellon University, Padre University, Georgia tech University, NSU (Singapore). IIIT (Hyderabad)

List of tools used for various Reverse Engineering tasks

  • Debuggers : Ollydbg(Win32) , gdb (Linux), IDA Pro (Win32/Wine)
  • Disassembler: Hiew for Windows , valgrind and objdump for Linux
  • Assemblers: NASM (Netwide Assembler) , MASM (Microsoft Macro Assembler )
  • Hex Editors : Hex Workshop Tool
  • PE (Portable Executables) Analysers: PE Tools (PE is the native Win32 file format)
  • Linux Commands: ldd, strings, strip, nm, objdump, gdb, valgrind (just do whatis <command> )
  • TCP/IP Data Analyser like tcpdump, wireshark, tcpview (Windows)

Known Companies for software/hardware reverse engineers : Citrix, McAfee, Honeywell, Microsoft, IBM, Intel, Mitre, Qualys,CISCO, Akamai, Tenable Network Security, Amazon are few names.

 This is just brief of what Reverse Engineering is and what it can do. Please share whatever you know related to Reverse Engineering with us through our blog and forum platform 😀

Share your Thoughts