Everything You Should Know About Reverse Engineering

Reverse Engineering (also known as reverse technology) is a reproduction process of product design technology, that is, reverse analysis and Research on a target product, so as to deduce and obtain the design elements such as the processing flow, organizational structure, functional characteristics and technical specifications of the product, so as to produce products with similar functions but not exactly the same. Reverse engineering originates from hardware analysis in commercial and military fields. Its main purpose is to deduce the design principle of the product directly from the analysis of the finished product when the necessary production information cannot be easily obtained.

 

Everything You Should Know About Reverse Engineering

Reverse engineering may be mistaken for serious infringement of intellectual property rights, but in practical application, it may protect the owners of intellectual property rights. For example, in the field of integrated circuits, if a company is suspected of infringing intellectual property rights, reverse engineering technology can be used to find evidence.

 

Generating motivation

The reasons for reverse engineering are as follows:

Interface design. Due to interoperability, reverse engineering is used to find cooperation protocols between systems.

1.Military or commercial secrets. Steal the latest research or product prototype of the enemy or competitor.

2.Improve documentation. When the original documents are insufficient, and when the system is updated and the original designer is not available, reverse engineering is used to obtain the required data to supplement or understand the latest state of the system.

3.Software upgrade or update. Due to changes in functional, compliance, security and other requirements, reverse engineering is used to understand existing or legacy software systems to evaluate the work required to update or migrate the system.

4.Make unlicensed / unauthorized copies.

5.Academic purpose.

6.Remove replication protection and disguised login permissions.

7.Document loss: when reverse engineering is adopted, the document of a special equipment has been lost (or not at all), and the person in charge of the project cannot be found. The complete system often needs to be redesigned based on the old system, which means that the only way to integrate the original functions for the project is to use the method of reverse engineering to analyze the existing fragments for redesign.

8.Product analysis: used to investigate the operation mode of the product, component composition, estimate the budget, and identify potential infringement.

 

Reverse engineering

Reverse Engineering (also known as reverse engineering re) is a description of the product design process. At the beginning of 2007, China’s relevant laws corrected the name of reverse engineering and recognized the legitimacy of reverse technology for learning and research.

 

In the general concept of engineers and technicians, the product design process is a process from design to product, that is, designers first conceive the shape, performance and approximate technical parameters of the product in their brain, then complete various data models in the detailed design stage, and finally transfer this model to the R & D process to complete the whole design and R & D cycle of the product. Such a product design process is called “forward design” process. Reverse engineering product design can be regarded as a process from product to design. In short, reverse engineering product design is the process of reversely pushing out product design data (including all kinds of design drawings or data models) according to existing products. In this sense, reverse engineering has been applied in industrial design for a long time. For example, the hull lofting design commonly used in the early shipbuilding industry is a good example of reverse engineering.

 

With the wide application of computer technology in various fields, especially the rapid development of software development technology, based on a certain software, inferring its data structure, architecture and program design information by disassembling and reading the source code has become the main object of software reverse engineering technology. The purpose of software reverse technology is to study and learn advanced technology, especially when you don’t have appropriate documents and you need to realize the function of a software. Because of this, many software require users to agree not to reverse research before software installation in order to monopolize technology. The implementation process of reverse engineering is a collaborative process of multiple fields and disciplines.

 

Method implementation

There are many implementation methods of software reverse engineering, mainly including three:

1. Analyze the observations obtained through information exchange. Most commonly used in protocol reverse engineering, involving the use of bus analyzers and packet sniffers. After accessing the connection of computer bus or network and successfully intercepting the communication data, the bus or network behavior can be analyzed to create a communication implementation with the same behavior. This method is especially suitable for reverse engineering of device driver. Sometimes, tools specially made by hardware manufacturers, such as JTAG port or various debugging tools, also contribute to the reverse engineering of embedded systems. For Microsoft’s windows system, the popular underlying debugger is softice.

2. Disassembly, that is to use the disassembler to translate the original machine code of the program into assembly code that is easier to read and understand. This applies to any computer program and is particularly useful for people who are not familiar with machine codes. Popular related tools are ollydebug and IDA.

3. Decompilation, that is, using decompiler, try to reproduce the source code in high-level language form from the machine code or bytecode of the program.

 

Reverse engineering can be divided into four steps:

1.Smashing the shell (strengthening and cracking), dump, hook and re signing.

2.Smashing IOS app will be encrypted by Apple once the app store is uploaded, so the installation packages we downloaded are encrypted. If we want to dump, we need to decrypt it once, that is, smashing the shell. (Android reinforcement is the same)

3.Dump uses tools to translate the cracked executable file into assembly language or high-level language.

4.Hook injects the code into the original executable file through dynamic library or other methods, and modifies the context to meet the target requirements.

5.Re sign repackages and signs the modified file