Implementing Reverse Engineering
eBook - ePub

Implementing Reverse Engineering

The Real Practice of X86 Internals, Code Calling Conventions, Ransomware Decryption, Application Cracking, Assembly Language, and Proven Cybersecurity Open Source Tools

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Implementing Reverse Engineering

The Real Practice of X86 Internals, Code Calling Conventions, Ransomware Decryption, Application Cracking, Assembly Language, and Proven Cybersecurity Open Source Tools

About this book

More practical less theory

Key Features
? In-depth practical demonstration with multiple examples of reverse engineering concepts.
? Provides a step-by-step approach to reverse engineering, including assembly instructions.
? Helps security researchers to crack application code and logic using reverse engineering open source tools.
? Reverse engineering strategies for simple-to-complex applications like Wannacry ransomware and Windows calculator.

Description
The book 'Implementing Reverse Engineering' begins with a step-by-step explanation of the fundamentals of reverse engineering. You will learn how to use reverse engineering to find bugs and hacks in real-world applications. This book is divided into three sections. The first section is an exploration of the reverse engineering process. The second section explains reverse engineering of applications, and the third section is a collection of real-world use-cases with solutions.The first section introduces the basic concepts of a computing system and the data building blocks of the computing system. This section also includes open-source tools such as CFF Explorer, Ghidra, Cutter, and x32dbg. The second section goes over various reverse engineering practicals on various applications to give users hands-on experience. In the third section, reverse engineering of Wannacry ransomware, a well-known Windows application, and various exercises are demonstrated step by step. What you will learn
? Understand different code calling conventions like CDECL, STDCALL, and FASTCALL with practical illustrations.
? Analyze and break WannaCry ransomware using Ghidra.
? Using Cutter, reconstruct application logic from the assembly code.
? Hack the Windows calculator to modify its behavior.

Who this book is for
This book is for cybersecurity researchers, bug bounty hunters, software developers, software testers, and software quality assurance experts who want to perform reverse engineering for advanced security from attacks. Interested readers can also be from high schools or universities (with a Computer Science background). Basic programming knowledge is helpful but not required.

Table of Contents
1. Impact of Reverse Engineering
2. Understanding Architecture of x86 machines
3. Up and Running with Reverse Engineering tools
4. Walkthrough on Assembly Instructions
5. Types of Code Calling Conventions
6. Reverse Engineering Pattern of Basic Code
7. Reverse Engineering Pattern of the printf() Program
8. Reverse Engineering Pattern of the Pointer Program
9. Reverse Engineering Pattern of the Decision Control Structure
10. Reverse Engineering Pattern of the Loop Control Structure
11. Array Code Pattern in Reverse Engineering
12. Structure Code Pattern in Reverse Engineering
13. Scanf Program Pattern in Reverse Engineering
14. strcpy Program Pattern in Reverse Engineering
15. Simple Interest Code Pattern in Reverse Engineering
16. Breaking Wannacry Ransomware with Reverse Engineering
17. Generate Pseudo Code from the Binary File
18. Fun with Windows Calculator Using Reverse Engineering

About the Authors
Jitender Narula is an experienced Cyber Security Specialist currently associated with the International Institute of Cyber Security (www.iicybersecurity.com) having 18+ years of industry experience. He has many years of cybersecurity experience with the government and the corporate world. In India, he has worked for law enforcement agencies (LEA), government entities like Delhi Police, ICAI (Institute of Chartered Accountants of India), Delhi University, and private organizations. LinkedIn Profile: https://in.linkedin.com/in/jitender-narula-7146123
Blog Link: https://www.securitynewspaper.com/2020/04/24/employee-data-leaked-apple-google-microsoftlinkedin-intel-cisco-verizon-oracle-hp-nvidia-affected/

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Implementing Reverse Engineering by Jitender Narula in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.

CHAPTER 1

Impact of Reverse Engineering

Before we start on the implementation of reverse engineering, it will be interesting to understand what reverse engineering really is, how it came into existence, and how it is beneficial in the modern era. Reverse engineering, as the name suggests, is a combination of two words: Reverse and Engineering. Engineering is the science of designing and building something beneficial for the human race. Engineering has provided us with both advantages and disadvantages. Engineering equipped us with the knowledge and means to build essential things for the human race, including roads, buildings, bridges, cars, airplanes, software, and more. However, gradually, we also started using engineering to produce weapons of mass destruction like missiles, malware, and other deadly products harmful for humans and nature itself. When anything is engineered, it goes through many phases of design, development, and testing. With reverse engineering, things have really changed.
The concept behind reverse engineering is to break something to understand its internal architecture to build a copy or for the purpose of improvement or modification. In this chapter, we will talk about some real-life examples to understand the importance of reverse engineering and how it is changing the way the software industry works.

Structure

In this chapter, we will cover the following topics:
  • Introduction to Reverse Engineering
  • Importance of Reverse Engineering
  • The Role of Reverse Engineering

Objective

After studying this chapter, you should be able to understand the importance of reverse engineering and its impact on the software industry. We will also talk about the opportunities associated with reverse engineering and how malware writers are using it to exploit the software systems of big companies.

Introduction to Reverse Engineering

In software terms, Reverse Engineering (RE) is the art of understanding any program code when no source code is available. All of this started in the late 1980s when the Disk Operating System (DOS) was in use. Most of us were not born at that time or might be in our childhood time. During that time, people used to play DOS-based video games. Most of the games were player-based video games, where the game player had a lifeline and is equipped with the weapons. This is where some group of computer geeks followed reverse engineering techniques to increase the lifeline of the game player and change the number of weapons a player could use. This was done by simply modifying the values at the memory location where the lifeline and the number of weapons of a player were stored. This might sound like cheating, but in reality, it was a way to breach the security of the video game.
To understand the importance of reverse engineering in the present times, we will take an example. Imagine that three people named Jitender, Shilpi, and Atul are working for a research and development organization, the International Institute of Cyber Security, having offices in India, Mexico, and the US. These three employees are working from three different geographical locations.
Figure 1.1: An example of reverse engineering
They are all working on some research and development project and so they share their research findings over the internet. They use some secure software to share the data among themselves. As the data is very critical for the organization, the security of the software used to share this data should also be very secure. Now, this software can be open-source software or closed-source software. If the software they are using is open-source, then they can check the security of the software using code review. But what if the software is closed-source? They will not have an access to the source code of the software.
In this case, reverse engineering plays a big role in checking the security of closed-source software. With the help of reverse engineering, software security can be evaluated even if you do not have the source code available. It will also help in finding vulnerabilities in the software or application if any.
The process of reverse engineering was initially applied to computer applications and hardware but now, reverse engineering is applied everywhere, from software and machinery to even human DNA. Reverse engineering is important especially when you have closed-source software or software with malicious content.
Let us study another famous example of reverse engineering. A company named Phoenix Technologies, based out in San Jose, wanted to develop a BIOS compatible with IBM PCs. Rather than developing a self-designed BIOS, they took the IBM proprietary BIOS, reverse engineered it using the "clean room" or "Chinese wall" approach. Under this approach, they took two teams of engineers. The first team reverse engineered the IBM proprietary BIOS to recreate the design of the IBM proprietary BIOS. Everything was documented by the first team of engineers for the second team to work on. Once this design was recreated, the second team followed the documentation of the design specifications along with the functional requirements created by the first team to code the BIOS compatible with IBM PCs. The second team was totally ignorant about the reverse engineering work of the first team. The final product developed by Phoenix Technologies was sold to other PC manufacturers. The product developed by Phoenix Technologies was operationally identical but with no copyright infringement.
Moreover, other companies like Advanced Micro Devices also reverse engineered Intel corporation microprocessors to make less expensive chips. Reverse engineering is not only used for unethical purposes but also ethical purposes. One among them is malware analysis. As malware’s are closed-source binaries, reverse engineering helps malware researchers decode malware functionality to break them.
To understand the real importance of reverse engineering, let’s talk about a famous ransomware known as Wannacry ransomware. Ransomwares are the kind of malwares that, when installed in a victim’s computer, encrypts the victim’s files and demands a ransom to decrypt those files. If the victim does not pay the ransom within time, the victim’s computer data may be deleted or the data may be left encrypted forever or there are chances that this data might be sold in the black market. Wannacry targeted Windows users by encrypting their data and then demanded a ransom to decrypt the data. To escape the law enforcement agencies, the ransom demanded in Bitcoin cryptocurrency. Bitcoin is a digital currency that is also known as cryptocurrency. It allows people to send and receive money on the internet without having to disclose the real identity of the sender or the receiver. With the efforts of a reverse engineer, Wannacry ransomware was made ineffective. We will study this in detail in Chapter 16, Breaking Wannacry Ransomware With Reverse Engineering.

Importance of Reverse Engineering

Studying an existing design

Before designing anything, it is always a good approach to study the existing products available in the market. A good understanding of what a product does and how it works is important for new insights, but identifying where it can be improved can lead to several advantages.

Redeveloping an outdated or lost product

Every product in the market today is the outcome of hard work in terms of time and money. Imagine a situation where a company’s product is in great demand in the market, but due to some unforeseen situation, the product is not getting any upgrades with time. This can be due to some internal reasons or the company that developed the product is no more in the market. With reverse engineering, such outdated products can be studied to recreate updated products.

Security auditing

Reverse engineering sometimes is a part of the security audit done for organizations. This is to check the security of software and the applications used within these organizations. It helps in finding unknown vulnerabilities running inside the organizations.

Finding sensitive data

Sensitive data encoded or encrypted in the software code can be extracted with the help of reverse engineering. This is done to validate the security posture of the software.

Military espionage

This is done to learn the strength of the opponent or enemy by capturing the high-level prototype of devices obtained by troops in the field and dismantling it to develop something new.

Finding product vulnerabilities

For the well-being and safety of the customers using a given product, reverse engineering is used to find defects or vulnerabilities in such a product. Every organization spends a substantial amount of time and money on efforts to find bugs or vulnerabilities in their products. But as it is well known, "nothing is secure". During the design, development, and testing, some bugs don’t get caught. This is where reverse engineering plays a vital role in aiding security researchers to uncover the issues that couldn’t be detected earlier.

Bounty for cyber enthusiasts

Earlier, product-based companies had an internal quality assurance team for security testing as well as functional testing for their products. But with time, everything changes. Cybersecurity requirements in the market changed drastically with an increase in cybersecurity attacks. Companies started offering security researchers a bounty to find vulnerabilities in their products. This helped both the security researchers in terms of money and the product companies in fixing uncaught bugs.

The Role of Reverse Engineering

Computer programs written in C/C++ are human-readable. When these programs are compiled using a compiler, an object file is created which is further passed through a linker to get a binary file or an executable file or, we can say, the ones and zeros of the machine language.
Figure 1.2: The role of reverse engineering
The ones and zeros are not human-readable. To convert the machine code back to a human-readable format, a tool called the decompiler is used. The role of a decompiler is to convert binary code into a human readable format and regenerate the code out of it. We will talk about such tools in Chapter 3, Up and Running with Reverse Engineering Tools

Conclusion

In this chapter, we learned how reverse engineering all began and how it is playing a big role in today’s era. We also studied the importance of reverse engineering and its impact on the software industry. We discussed opportunities associated with reverse engineering and how malware writers are using it to exploit the software of big companies. In the next chapter, we will study the internals of a computing system in terms of reverse engineering.

CHAPTER 2

Understanding Architecture of x86 Machines

In the future, every device or machine will become ‘smart’. The big difference between a normal device (or ‘the legacy device’, as we call it) and a smart device is the presence of the internet feature in a smart device. By smart, it means that the device is programmed to function in a smart fashion and it can be operated remotely using the internet feature. Today, most of the devices we use in our households are internet enabled or we can say, smart devices. Televisions are now smart televisions, washing machines are now smart washing machines, refrigerators we use are also now smart refrigerators, and many more. All this became possible with the introduction of a small computer in the legacy devices like televisions, washing machines, refrigerators, and others. Now a big question is, what’s inside these small computers and how do they work? These small computers...

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. About the Author
  6. About the Reviewer
  7. Acknowledgement
  8. Preface
  9. Errata
  10. Table of Contents
  11. 1. Impact of Reverse Engineering
  12. 2. Understanding Architecture of x86 Machines
  13. 3. Up and Running with Reverse Engineering Tools
  14. 4. Walk Through on Assembly Instructions
  15. 5. Types of Code Calling Conventions
  16. 6. Reverse Engineering Pattern of Basic Code
  17. 7. Reverse Engineering Pattern of Printf Program
  18. 8. Reverse Engineering Pattern of Pointer Program
  19. 9. Reverse Engineering Pattern of Decision Control Structure
  20. 10. Reverse Engineering Pattern of Loop Control Structure
  21. 11. Array Code Pattern in Reverse Engineering
  22. 12. Structure Code Pattern in Reverse Engineering
  23. 13. Scanf Program Pattern in Reverse Engineering
  24. 14. Strcpy Program Pattern in Reverse Engineering
  25. 15. Simple Interest Code Pattern in Reverse Engineering
  26. 16. Breaking Wannacry Ransomware With Reverse Engineering
  27. 17. Generate Pseudo Code From Binary File
  28. 18. Fun With Windows Calculator Using Reverse Engineering
  29. Appendix
  30. Index