Reverse engineering

1

Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g., a mechanical device, electronic component, or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) any part of the original. Reverse engineering has its origins in the analysis of hardware for commercial or military advantage.[1] The purpose is to deduce design decisions from end products with little or no additional knowledge about the procedures involved in the original production. The same techniques are subsequently being researched for application to legacy software systems, not for industrial or defence ends, but rather to replace incorrect, incomplete, or otherwise unavailable documentation.[2]

Motivation
Reasons for reverse engineering: • Interoperability. • Lost documentation: Reverse engineering often is done because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available. Integrated circuits often seem to have been designed on obsolete, proprietary systems, which means that the only way to incorporate the functionality into new technology is to reverse-engineer the existing chip and then re-design it. • Product analysis. To examine how a product works, what components it consists of, estimate costs, and identify potential patent infringement. • Digital update/correction. To update the digital version (e.g. CAD model) of an object to match an "as-built" condition. • Security auditing. • Acquiring sensitive data by disassembling and analysing the design of a system component [3] • Military or commercial espionage. Learning about an enemy's or competitor's latest research by stealing or capturing a prototype and dismantling it. • Removal of copy protection, circumvention of access restrictions. • Creation of unlicensed/unapproved duplicates. • Materials harvesting, sorting, or scrapping.[4] • Academic/learning purposes. • Curiosity • Competitive technical intelligence (understand what your competitor is actually doing versus what they say they are doing) • Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected

Reverse engineering of machines
As computer-aided design (CAD) has become more popular, reverse engineering has become a viable method to create a 3D virtual model of an existing physical part for use in 3D CAD, CAM, CAE or other software.[5] The reverse-engineering process involves measuring an object and then reconstructing it as a 3D model. The physical object can be measured using 3D scanning technologies like CMMs, laser scanners, structured light digitizers or computed tomography. The measured data alone, usually represented as a point cloud, lacks topological information and is therefore often processed and modeled into a more usable format such as a triangular-faced mesh, a set of

and what components it consists of.[8] As an example. in-house repairs or retrofits. perhaps poorly documented or documented but no longer valid. decompilation of binaries for the Java platform can be accomplished using Jad. It is used to analyse. Reverse engineering is also used by businesses to bring existing physical geometry into digital product development environments. Reverse engineering is a process of examination only: the software system under consideration is not modified (which would make it re-engineering). and OpenOffice. It involves de-constructing and analysing products. prompting Chikofsky and Cross to write a paper researching the various uses and defining a taxonomy. enabling of additional features on low-cost "crippled" hardware (such as some graphics card chip-sets). customization of embedded systems (such as engine management systems). The Certified Reverse Engineering Analyst (CREA) is a certification provided by the IACRB that certifies candidates are proficient in reverse engineering software. 2 Reverse engineering of software The term reverse engineering as applied to software means different things to different people. they state. black box testing in software engineering has a lot in common with reverse engineering. as it strives to provide binary (ABI and API) compatibility with the current Windows OSes of the NT branch.[10] since the Samba project had to reverse-engineer unpublished information about how Windows file sharing worked. source code is already available for the software. In the second case. for instance. Other purposes of reverse engineering include security auditing. Value engineering is a related activity also used by businesses. removal of copy protection ("cracking"). two main types of reverse engineering emerge.[7] In this model. On a related note. which allows systems that are not running Microsoft Windows systems to share files with systems that are. so that non-Windows computers could emulate it.[9] The Samba software."[6] It can also be seen as "going backwards through the development cycle". but higher-level aspects of the program. Reverse engineering of software can make use of the clean room design technique to avoid copyright infringement. but their goals are to find bugs and undocumented features by bashing the product from outside. Software anti-tamper technology is used to deter both reverse engineering and re-engineering of proprietary software and software-powered systems. estimate costs. to make a digital 3D record of their own products or to assess competitors' products. by the fair use exception in copyright law. and any efforts towards discovering one possible source code for the software are regarded as reverse engineering. but the objective is to find opportunities for cost cutting. etc. in an inversion of the traditional waterfall model. The Wine project does the same thing for the Windows API. Binary software This process is sometimes termed Reverse Code Engineering. how a product works. or even mere satisfaction of curiosity. "Reverse engineering is the process of analyzing a subject system to create representations of the system at a higher level of abstraction. or RCE. In the first case. circumvention of access restrictions often present in consumer electronics. The ReactOS project is even more ambitious in its goals. This second usage of the term is the one most people are familiar with. Reverse engineering of software is protected in the U. is a classic example of software reverse engineering. are discovered.org is one party doing this for the Microsoft Office file formats. The tester usually has the API. In practice.Reverse engineering NURBS surfaces or a CAD model. what it does. allowing software and drivers written for . An example of a group that reverse-engineers software for enjoyment is CORE which stands for "Challenge Of Reverse Engineering". there is no source code available for the software. From their paper. and identify potential patent infringement. One famous case of reverse engineering was the first non-IBM implementation of the PC BIOS which launched the historic IBM PC compatible industry that has been the overwhelmingly dominant computer hardware platform for many years. the output of the implementation phase (in source code form) is reverse-engineered back to the analysis phase.S.

This works on any computer program but can take quite some time. these automatic approaches either group observed messages into clusters using various clustering analyses. See List of UML tools. Accordingly. and online learning. especially for someone not used to machine code. to recreate the source code in some high-level language for a program only available in machine code or bytecode. the automatic approaches trace the execution of protocol implementations and try to detect buffers in memory holding unencrpyted packets [17] . can be reverse-engineered automatically as well. the protocol state-machines can be learned either through a process of offline learning. In Microsoft Windows. Reverse engineering of protocols Protocols are sets of rules that describe message formats and how messages are exchanged (i. a process that tries. meaning the raw machine language of the program is read and understood in its own terms. low-level debuggers such as SoftICE are popular. with varying results. Decompilation using a decompiler. Typically. or emulate the protocol implementation tracing the message processing. Analysis through observation of information exchange. Other components of typical protocols. most prevalent in protocol reverse engineering. for accessing a computer bus or computer network connection and revealing the traffic data thereon. Sometimes. In general. Bus or network behaviour can then be analyzed to produce a stand-alone implementation that mimics that behaviour. Binary software techniques Reverse engineering of software can be accomplished by various methods. 2. like encryption and hash functions. which allows interactive generation of probing sequences of messages and listening to responses to those probing sequences.. but recent research proposed a number of automatic solutions [11] [12] [13] . The message formats have traditionally been reverse-engineered through a tedious manual process.[13] . which involves using bus analyzers and packet sniffers. Typically. An automatic offline approach has been demonstrated by Comparetti at al. There has been less work on reverse-engineering of state-machines of protocols. 3. while online learning can be done in polynomial time [15] . The three main groups of software reverse engineering are 1. which passively observes communication and attempts to build the most general state-machine accepting all observed sequnces of messages.[16] . only with the aid of machine-language mnemonics. 3 Source code A number of UML tools refer to the process of importing and analysing source code to generate UML diagrams as "reverse engineering". . Disassembly using a disassembler. message format and state-machine reverse-engineering. which involved analysis of how protocol implementations process messages. the problem of protocol reverse-engineering can be partitioned into two subproblems. for example. reverse engineering on embedded systems is greatly assisted by tools deliberately introduced by the manufacturer. the protocol state-machine).Reverse engineering Windows to run on a clean-room reverse-engineered GPL free software or open-source counterpart. and an online approach very recently by Cho et al. such as JTAG ports or other debugging means. offline learning of small state-machines is known to be NP-complete [14] .e. The Interactive Disassembler is a particularly popular tool. In general. This is especially useful for reverse engineering device drivers.

and courts have found such contractual prohibitions to override the copyright law. The Soviets. an item produced under one or more patents could also include other technology that is not patented and not disclosed. • China has reversed engineered many examples of Western and Russian hardware.) One common motivation of reverse engineers is to determine whether a competitor's product contains patent infringements or copyright infringements. in order to make their clone of the rocket. Legality In the United States even if an artifact or process is protected by trade secrets. the subsequent 1979 revolution ending all plans for such co-production. The major problem for the attacker is to bring everything into the right order to find out how everything works.[20] This attack is not very common because it requires a large investment in effort and special equipment that is generally only available to large chip manufacturers. see Bowers v.[22] [23] Article 6 of the 1991 EU Computer Programs Directive allows reverse engineering for the purposes of . The attacker grinds away layer by layer of the smart card and takes pictures with an electron microscope. and therefore. The reverse engineering of software in the US is generally illegal because most EULA prohibit it. • K-13/R-3S missile (NATO reporting name AA-2 Atoll). need a public disclosure of an invention. They reverse-engineered copies of those cans.[21] Patents. amazingly. patented items do not necessarily have to be reverse-engineered to be studied. on the other hand. Engineers employ sensors to detect and prevent this attack.[18] [19] In some cases. Reverse engineering for military applications Reverse engineering is often used by militaries in order to copy other nations' technologies. The cans were popularly known as "Jerry cans". Iran was later successful in reverse-engineering the missile and are currently producing their own copy: the Toophan. for example. (However. Engineers try to hide keys and operations by mixing up memory positions. decided to copy the B-29. it is even possible to attach a probe to measure voltages while the smart card is still operational. With this technique. from fighter aircraft to missiles and HMMWV cars. Well-known examples from WWII and later include • Jerry can: British and American forces noticed that the Germans had gasoline cans with an excellent design. the missile became lodged within the airframe. Baystate Technologies. who did not have a similar strategic bomber. which began the postwar Soviet rocket program that led to the R-7 and the beginning of the space race. reverse-engineering the artifact or process is often lawful as long as it is obtained legitimately. it is possible to reveal the complete hardware and software part of the smart card. the R-1. Within a few years. negotiations between Iran and Hughes Missile Systems on co-production of the TOW and Maverick missiles stalled over disagreements in the pricing structure. the payoff from this attack is low since other security techniques are often employed such as shadow accounts. the pilot returning to base with what Russian scientists would describe as a university course in missile development. a near-perfect copy. Furthermore. made possible after a Taiwanese AIM-9B hit a Chinese MiG-17 without exploding. a Soviet reverse-engineered copy of the AIM-9 Sidewinder.Reverse engineering 4 Reverse engineering of integrated circuits/smart cards Reverse engineering is an invasive and destructive form of analyzing a smart card. • V2 Rocket: Technical documents for the V2 and related technologies were captured by the Western Allies at the end of the war. • Tupolev Tu-4: Three American B-29 bombers on missions over Japan were forced to land in the USSR. working from captured hardware. busscrambling. It was often used during the Second World War and the Cold War. • BGM-71 TOW Missile: In May 1975. they had developed the Tu-4. devices or information that have been obtained by regular troops in the fields or by intelligence operations. Soviet and captured German engineers had to reproduce technical documents and plans.

Security Warrior (1st ed. IEEE Computer Society. "Reverse Engineering and Design Recovery: A Taxonomy". domagoj-babic. Kannan. Nelson. Software Reuse and Reverse Engineering in Practice. pp. Reverse Engineering of Geometric Models—An Introduction. O'Reilly. London.Reverse engineering interoperability. [13] P. Information and Computation. ODU CS 551 . Comparetti. doi:10. Complexity of automaton identification from given data. Retrieved 2009-05-07. M. 1996.Software Engineering Survey [3] Internet Engineering Task Force RFC 2828 Internet Security Glossary [4] http:/ / scrappingmetal. and D. England: Chapman & Hall. Kirda. Z.Y. J. [12] W. cs. Angluin. berkeley.2307/797533. J. 2009. Liang. M. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. R. Scotchmer. Song. M. H. Cyrus Peikari (January 2004).. H. org/ samba/ docs/ SambaIntro. Cui. R. Prospex: Protocol specification extraction. Proceedings of the 14th ACM conference on Computer and . php/ Pubs/ CCS10botnets). yalelawjournal. Discoverer: Automatic protocol reverse engineering from network traces. [6] Chikofsky. Peinado. "Reverse Engineering and Design Recovery: A Taxonomy in IEEE Software". and D. . com/ 2010/ 10/ reverse-engineering. H. Anton. Computer Aided Design 29 (4). [7] Warden. R. and E. Cho. html). Washington. Michael L. pages 391-402. but prohibits it for the purposes of creating a competing product.. 1978. Cross. [14] E. [17] Polyglot: automatic extraction of protocol message format using dynamic binary analysis (http:/ / bitblaze. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy. 283–305. pages 110-125. Yin. Wondracek.[24] [25] [26] 5 See also • • • • • • • • • • • • • • • • • • Antikythera mechanism Benchmarking Bus analyzer Chonda Clean room design Code morphing Connectix Virtual Game Station Decompiler Digital Millennium Copyright Act (DMCA) Forensic engineering Interactive Disassembler Knowledge Discovery Metamodel List of production topics Logic analyzer Paycheck (film) Value engineering Cryptanalysis Software archaeology References [1] Chikofsky. Irún-Briz. org/ the-yale-law-journal/ content-pages/ the-law-and-economics-of-reverse-engineering/ ). [9] See Samuelson. Oct 2008. and H. blogspot. Caballero. Shin. J. [15] D. pages 1-14. [16] C. Kruegel. 1997. Chen. [10] "Samba: An Introduction" (http:/ / www. 75(2):87-106. samba. Gold. and also prohibits the public release of information obtained though reverse engineering of software. Information and Control. R. [11] W.H. [2] A Survey of Reverse Engineering and Program Comprehension. E. C. edu/ papers/ polyglot_ccs07_av. Cross II (January 1990). J. Learning regular sets from queries and counterexamples. Wang. . IEEE Computer Society: 13–17. E. Inference and Analysis of Formal Models of Botnet Command and Control Protocols (http:/ / www. J. K. html [5] T. 2001-11-27. Suzanne (2002). Cui. 1987. 37(3):302-320. Martin. J. and L. pdf). 255-268. Song. II (1990).1109/52. IEEE Software 7 (1): 13–17.43044. April 19. doi:10. (1992). G. 2010 ACM Conference on Computer and Communications Security. "The Law and Economics of Reverse Engineering" (http:/ / www. J. In Proceedings of the 15th ACM Conference on Computer and Communications Security. Varady. Babic. ACM. Tupni: Automatic reverse engineering of input formats.J. J. [8] Chuvakin. D. Pamela. Yale Law Journal 111 (7): 1575–1663. com/ index. Cox.). Wang..

de/ its_seminar_ws0708. Seminar ITS-Security Ruhr-Universität Bochum. It works well with both complex java programs (that have multiple threads) and J2EE applications deployed on Application Servers. edu/ ogc/ intellectualproperty/ baystatevbowersdiscussion.reverse-engineering. jenkins. Musker: Protecting & Exploiting Intellectual Property in Electronics.net/) .reversingproject. This tool helps you to reverse engineer UML Sequence Diagram for your java program at runtime. do?uri=CELEX:31991L0250:EN:HTML [25] http:/ / books. IEEE 2007 Custom Integrated Circuits Conference (CICC). Electronic Design. "http:/ / www. Wolfgang Effing. utsystem. p.com/Articles/Index. Reverse Engineering . Fernandes.org/reverse_engineering. 317-329. • Cipresso. memagazine. IBC Conferences. htm [23] http:/ / www. ProQuest UML. Reversing: Secrets of Reverse Engineering. 2006). Smart Card Handbook (2004) [19] T. Eldad (2005). Dick (January 19.net/projects/javacalltracer/) A reverse engineering tool for Java. 595. Kiran J.info). 242. "Software Reverse Engineering Education" (http://www. Mike (2007). IEEE. eu/ LexUriServ/ LexUriServ. Inc. Retrieved 2009-02-03. com/ books?id=KJmNGglq0nwC& pg=PA321& lpg=PA321& dq=e+ European+ Software+ Directive+ reverse+ engineering& source=bl& ots=D-fjaWSI4Y& sig=47VJ-tdmg8abUjEjEtvYueC4WKU& hl=en& ei=SIGITJDxI8GLswa4kpScCg& sa=X& oi=book_result& ct=result& resnum=3& ved=0CBwQ6AEwAg#v=onepage& q=e%20European%20Software%20Directive%20reverse%20engineering& f=false [26] http:/ / www. google.ieee. html [22] http:/ / www. Penton Media. (2008). eu/ articles-general/ reverse-engineering. pp. org/ contents/ current/ features/ trade101/ trade101. europa. 10 June 1998 [21] http:/ / www.Reverse engineering communications security. com/ d/ developer-world/ contract-case-could-hurt-reverse-engineering-337 [24] http:/ / eur-lex. SJSU Master's Thesis. • CASE Tools for Reverse Code Engineering (http://case-tools.html) • The Reverse Code Engineering Community (http://community. • James.cfm?AD=1&ArticleID=11966). pp. crypto. ISBN 0764574817. pdf). Teodoro (2009). Springer. Retrieved 2009-08-22. • Thumm. "Talking Tactics" (http://ewh.An Industrial Perspective. External links • Java Call Trace to UML Sequence Diagram (https://sourceforge. rub. [18] Wolfgang Rankl. • Raja. "Reverse Engineering Delivers Product Knowledge. Wiley Publishing. infoworld. ISBN 978-1-84628-855-5. Inc. Welz: Smart cards as methods for payment (2008). asp#a9 6 Further reading • Eilam. Vinesh. Aids Technology Spread" (http://electronicdesign. Retrieved 2009-02-03. html" [20] David C.org/r5/denver/sscs/References/2007_09_Torrance.

Goldsmitharmy. ToOb. Easyas12c. Wik. Nixdorf. Blue520. Snoyes. Ldoogy. KTo288. DavidDouthitt. Grand Slam 7. Olivier. Coffin. Vicos. GABaker. Cbsenterprise. BessonovAU. Whitehatnetizen. MichaelBillington. JHeinonen. Mindmatrix.wikipedia. Stewartadcock. Mirror Vax. Sam Hocevar. Mathemajor. 0/ .237. J. PhilHibbs. Ratarsed. Axonizer. David. Defsac. OccamzRazor. Lankyvaulter. Pgr94. R!SC. Jaxl. Mircea. Delinka. Equilibrioception. Darklilac. Tabletop. Haikz. Andreas Kaufmann. Zaphodb777. Infophile. org/ licenses/ by-sa/ 3. Dev2266. Ixfd64. Henry97. Blogwould. Gravitophoton. Chiefcoolbreeze. Veinor. DiamFC. Erianna. Khalid hassani. Corridor1. Hiihammuk. Al. Jondel. Mormat. Andrewpmk. Sisterwoman. Wrs1864. AndyBQ. J04n.xxx. Claritas. Darklock. SchuminWeb. Ajheller. Jaqen. TastyPoutine. BilCat. Joshk. Smack. Tibti. Danny beaudoin. Wernher. Paquitotrek. SoftwareDeveloper. Jxw13. Seabhcan. Jusdafax.Article Sources and Contributors 7 Article Sources and Contributors Reverse engineering  Source: http://en. Mmlegrand. Commander Keane. Conversion script. Jon513. Gillwill2000. DLH. AndrewBuck.jose. Michael Hardy. DINGBAT. Wavelength. Harrym. Ksyrie.Gaya. Mausy5043. Liastnir. Miss Madeline. Gggjones. CesarB. Haakon. Neverquick. Helixblue. Baldhur. Wipe.php?oldid=392103000  Contributors: (. Lardo. Yrjö Kari-Koskinen. MastCell. Hendrib. Staceydl. Ivan2. Frap. Tijfo098. Wilt.0 Unported http:/ / creativecommons. Lquilter. Mschlindwein. Sprocketonline.Harris. CranialNerves. LittleDan. Mydogategodshat. Damian Yerrick. Lowellian. Chmod007. Jiang. Greenrd.31. Bryan Derksen. Anthony Appleyard. GamesSmash. A rambhia. Sietse Snel. Chick Bowen. Maurreen. Aludstartups. Hankwang. Lindsay658. Ultramandk. Splintercellguy. Blitzoace. Hintswen. Dmsar. Žiedas. Peterlewis. 3dscanguru. Axeltroike. Mipadi. Ian Pitchford. Docu. SMTRtyeb. Sukiari. KnightRider. ReverseEngineering. Jpbowen. Gmturner. Pelock. IWhisky. SimonMorgan. Furrykef. Grumpyyoungman01. Kateshortforbob.arodob. NawlinWiki. Rushyo. Wtshymanski. Unixguy. =Josh. Ohnoitsjamie. Hooperbloob. Mmernex. Fieldday-sunday. Wikidrone. Ali naqvi. Mike Van Emmerik. Creol. Eastlaw. Iitac auditor. Jschrempp. E Wing. Uli. 209. Cus07. Yug. Turnstep.Vutcovici. Stevertigo. El C. Cheech88. Piotrus. ShaneCRoach. Mo0. Radagast3. R'n'B. T-1000. Prashanthns. Tawker. Jclemens.org/w/index. Eurobas. Mintleaf. Theh1982. CALR. Mark Sublette. The Thing That Should Not Be.delanoy. Dandv. Bob Bolin. Bender235. FuelWagon. Rurik. Adashiel. Krelnik. Bill52270. Frecklefoot. Tubeyes. Kariteh. Rsocol. Mosheler. Smyth. Doug Bell. Ordinaterr. Walter. Yonkie. Matusz. Snowolf. Pastore Italy. WJetChao. Gökhan. 396 anonymous edits License Creative Commons Attribution-Share Alike 3. Ourai. Brunchies. Killingtime34. Wimfort. Ryangreenberg. NILESH RAUT. Pyabo. FvdP. Jacob. Zap Rowsdower. Frank101. Its-bo. The Anome. NERIC-Security.5. JaGa. ALoopingIcon. Alksentrs. Jayjg. Vin Kaleu.

Sign up to vote on this title
UsefulNot useful