Reverse Engineering: Protecting and Breaking the Software
Download as PPTX, PDF1 like141 views
The document discusses reverse engineering in the context of software, outlining its fundamentals, principles, common practices, and tools. It covers the motivations behind reverse engineering, such as bug fixing and learning, and emphasizes the competition between developers and reverse engineers. The presentation warns against illegal activities and is intended solely for educational purposes.
Reverse Engineering: Protecting and Breaking the Software
- 1. Reverse Engineering Protecting and Breaking the Software Satria Ady Pradana https://xathrya.id Reversing.ID Revealing the Truth through Breaking Things
- 2. # Whoami? Cyber Security Consultant at Mitra Integrasi Informatika (MII) Researcher at dracOs Dev Team Coordinator of Reversing.ID Member of Indonesia Honeynet Project
- 3. Disclaimer This presentation is intended for educational purposes only. Reverse engineering of copyrighted material is illegal an might cause you a direct or indirect consequence. We have no responsibility of anything you do after learning this.
- 4. Today’s Adventure Fundamental of Reverse Engineering Basic Principle Tools Common Practice Common Protection
- 5. Revealing the Reversing What, Why, and How?
- 6. The Term Originally used in the context of mechanical engineering Breaks down an existing object or system to its construction and then rebuild it based on new demand. Extracting knowledge or design information from anything man- mad and reproducing it or reproduce anything based on the extracted information.
- 7. What it Means? Take things apart to figure out how it works Solving puzzle Constantly learn new things Thinking out of the box
- 8. Motivation Interfacing Improve documentation shortcomings Bug Fixing Creation of unlicensed duplicates Repurposing Finding security bugs For fun!
- 9. The Yin Yang Reverse engineer and developer compete each other. Developer want to protect their intellectual property Reverse engineer want to break the protection. Who will win?
- 10. Too Broad Software Hardware Radio Frequency Protocol Limit ourselves to reverse engineering for code and data.
- 11. Success Story
- 13. Fundamental Principle Comprehension Gain knowledge of basic principle or mechanics of object, the behavior, and knowledge that might related to subject. Decomposition Breaking down the system into its structure and gain insight about inherent structure and properties of the component that make the system. Reconstruction Reform or reconstruct the components based on need.
- 14. Common Practice Some popular and commonly used practice or operation
- 15. Resource Modification (Modding) Control Flow Bypass Code Caving
- 16. Resource Modification (Modding) Modify the resource of application Icon Menu Layout Sprite
- 17. Control Flow Bypass Alter program flow Force program to takes (or leaves) intended action. Jump over the protection mechanism
- 18. Code Caving Writing code to specific region of application (or process’ memory) Fast and easy No need for source In conjunction of Function Trampoline.
- 19. Basic Knowledge
- 20. The Language Depend on the target of reversing. Each programming languages might have unique trait or characteristic. Channel in Go Two classes of programming language: native, interpreted.
- 21. Assembly Primitive of Processors operations Complex operation is decomposed to various instructions Constrained by processors’ architecture
- 22. The Executable Format Application has a format. Identify by magic number. Structured and has some sections for data, code, resource, etc. Function might be provided by foreign module (ex: DLL), list of imported function is maintained.
- 25. Design Pattern Software is divided into conceptual module and working together. Repeatable solution to a commonly occurring problem in a software design.
- 26. Common Code Base Library Framework
- 27. Common Tools Breaking the system to fine-grain components
- 28. Hex Editor Disassembler Debugger Resource Editor
- 29. Hex Editor Display the content of file as collection of hex formatted-data and modify part of them. Find pattern and occurrence.
- 31. Disassembler Transform stream of hex bytes to its assembly representation. Resolve data and resource, referred by the code.
- 33. Debugger Test or debug other (target) program Examine program condition at runtime. Modify code or data section. Modify CPU state Alter control flow
- 35. Comprehension Gaining the knowledge related to the target
- 36. Approach of Learning the Subject Background checking What programming language What packer used What library might be used Static Analysis Dynamic Analysis
- 37. Decomposition Breaking the structure of system to its fine-grained components
- 38. Get the global view of program flows Graph Grouping
- 39. Reconstruction Creating the system based on the extracted knowledge
- 40. anything
- 42. Obfuscation Self debug Section Corruption Packer Encryption Virtual Machine
- 43. Advance Stuffs
- 44. Dynamic Binary Instrumentation Symbolic Execution
- 45. References http://www.openrce.org/articles/ http://vxheaven.org/ https://www.reddit.com/r/reverseengineering