What Is Reverse Engineering: Functions, Examples, And Stages
What Is Reverse Engineering: Functions, Examples, And Stages
Reverse Engineering is a powerful technique for any software developer. But like any tool, it all depends on the person using it. This time we will discuss what Reverse Engineering is in the world of cyber security.
What is Reverse Engineering?
Reverse Engineering is a technique to find out the path and workings of a program. The hope is that testers can find out and hope to get flaws or loopholes from the program in question. This is done by looking at the source code of the program.
In the "Reverse" tag, all of these will debug executable binary programs compiled in C language. The reverse results of the binary must be in the form of an assembly. So, like it or not, you have to have basic knowledge in assembly language.
In software security, Reverse Engineering is also widely used to ensure that a system does not have major security weaknesses or vulnerabilities. It helps to make the system robust, thereby protecting it from bad hackers. Some developers even hack their systems to identify vulnerabilities, a system called ethical hackers. To find out more, you can read this ethical hacking article.
Reverse engineering function
In computer science itself, Reverse Engineering can be interpreted as the process of understanding the algorithm or structure of an application and maybe even getting the source code of an application that is already running or a binary / executable file. Actually Reverse Engineering has several functions but some of them can be positive or negative.
1. Fixed bugs/errors
2. Make an application patch
3. Get credential data
4. Perform a verification bypass
5. Exploit the application
6. Malware analysis
7. Looking for a software algorithm
8. Insert malware/backdoor/trojan/logger and so on.
Reverse engineering example
Reverse Engineering (RE) or reverse engineering can be interpreted as a procedure and process in dismantling an object to find out the materials, work methods, or technology used so that the object can function properly.
People can reverse engineer many things, for example we take the simplest example like finding out a recipe for a dish. We can guess the ingredients, seasonings and spices used in a dish, or we can also do comprehensive research to "skin" the taste and aroma in each spoon.
After going through a long process, we finally know that the dish is made from the main ingredient in the form of chicken boiled with traditional spices, for example.
Back to reverse engineering, in this context RE is the process of how we can find out the program algorithm or source code if possible.
Software reverse engineering involves turning the machine code or binary numbers in a program back to its original source (code). Meanwhile, reverse engineering on hardware usually involves disassembling the device to find out how it works.
For example, if a computer processor manufacturer wants to see how a processor from another manufacturer works, they will buy the processor and take it apart to build their own processor that is similar to or better than the competition's. However, this process is illegal in many countries.
Where is Reverse Engineering Used?
Usually reversing is used for Pentest (Penetration Testing) purposes, namely testing the security of an application to find weaknesses in the application itself and is usually also widely used in a CTF (Capture The Flag) competition.
Reverse Engineering is also often used for forensics (malware analysis) and exploit development. In forensics, the goal is usually to find out the behavior of malware and its impact. Which in the end should make the IOC (Indicator of Compromise). But when we encounter a malware that specifically targets an agency, we need to analyze it more deeply, for example to find the perpetrators involved.
But usually when it comes to Incident Response, we don't need to dismantle malware, because our focus is on returning to normal operation.
Meanwhile, in exploit development, reverse engineering is used to find loopholes. It is possible to dismantle a certain version of the product. But sometimes we get gaps by comparing the differences (diffing) between the original binary and the binary that has been fixed by the vendor.
Or we can also get loopholes from malware that first took advantage of these zero day loopholes. Both are commonplace applications of reverse engineering in security. Of course, besides making cracks, bots, etc.
Reverse Engineering Stages
There are several stages in doing the reverse. It all depends on the target we are facing. But generally like this:
* First, first identify what the target looks like. Made using what framework, what language, what library, etc. Each has its own characteristics so it requires a different tactic.
* Second, determine the desired focus, what part do you want to reverse? for example in the payload and self-defense sections of malware which are widely discussed. How does he evade endpoint security products, for example. If it's not malware, you just have to adjust it, for example the serial number authentication section.
* Third, make a rough description of the processes that occur there (the part we want to know). If we were programmers there, how would we implement it. No need to be too specific or detailed to imagine it. We only need to make an initial reference, so we can recognize the application code more easily.
* Fourth, trace and read all relevant code. Basically, read and understand. If you don't understand, make notes, and read the plot again.
Reverse engineering tools
Actually, to do Reverse Engineering, we must have the ability to program. Meanwhile, the Reverse Engineering tool is only useful for facilitating RE work that previously took hours, so it only takes a few minutes. There are many tools for specific purposes, examples such as:
Disassembler (+decompiler):
*IDA Pro
* Radare2 (+cutlas as GUI)
* GHIDRA
* JEB2 (for android)
Debuggers:
* x64dbg
*Ollydbg
* Immunity Debugger
Dynamic Binary Instrumentations:
* Frida
Conclusion
So what is Reverse Engineering? Simply put Reverse Engineering is a process used to know the components and functions of a program to find vulnerabilities in the program. It does so by restoring the original software design by analyzing the program's code or binaries.
Reverse Engineering objectives can vary, but usually to get the working principle of the system, modify the system, and make a replica of the system. Reverse engineering is the most interesting topic, but it also takes a very long time to learn.
________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ ________
So many articles What is Reverse Engineering. Look forward to other interesting articles and don't forget to share this article with your friends. Thank you…
Resa Risyan
Just an ordinary person who wants to share a little knowledge, hopefully the knowledge I provide can be useful for all of us. Keep in mind! Useful knowledge is an investment in the afterlife.
Post a Comment