Why RE is Relevant and Required

Personal Education

Observing a product allows anyone to learn from its characteristics.

• Why it behave that way,

• What it does,

• How it does something,

• Why something doesn’t happen.

One can complement engineering education by observing code/products made by others.

• Open-source software plays an important role here.

  • Because the source is available, it doesn’t mean that structure, components, etc… are readily available or understood.

• Actually… instead of learning from patterns, why not learn from its application as implemented by other professionals?

  • There are a lot of “hidden” subtleties due to the experience of their authors.

Work around limitations

Products are engineered to provide some value and turn a profit.

• Some value = value perceived by the buyers, about other products.

• Profit = max price for the minimal cost.

Products are frequently built to promote further revenue.

• Support contracts, build an ecosystem, and help sell other products.

• Closed in their interfaces and limited in their feature set.

Reverse engineering can be used to increase the feature set.

• After the product is made, and without cooperation from the manufacturer.

Make a product-compatible

A product is developed for a set of scenarios. What if we want it to operate in another, unexpected, environment?

RE allows obtaining relevant design/operation information.

• To modify the product to fit the new environment.

  • Some components may be reconstructed.

• To build adapters integrating the product.

In the corporate world, it’s standard to have products adapted to a specific use case.

• The process takes a long time and is expensive.

• RE may provide a simpler route.

• It is especially relevant if the manufacturer doesn’t provide that service.

  • Or doesn’t exist.

Make/DIY movements are keen on RE. They were driven by integrating and enhancement.

• Mostly for personal use.

• Community driven.

• Frequently without cooperation from manufacturers.

Learn from other’s products or products of other domains

Companies must determine the values/weaknesses of products in competing markets.

• What strategies/materials/methods/technology are used by competitors?

• Helps segment market and set prices.

• Helps acquire knowledge to develop new products.

Also: does a certain product violate a patent of ours?

• Includes patented designs.

RE can be used for that purpose:

• and can feed information to engineering.

• determine the need for judicial actions protecting Intellectual Property.

Finding the purpose of a certain code/binary blob or part

Engineers frequently assume that an engineered entity is known (They trust dependencies).

• That is… if you develop something, you know what it does.

• Also, assume (or wish) that documentation exists.

RE can recover a similar design from the implementation, independently of the documentation, or the original design.

Discovering flaws and faults

An implementation may deviate from the design.

An implementation may present flaws due to unseen aspects.

• Processes used.

• Technology used.

• Interaction with additional components.

• Manufacturing flaws.

• Knowledge and experience.

RE is used in the scope of software testing to validate systems.

• Symbolic execution and Fuzzy testing are ways of helping reverse engineering.

• Characterize if a given implementation reproduces the expected design.

• Identify additional modes.

Find and analyze malicious code

For Anti-Virus and Malware researchers, source code is not available.

• Or for offensive/red teams in black box scenarios.

Malware detection relies on reverse engineering to understand programs.

• RE allows the identification of patterns of malicious code.

• May rely on:

  • Interaction patterns,

  • Bytecode structure,

  • Communication with external hosts,

  • Binary structure,

  • Text contents.

Some RE is done in real-time to find unknown malware.

• Or at least to identify suspect code, triggering further inspection.