Software Reversing

System Level Reversing

Observe how the software is provided and how it operates.

Involves analyzing the environment, packaging, and dependencies, and then observing behaviour.
May require tools to intercept traffic, system calls, and input/output.

End goal: collect information to direct further analysis.

Important to select tools, processes, and overall strategy.
- Language use, packaging algorithms, encryption
Important to characterize behaviour and identify external dependencies.
- Remote servers involved, files accessed, communication channels used.

Extract design concepts and algorithms from binaries.

It’s a complex, architecture-dependent process.

Some say “an art form”.
Expensive enough that competitive RE is not usually pursued.
- To fully reverse and reassemble a given competing software (except in some cases).

Makes use of tools capable of representing the low-level language in something “human compatible”.

Compiler optimization and obfuscation make this process uncertain.
Perfect reconstruction is frequently impossible as low-level languages do not use the same constructs as higher-level ones.

Understanding the processes.

Understanding the Data.

Understanding Interfaces.

Programs are developed in a high-level programming language.

A compiler converts the high-level instructions to low-level instructions.

Reverse Engineering involves understanding low-level instructions.

Which is not easy and is costly.
Requires knowledge of the specific target being analyzed (the VM, the CPU).
- Different CPUs have different opcodes and execution behaviour.

Last updated 7 months ago