What is Functions, Examples, and Stages of Reverse Engineering

what is reverse engineering functions examples and stages.
What is Functions, Examples, and Stages of Reverse Engineering

Reverse Engineering is a powerful technique for any software developer. But like any tool, it all depends on the person using it. This time we will discuss what Reverse Engineering is in the world of cyber security.


What is Reverse Engineering?

Reverse Engineering is a technique to find out the path and workings of a program. The hope is that testers can find out and hope to find flaws or loopholes in the program in question. This is done by looking at the source code of the program.

In the "Reverse" tag, all of these will debug binary executable programs compiled in C language. The reverse result of the binary must be an assembly. So, like it or not, you have to have a basic assembly language.

In software security, Reverse Engineering is also widely used to ensure that the system does not have major security vulnerabilities or vulnerabilities. This helps to make the system robust, thereby protecting it from malicious hackers. Some developers even hack their systems to identify vulnerabilities, the system is called ethical hackers. To find out more, you can read this ethical hacking article.


Reverse Engineering Function

In computer science itself, Reverse Engineering can be defined as the process of understanding the algorithm or structure of an application and maybe even getting the source code of an already running application or binary/executable file. Actually, Reverse Engineering has several functions but some of them can be positive or negative.

  1. Fix bugs/errors
  2. Create application patches
  3. Get credential data
  4. Bypass verification
  5. Exploiting the application
  6. Malware analysis
  7. Looking for a software algorithm
  8. Inserting malware/backdoor/trojan/logger and so on.


Reverse Engineering Example

Reverse Engineering (RE) or reverse engineering can be defined as procedures and processes in dismantling an object to find out the materials, working methods, or technology used so that the object can function properly.

People can reverse engineer various things, for example, let's take the simplest example, such as finding out the recipe for a dish. We can guess the ingredients, herbs, and spices used in a dish, or it can be done by doing comprehensive research to “skin” the taste and aroma in every spoonful.

After going through a long process, we finally know that the dish is made from the main ingredient in the form of chicken meat boiled with traditional spices, for example.

Back to reverse engineering, in this context RE is the process of how we can find out the program algorithm or source code if possible.

Software reverse engineering involves machine code or binary numbers in a program to be returned to the original source (code). Whereas reverse engineering on hardware usually involves disassembling the device to find out how it works.

For example, if a computer processor manufacturer wants to see how a processor from another manufacturer works, they will buy that processor and disassemble it to make their own processor that is similar to or better than its competitors. However, this process is illegal in many countries.


Where is Reverse Engineering Used?

Usually reversing is used for Pentest (Penetration Testing) purposes, namely testing the security of an application to find weaknesses in the application itself, and is usually also widely used in a CTF (Capture The Flag) competition.

Reverse engineering is also often used for forensics (malware analysis) and exploit development. In forensics, the goal is usually to find out the behavior of malware and its effects. Which in the end should make the IOC (Indicator of Compromise). But when we encounter malware that specifically targets an agency, we need to analyze it more deeply, for example looking for the perpetrators involved.

But usually, during Incident Response, we don't need to dismantle malware, because our focus is on returning to normal operation.

While in exploit development reverse engineering is used to find loopholes. You can actually disassemble a certain version of the product. But sometimes we get a gap by comparing the difference (diffing) between the original binary and the binary that has been fixed by the vendor.

Or we can also get a loophole from malware that first takes advantage of the zero-day gap. Both are the usual application of reverse engineering in the security sector. Of course, apart from making cracks, bots, etc.


Reverse Engineering Stages

There are several stages in doing reversing. It all depends on the target we are facing. But generally like this:

  * First, identify what the target looks like. Made using what framework, what language, what library, etc. Each has its own characteristics so it requires different tactics.

  * Second, determine the desired focus, what part do you want to reverse? for example in malware payload and self-defense sections that are widely discussed. How does he evade endpoint security products, for example? If it's not malware, you just have to adjust it, for example, the serial number authentication section.

  * Third, make a rough idea of ​​the processes that occur there (the part we want to know). If we were programmers there, how would we implement it? No need to be too specific or detailed to imagine it. We only need to make an initial reference, so that we can recognize the application code more easily.

  * Fourth, trace and read all relevant codes. The point is to read and understand. If you don't understand, make notes, and read the plot again.


Reverse Engineering Tools

Actually, to do reverse engineering, the main thing is we must have programming skills. While the Reverse Engineering tool is only useful for facilitating RE work that previously took hours, it could take only a few minutes. There are many tools for specific purposes, such as:

Disassembler (+decompiler):

  • IDA Pro
  • Radare2 (+ cutlass as GUI)
  • GHIDRA
  • JEB2 (for android)

Debuggers:

  • x64dbg
  • Ollydbg
  • Immunity Debugger

Dynamic Binary Instrumentation:

  • Frida


Summary

So what is Reverse Engineering? In simple terms, Reverse Engineering is a process used to find out the components and functions of a program to find vulnerabilities in the program. It is done by restoring the original software design by analyzing the program code or binary.

The purpose of Reverse Engineering can vary but is usually to obtain the working principle of the system, modify the system, and create a replica of the system. Reverse engineering is a very interesting topic, but it also takes a very long time to learn.


Hopefully, this article about What is Reverse Engineering: Functions, Examples, And Stages, gives you a little insight. Also, read an article about What is Route Redistribution and How It Works that you may need to know. Thank you.

Previous Post Next Post