What is reverse engineering?
Reverse engineering is the process of taking a compiled binary and
attempting to recreate (or simply understand) the original way the
program works. A programmer initially writes a program, usually in a
high-level language such as C++ or Visual Basic (or God forbid, Delphi).
Because the computer does not inherently speak these languages, the
code that the programmer wrote is assembled into a more machine specific
format, one to which a computer does speak. This code is called,
originally enough, machine language. This code is not very human
friendly, and often times requires a great deal of brain power to
figure out exactly what the programmer had in mind.
What is reverse engineering used for?
Reverse engineering can be applied to many areas of computer science, but here are a couple of generic categories;
- Making it possible to interface to legacy code (where you do not have the original code source).
- Breaking copy protection (ie. Impress your friends and save some $$).
- Studying virii and malware.
- Evaluating software quality and robustness.
- Adding functionality to existing software.
The first category is reverse engineering code to interface with
existing binaries when the source code is not available. I will not be
discussing this much, as it is boring.
The second category (and the biggest) is breaking copy protection.
This means disabling time trials, defeating registration, and basically
everything else to get commercial software for free. This we will be
discussing at great length.
The third category is studying virus and malware code. Reverse
engineering is required because not a lot of virus coders out there
don’t send instructions on how they wrote the code, what it is supposed
to accomplish, and how it will accomplish this (unless they are really
dumb). This is a pretty exciting field, but requires a great deal of
knowledge. We will not discuss this much until later on.
The fourth category is evaluating software security and
vulnerabilities. When creating large (think Windows Operating Systems),
reverse engineering is used to make sure that the system does not
contain any major vulnerabilities, security flaws, and frankly, to make
it as hard as possible to allow crackers to crack the software.
The final category is adding functionality to existing software.
Personally, I think this is one of the most fun. Don’t like the graphics
used in your web design software? Change them. Want to add a menu item
to encrypt your documents in your favorite word processor? Add it. Want
to annoy your co-workers to no end by adding derogatory message boxes to
Windows calculator? Let’s do it. This we will be getting into later in
the series.
What knowledge is required?
As you can probably guess, a great deal of knowledge is necessary to
be an effective reverse engineer. Fortunately, a great deal of knowledge
is not necessary to ‘begin’ reverse engineering, and that’s where I
hope to come in. That being said, to have fun with reversing and to get
something out of these tutorials you should at least have a basic
understanding of how program flow works (for example, you should know
what a basic if…then statement does, what an array is, and have at least
seen a hello world program). Secondly, becoming familiar with Assembly
Language is highly suggested; You can get thru the tutorials without it,
but at some point you will want to become a guru at ASM to really know
what you are doing. In addition, a lot of your time will be devoted to
learning how to use tools. These tools are invaluable to a reverse
engineer, but also require learning each tool’s shortcuts, flaws and
idiosyncrasies. Finally, reverse engineering requires a significant
amount of experimentation; playing with different
packers/protectors/encryption schemes, learning about programs
originally written in different programming languages (even Delphi),
deciphering anti-reverse engineering tricks…the list goes on and on. At
the end of this tutorial I have added a ‘further reading’ section with
some suggested sources. If you really want to get good at reversing, I
highly suggest you do some further reading.
