What is reverse engineering: functions, examples and stages

Reverse Engineering is a powerful technique for any software developer. But, as with any tool, it all depends on the person using it. This time we will discuss what Reverse Engineering is in the world of cybersecurity.

Read also: What is social engineering: how it works, types and examples

What is reverse engineering?

Reverse Engineering is a technique for finding out the path and operation of a program. The hope is that the examiner can find out and hope to get it defective or gap of the program in question. This is done by looking at the source code of the program.

In the “Reverse” tab, everything will be debugged in the binary program compiled in C language. The reverse result of the binary must be in the form of Assembly. So, like it or not, you need to have the basics in assembly language.

In software security, Reverse Engineering is also widely used to ensure that the system has no major security vulnerabilities or vulnerabilities. This helps keep the system robust, protecting it from malicious hackers. Some developers even hack their systems to identify vulnerabilities, the system is called ethical hackers. To learn more, you can read this article on ethical hacking.

Fungsi Reverse Engineering

In computer science itself, Reverse Engineering can be defined as the process of understanding the algorithm or structure of an application and can even obtain the source code of an application that is already running or of a binary / executable file. In fact, Reverse Engineering has several functions, but some of them can be positive or negative.

  1. Fix bugs / errors
  2. Making fixes for applications
  3. Get credentials
  4. Perform a bypass check
  5. Application operation
  6. Malware scan
  7. I’m looking for a software algorithm
  8. Inserting malware / backdoor / trojan / logger and so on.

Contoh reverse engineering

Reverse engineering (RE) or reverse engineering can be interpreted as procedures and processes for disassembling an object to find out the materials, working methods, or technology used so that the object can function properly.

People can do reverse engineering for various things, for example, take the simplest example, such as finding a recipe for a dish. We can guess the ingredients, herbs and spices used in a dish or it can be done by conducting a comprehensive research to “peel” the taste and aroma in each spoon.

After going through a long process, we finally know that the dish is made from the main ingredient in the form of boiled chicken with traditional spices, for example.

Back to Reverse engineeringIn this context RE is the process by which we can find out the program algorithm or the source code if possible.

Reverse software engineering involves machine code or binary numbers in a program to be returned to the original source (code). While reverse hardware engineering usually involves disassembling the device to find out how it works.

For example, if a computer processor manufacturer wants to see how a processor from another manufacturer works, it will buy that processor and disassemble it to make its own processor that is similar or better than its competitors. However, this process is illegal in many countries.

Where is reverse engineering used?

Reversal is usually used for Pentest purposes (Penetration testing), which tests the security of an application to find the weaknesses of the application itself and is usually widely used in a CTF (Capture The Flag) competition.

Reverse engineering is often used for forensics (malware analysis) and development development. In forensics, the goal is usually to find out the behavior of malware and its effects. Which in the end should make the IOC (Compromise Indicator). But when we come across malware that specifically targets an agency, we need to look at it more deeply, for example by looking for the perpetrators involved.

But usually during the response to the incident, we do not need to remove malware, because we focus again on normal operation.

During exploit development, reverse engineering is used to find gaps. In fact, you can disassemble a particular version of the product. But sometimes we can find a gap by comparing the difference (difference) between the original binary and the binary that was set by the provider.

Or we may also get a loophole in malware that took advantage of the zero day difference for the first time. Both are common applications of reverse engineering in the security industry. Of course, apart from making cracks, bumps, etc.

Reverse engineering steps

There are several steps in reversing. It all depends on the target we are facing. But in general, like this:

  • First, identify what the target looks like. Made using frame, language, library, etc. Each has its own characteristics, so it requires different tactics.
  • Second, determine the desired focus, which side do you want to reverse? for example, in the payload sections of malware and self-defense programs, which are discussed at length. How to evade, for example, security products for endpoints. If it’s not malware, you just need to adjust it, such as the serial number authentication section.
  • Third, get a rough idea of ​​the processes that take place there (the part we want to know about). If we were programmers there, how would we implement it? You don’t have to be too specific or detailed to imagine it. We just need to make an initial reference in order to be able to recognize the application code more easily.
  • Fourth, watch and read all the relevant code. The idea is to read and understand. If you don’t understand, write it down and read the plot again.

Reverse tool engineering

In fact, in order to do Reverse Engineering, the main thing is that we need to have programming skills. While the reverse engineering tool is only useful to facilitate the work of RE, which previously took hours, it could only take a few minutes. There are many tools for specific purposes, such as:

Disassembler (+ decompiler):

  • IDA Pro
  • Radar2 (+ cutlery as GUI)
  • GHIDRA
  • JEB2 (for Android)

Troubleshooter:

  • x64dbg
  • Ollydbg
  • Immunity Troubleshooter

Dynamic binary instrumentation:

  • Frida

Conclusion

So what is reverse engineering? Simply put, Reverse Engineering is a process that is used to find out the components and functions of a program to find vulnerabilities in the program. It does this by restoring the original design of the software by analyzing the program code or binary code.

The purpose of Reverse Engineering may vary, but it is usually to obtain the principle of operation of the system, to modify the system and to create a replica of the system. Reverse engineering is a very interesting subject, but it also takes a long time to learn.


So many articles What is reverse engineering. Looking forward to more interesting articles and don’t forget to share this article with your friends. Thanks…

Leave a Comment