I. overview of reversing A. definition ------------------------------------------ WHAT IS REVERSING? def: *reverse engineering* is the process of ------------------------------------------ How does reverse engineering differ from scientific discovery? B. goals ------------------------------------------ GOALS Why do reverse engineering? - increase understanding - porting code to new platforms - interoperability - discovering flaws and faults - see what other software is used - malware detection and understanding Especially for unknown malware that: - makes basic dynamic analysis hard - fights back ------------------------------------------ How could reversing help with porting code? How could reversing help with interoperability? Why would malware want to make analysis difficult? C. techniques ------------------------------------------ TECHNIQUES Static and dynamic analysis Static analysis: - given binary executable, recover assembly language listing, understand its functionality Dynamic analysis: - often an aid to static analysis, e.g., - using debugging techniques e.g., ------------------------------------------ 1. process ------------------------------------------ OVERALL PROCESS Large-scale observations (systems level) - determine Code-level reversing - understand ------------------------------------------ How do we do large-scale observations? 2. tools ------------------------------------------ TOOLS FOR REVERSING system monitoring tools disassemblers, which debuggers, which decompilers, which ------------------------------------------ Does a disassembler lose information? When do disassemblers work well? D. applications ------------------------------------------ APPLICATIONS OF REVERSE ENGINEERING - Developing competing products - encryption research and evaluation - verification of implementation details - understanding malicious software - finding secret - understanding - defeating - OS defenses - copy protection, DRM - auditing binaries - for security problems - for quality and robustness - interoperability - for data and network protocols ------------------------------------------ E. legal issues ------------------------------------------ IS REVERSING LEGAL? It depends Good/ethical uses: - for interoperability - to gather information (not code) - encryption research - security testing/evaluation - for protection of privacy Bad/unethical uses: - copying of code (copyright violations) - defeating copyright protection systems (DMCA) Watch out for license agreements! ------------------------------------------