Hello Friends, Welcome back after a long time on HackingLoops. Today i will teach you basics of Reverse Code Engineering
simply called RCE and in future hacking classes we will discuss it in
depth with practical reverse engineering examples. We will cover
complete reverse code engineering concepts one by one and i have divided
the tutorial into 8-10 different parts which will give you a complete
idea of RCE and different tools like IDA pro and other debuggers like
ollydbg, disassemblers, obfuscators etc.
Today we will discuss what is reverse code engineering? How its useful for ethical hacking? Common terms used in reverse engineering.
In next post i will share the coding tutorials for Assembly Language
and Register manipulation and memory heap basics that i normally use to
reverse engineer any program, software or windows file. So friends, lets start our hacking class of reverse engineering.
 |
| Reverse Engineering Introduction |
What is Reverse Engineering?
Have you ever noticed, say any famous company like Apple made an application
or introduced a new feature and after few days you find that some
other company also introduced the same. The magic behind this is a
technique known as reverse code engineering. They decode or reverse engineer their programs or applications to get the basic structure of the original program and then following the structure, codes their own application and what hackers do they reverse engineer the code and make keygens and patches to crack the application and in some cases releases the source codes like what happened in case of NORTON( Internet security Giant).
According to Wikipedia "Reverse engineering is the process of
discovering the technological principles of a device, object or system
through analysis of its structure, function and operation. It often
involves taking something (e.g., a mechanical device, electronic
component, biological, chemical or organic matter or software program)
apart and analyzing its workings in detail
to be used in maintenance, or to try to make a new device or program
that does the same thing without using or simply duplicating (without
understanding) the original".
Ahh.. more technology related. I will explain you in better way. As the name suggest reverse engineer
means if you have something that is already made, in computer field
say exe, binary or simply installer package. Now what reverse engineering
is, decoding the exe or binary in such as fashion that we will get
original source code or some what near to it or get the basic
architecture of the design. Consider an example, you have a wall made
of bricks, here bricks are base material to build the wall. Now what we
want to do is we want to obtain all the bricks from the wall.
Similarly we have an executable or dll file and we know programs are
made from coding only, so source codes are base material in building
executable. So we want to obtain the source code from the executable or
some what near to it. As when you break wall also to get the bricks
some bricks are also got broken and that's all depend type of material
used to fix or mend bricks to make the wall. Similarly the retrieval of
source code from executable depends upon how securely software is
being packed and type of cryptography or packer is used by its designer.
I hope now you have got what exactly reverse engineering is...
What is the use or benefit of Reverse Engineering?
I can guarantee most of internet users use cracks or keygens or
patches. Have you ever tried to understand how they are made. Ahhh... I
know you haven't. So let me give you clear information. All the
keygens or cracks or patches of software's are made by technique called
Reverse Engineering. Oops... I was going to tell the benefits.. what i am telling...negative features... But these are features of reverse engineering
my friends and most commonly used by all famous organizations as its a
part of their Program promoting methodolgy. They wants users base
that's why they themselves releases keygens and patches of their
software's so that their market visibility ratio will be maintained
otherwise open source will acquire their place. Like what famous
companies like Microsoft, Adobe do, do you think they cant develop a
software that can't be cracked. Its two easy but they avoid it because
if they do so people will look for open source alternatives and by this,
they will loose their customer base simply called Market visibility.
Other Beneficial Uses of Reverse Engineering:
- Product analysis: To examine how a product works
- Removal of copy protection, circumvention of access restrictions.
- Security auditing.
- Extremely useful when you lost documentation.
- Academic/learning purposes.
- Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
- Last but not the least..Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.
Common Terms Used in Reverse Engineering:
1. Debugger : A debugger or debugging tool is a
computer program that is used to test and debug other programs (the
"target" program). This helps in finding out loopholes in the applications
and programs. Penetration testers uses debuggers to test their
programs. Famous example of debugger is ollydbg. I will explain theses in detail in coming classes.
2. Disassembler: A disassembler is a computer program that
translates machine language into assembly language. It behaves in
completely opposite manner of an assembler.
3. Decompiler : A decompiler is the name
given to a computer program that performs, as far as possible, the
reverse operation to that of a compiler. Note decompiler and
disassembler are both different things. A decompiler translates the code
into high language like C, C++ etc which disassembler generates a
assembly code.
4. Packers or Unpackers: Packers do simply as their name
suggests, they 'pack' or 'compress' a program much the same way a
compressor like Pkzip does, packers then attach their own decryption /
loading stub which 'unpacks' the program before resuming execution
normally at the programs original entry point. The weakness of every
packer is of course simple, if a program runs it must be unpacked at
some stage and at said stage we can dump the program to disk.
5. Program Obfuscation: Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.
6. Hex Editing: As name suggests, we use hex editors to edit the binaries and exe's.
7. Cryptography: Cryptography is a technique to protect the data( any form ) in the computer world. Cryptography
is most often associated with scrambling plaintext (ordinary text,
sometimes referred to as cleartext) into ciphertext (a process called
encryption), then back again (known as decryption).
I will explain these terms in detail in my coming articles. Till then
you can explore these topics on internet so that you will have some
prior knowledge of Reverse Engineering terms.
Note: Reverse Code Engineering articles will going to be more
advanced and technology oriented which surely requires prior knowledge
of Assembly language specially registers and accumulators and several
reverse engineering commands like JMP, DCL etc.. Don't worry i will try
to cover these basics in my next article of reverse engineering where
we will explore about assembly language and other registers related
stuff. Till that time keep exploring things.
No comments:
Post a Comment