Reverse Engineering : it's not all its cracked up to be

A lot of people are still bewildered by Reverse Engineering. A lot of people are still wondering what it is and how on earth they can learn to do it. This post---hopefully---will break the mysticism around Reverse Engineering.
 before I can get into it I need to answer this question:

What is Reverse Engineering? 

Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.[1] It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original. ---- Wikipedia
  What I'm going to talk about in this post is Reverse Engineering software.



Essentially I'm going to try to answer this question


How do I Reverse Engineer Software? 

know thy enemy... 
Whether or not you are capable of doing this, depends on how you answer this
question, can you write software?


If you're trying to reverse engineer some login software, you first need to make sure you can write software that performs the same task. Some people who are experienced in reverse engineering may disagree with this point of view. But essentially before you can reverse engineer something you need to have---even if very conceptually---an understanding of that somethings structure and overall operation. Undoubtedly the fastest and easiest way to gain an intimate understanding of a piece of software is to write that piece of software! 


If you're like me and you're into Reverse Engineering specifically to discover vulnerabilities then writing your own "version" of the software will lead to one
of two situations:
  1. You write this software in a way that makes it vulnerable. If this happens, don't panic, chances are there are millions of people that would have made the same mistakes as you did, there's even a slight chance that these very people wrote the software you are trying to reverse!
  2. You write an implementation that is not vulnerable. Now when this happens you need to check out how your implementation differs from your targets'. Chances are---and this is a very big chance---that the discrepancies are in fact vulnerabilities!
 Why is this such an effective method? Well, the fundamental skill any reverse engineer must have is to be able to identify the assumptions, you must be able
to see the what the developer assumed when he/she was writing the software. ALL software operates under assumptions to accomplish the tasks they are designed to do---it will be this way until we can write software that is truly intelligent---. Vulnerabilities in software are simply incorrect assumptions.


There are many ways to identify these incorrect assumptions---fuzzing software is essentially the stupidest way to do this---. Either an assumptions will be incorrect straight off the bat. Or there will be cases
during the operation of the software when the assumptions will fail, because all assumptions exist within a scope---just like variables code--- no assumption is ALWAYS true. You have found a vulnerability when you have found a case---within the operation of the software---that makes the assumption untrue.


That all there really is to it. Reading code, identifying assumptions and finding ways to break those assumptions. 


InfoSec-ers will probably use words like "Black box" Reverse engineering. This is essentially reverse engineering when you have no means of initially knowing the
code you are attacking. How do you deal with this problem? Well mathematicians deal with this kind of problem all the time, and they get around it by using the magic of approximation. How do we approximate code? We write our own code that does the same thing!


And hay if you don't want to write the code your self at least draw up a lil mental map of how you implement it. It won't be as effective but it will help.


Cheerz
k3170

Popular posts from this blog

The Science of Google Dorking