What is Reverse Engineering?
It is human nature to be curious about the world and how things work and then how to manipulate them. Imagine a growing baby. “What’s this thing attached to my body? Oh, an arm! I can move it! Hey, that shiny object sure looks interesting. Maybe I can use this arm thing to get it closer. There we go, now to just pick it up and taste it…”
As we grow older, we look for other ways to learn about the world. We learn that one of the best ways to figure out how something works is to take it apart. If you have successfully taken an item apart, you literally know it inside and out. This is reverse engineering.
How does it work?
If you understand how it works, you are aware of its vulnerabilities. This can be either a positive or negative depending on your purpose. You can use reverse engineering to audit and find weaknesses in a system that you can either then fix or, if you are a hacker or the system is malware, take advantage of.
There are a couple of different ways that software can be reverse engineered. Static analysis evaluates the program without ever running it. The code itself is evaluated to determine how data and functions are handled and executed. Dynamic analysis actually runs the program, most often in a controlled environment. This type of analysis takes a look at how the program reacts to input.
The size of your project will help determine if you will use system level reversing or code level reversing. When looking at a full system or program, often system level reversing techniques will be used. These give an overview of how the operating system works. Code level reversing is more granular. This happens when only a section of code is needing to be engineered.
How is it used?
One example is malware that’s designed to be updated remotely, like a virus that infects computers and can then receive commands or updates from the internet. If a security researcher can use various techniques (decompilation, network sniffing, and others — we’ll go into more detail on those in future security blogs) to discover how the virus is receiving new commands, it may be possible to either shut down that root source of updates, or even find a command that could remove the infection entirely. The Fizzer Bot in the early 2000s was one such virus.
ReactOS is a group attempting to recreate a Windows-compatible operating system purely through reverse engineering. By looking at how programs run, what errors the programs throw when requirements are missing, and other reverse engineering techniques, they’ve worked to create an operating system that will allow many Windows applications to run on it.
Pokemon Go’s popularity made it a prime target for hackers. In Pokemon Go, users find and catch indigenous creatures that can then be leveled up or used to capture landmarks. Pokevision was created from reverse engineering to show nearby Pokemon – from any location (a capability not normally included in the game). It would emulate a player physically being at those locations, and send the same network calls to Niantic (the creators of Pokemon Go) that a player would make if they were actually there. Niantic asked them to shut down, and they did. Before that, they were getting about 11 million hits per day. To stop the current group of reverse engineered applications, Niantic had to change their APIs on the server, and issue updates to their official applications, so that the applications would use new services that hadn’t been reverse engineered yet.
So where can you find an environment to vigorously attack your software in order to find security holes? CyberCENTS offers a platform just for this. It can even include clients and servers that operate within a virtual internet. CyberCENTS also offers training to combat against attacks.