Software Reverse Engineering: Techniques, Tools, and Challenges, Slides of Computer Science

An overview of software reverse engineering (sre), including its uses, necessary skills, tools, and challenges. Sre can be used for understanding malware, legacy code, or for malicious purposes such as removing usage restrictions or exploiting software flaws. Disassemblers, debuggers, anti-disassembly techniques, tamper-resistance, and code obfuscation.

Typology: Slides

2012/2013

Uploaded on 01/02/2013

sanjev
sanjev 🇮🇳

4.5

(13)

93 documents

1 / 107

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Computer Science:
Software Reverse Engineering
Docsity
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Software Reverse Engineering: Techniques, Tools, and Challenges and more Slides Computer Science in PDF only on Docsity!

Computer Science:

Software Reverse Engineering

Software Reverse Engineering

(SRE)

SRE

  • We assume that
    • Reverse engineer is an attacker
    • Attacker only has exe (no source code)
  • Attacker might want to
    • Understand the software
    • Modify the software
  • SRE usually focused on Windows
  • So we’ll focus on Windows

SRE Tools

  • Disassembler
    • Converts exe to assembly  as best it can
    • Cannot always disassemble correctly
    • In general, it is not possible to assemble disassembly into working exe
  • Debugger
    • Must step thru code to completely understand it
    • Labor intensive  lack of automated tools
  • Hex Editor
    • To patch (make changes to) exe file
  • Regmon, Filemon, VMware, etc.

Why is a Debugger Needed?

  • Disassembler gives static results
    • Good overview of program logic
    • But need to “mentally execute” program
    • Difficult to jump to specific place in the code
  • Debugger is dynamic
    • Can set break points
    • Can treat complex code as “black box”
    • Not all code disassembles correctly
  • Disassembler and debugger both required for any serious SRE task

SRE Necessary Skills

  • Working knowledge of target assembly code
  • Experience with the tools
    • IDA Pro  sophisticated and complex
    • SoftICE  large two-volume users manual
  • Knowledge of Windows Portable Executable (PE) file format
  • Boundless patience and optimism
  • SRE is tedious and labor-intensive process!

SRE Example

  • Program requires serial number
  • But Trudy doesn’t know the serial number!

Can Trudy find the serial number?

SRE Example

• IDA Pro disassembly

Looks like serial number is S123N

SRE Example

• Again, IDA Pro disassembly

And hex view…

SRE Example

test eax,eax gives AND of eax with itself

  • Result is 0 only if eax is 0
  • If test returns 0, then jz is true

Trudy wants jz to always be true!

Can Trudy patch exe so that jz always true?

SRE Example

• Edit serial.exe with hex editor

serial.exe

serialPatch.exe

Save as serialPatch.exe

SRE Example

• Any “serial number” now works!

• Very convenient for Trudy!

SRE Attack Mitigation

  • Impossible to prevent SRE on open system
  • But can make such attacks more difficult
  • Anti-disassembly techniques
    • To confuse static view of code
  • Anti-debugging techniques
    • To confuse dynamic view of code
  • Tamper-resistance
    • Code checks itself to detect tampering
  • Code obfuscation
    • Make code more difficult to understand

Anti-disassembly

  • Anti-disassembly methods include
    • Encrypted object code
    • False disassembly
    • Self-modifying code
    • Many others
  • Encryption prevents disassembly
    • But still need code to decrypt the code!
    • Same problem as with polymorphic viruses