What Is Reverse Engineering? All You Need To Know
Reverse engineering (RE) has helped nations win wars, businesses enjoy commercial success, militaries rapidly modernize, and ethical hackers combat threats.
Let’s explore what this cheat code is all about.
What Is Reverse Engineering?
RE is about deconstructing a technology in order to know how it works all the way through.
If you’re up to it, you can dissect the unknown design of any completed physical or computerized object.
Also called backward engineering, RE is more of a science than an art. Every situation demands a unique technique, but certain principles govern reverse engineers.
For instance, reversers are particular about the difference between hypotheses and conclusions. They understand that they would need to theorize first to move forward and shouldn’t prematurely come up with a verdict.
Likewise, seasoned engineers are fully aware that data is open to interpretation. So it’s inevitable for them to have dissimilar judgments.
Imperfection comes with the territory too.
Inexperienced reverse engineers can become frustrated at approximate results without realizing that RE doesn’t always provide all the answers.
Conversely, discerning reversers are comfortable with an incomplete puzzle and rely on forward engineering techniques to find the missing pieces.
Reverse Engineering Goals
RE has a long list of use cases, and there are undeniable merits in doing it.
First things first, let’s look at the most common goals RE helps attain.
RE presents an opportunity to bring back a forgotten or obsolete piece of technology to life.
Sometimes, the parts needed to repair or restore a machine are unavailable. The components may no longer be in production, or their original equipment manufacturer (OEM) may now be out of business.
Either way, reverse-engineering a machine’s design to replicate the faulty components may be your only option left.
Actually, even if the part is still on the market or the OEM is in business, RE is still an attractive route to take. By checking what’s under the hood, you could reproduce the parts in a way that suits your mechanical setup.
It’s not uncommon for old inventions to lack design records. Having to start from zero to re-creating undocumented innovations of yesteryear can be a pain.
If you invented something before digital file storage was the norm, you could reverse-engineer your technology to recover your design data.
This is especially neat when your creations saw the light the day before computer-aided design (CAD) existed.
It doesn’t matter if there’s no practical reason to revive a discontinued project. A digital archive of your work’s design files can bring value to your legacy.
When something’s wrong in the flow of a highly complex industrial process, RE can help identify the issue more easily.
Solving a problem in a manufacturing system that consists of various machines and components can be a convoluted procedure.
If you don’t know where to begin, RE may point you in the right direction. It can help you gain a deeper understanding of the ins and outs of the process.
In turn, you’ll be able to diagnose and address issues more quickly and efficiently.
When a device fails, reverse-engineering it can unveil its fatal flaws. The design files you’ll generate can help you gain insight into the damage, informing you how to fix it.
Creating a copy of the original design through backward engineering gives you full rein over it. You could modify it as you see fit in order to enhance its qualities.
Whether a flawed object needs a tune-up or an overhaul, reverse-engineering is the first step toward making it workable.
RE can give an antiquated design a new lease on life. Tweaking its characteristics can reinvent its utility, making it relevant to new use cases.
Hackers are super ingenious, often making it impossible to accurately anticipate what they would do next.
In most cases, the best thing you can do is understand how their novel malicious programs operate ASAP. The sooner you learn about what the malware code contains, the faster you can neutralize it.
Though, using RE for security analysis is easier said than done.
The ever-evolving malware sophistication has made it incredibly tricky to disassemble and decompile malicious code.
As a reverse engineer, you may have to spend more resources to determine what vulnerabilities the malware aims to exploit. Advanced reverse engineering techniques like dynamic analysis can speed up the process, though.
However, this doesn’t guarantee success. It’s not realistic to reverse-engineer every single new cybersecurity threat. So you may never know how a malicious program behaves as soon as you hope for.
Intellectual Property (IP) Infringement Avoidance
Some reverse engineers get paid to figure out how to use any IP without raising the ire of its owner.
By dismantling an invention, you could discover its exact specs and realize any potential patent or copyright infringement.
Stealing an idea without blatantly copying it is a tried-and-true strategy to get ahead in business. The ethics and legality of using RE this way are debatable. We will throw light on in a bit.
RE can be instrumental in integrating one app with another. It’s a viable path to interoperability without getting into legal trouble.
So, what is reverse engineering useful for when it comes to commercial and military entities?
Business and military competitors trick each other all the time. And no party has any incentive to be completely transparent—they all want to remain steps ahead of the rest.
Since rivals naturally distrust one another, they tend to rely on RE to know the other’s true intentions.
Reverse-engineering technologies can unveil what their inventors are actually doing, which may contradict what they’re saying.
Furthermore, it can help demystify discovered trade secrets like weapon blueprints or equipment prototypes.
If you know what your competitors are up to, you’ll be able to counter them accordingly.
Everyone who wants a competitive advantage and frowns upon RE is more likely to become technologically backward.
To hone their skills, software engineering students practice on crackmes, which are, on average, more challenging than proprietary programs.
They need to get their hands dirty early on to prepare them for the mind-boggling projects of the real world.
Also, some engineers do this for fun. RE is intellectually stimulating, which makes for an excellent mental workout
Reverse Engineering Benefits
Clearly, backwards engineering serves many purposes.
But is it really more advantageous than all other avenues to achieve the above goals?
A resounding yes!
Two things make RE unquestionably beneficial: efficiency and cost-effectiveness.
Innovation isn’t cheap.
Research and development can be a cash drain on any business or government entity. That’s why any method that can yield desirable results and simultaneously drive the cost down is worth doing.
More often than not, RE ticks all the right boxes.
Deconstructing an existing design requires fewer resources than building a new one from scratch any day.
Studying technologies on a molecular level can accelerate innovation, which is paramount in a fast-changing world.
Moreover, understanding the makeup of past and present designs can shorten the process of trial and error. Nothing’s worse than wasting a considerable amount of time and money just to reinvent the wheel.
If you draw inspiration from existing technologies, you’ll be able to push the frontiers of knowledge more quickly and successfully.
Reverse Engineering Applications
Originally, reverse engineering in business and the military applied to hardware only. But it has eventually become helpful in decoding closed-source software, too.
In hardware RE, the focus is on the anatomy of an object.
It involves measuring and disassembling the product to gather as much information about it as possible. So, having a sample of the unit is necessary.
Reverse engineers evaluate every individual part’s functionality, identify design errors, and look for improvement opportunities.
For easy reassembling, orderly deconstruction is good practice.
Of all great examples of hardware reverse engineering, Enigma is probably the best. This typewriter-looking encryption machine enabled the Germans to communicate in code during World War 2.
Headed by Marian Rejewski, Polish cryptologists successfully reverse-engineered it and built replicas. Using their duplicates of the Enigma, they were able to manually decrypt secret messages by brute force.
To automate the process, Rejewski developed a special-purpose machine called Bomba. It was programmable to try different Enigma rotor settings, making it easier to decipher scrambled German military communications.
Another example is Intel’s microprocessors. Many companies, including Advanced Micro Devices and Cyrix, were able to reverse-engineer them and develop cheaper chips without sacrificing compatibility.
In software RE, the subject is machine code.
To get started, you must turn the software’s binary code into an executable instruction as text.
One of the most famous examples of software reverse engineering is IBM’s proprietary basic input/output system (BIOS) for PCs.
Phoenix Technologies obtained a copy of the program and used the “clean room” approach to recreate it without using the original code.
The company’s engineers examined the IBM BIOS and described its functionality in detail without referencing its 8-KB code.
Then, Phoenix tasked a group of programmers to write fresh code based on the engineering team’s specifications.
The result: a new BIOS that worked precisely like IBM’s original and had unique-enough code. Phoenix sold its BIOS to computer vendors that manufactured the first IBM-compatible PCs.
Tools for Reverse Engineering
The most common tools reverse engineers use are as follows:
If the original blueprint is unavailable, this program will generate a 3D model of the object or parts of it.
This program turns a piece of software’s binary code into an assembler, making it barely readable by humans.
A decompiler converts a piece of software’s binary into a high-level language, which is a more human-friendly format.
Stages of Reverse Engineering
RE has three phases.
Each one involves a variety of steps to achieve their individual objectives.
This stage aims to learn everything about the subject, forming the basis for the RE.
Using the data you collect, you can prepare an initial model that reflects the presumed intent of the software developer.
To convert database structures into a model, you have to create:
Tentative entity types
Tentative relationship types
Plus, you have to note whatever keys and indexes.
If the primary, foreign, and candidate keys are defined, prioritize them. Or else jot down unique and secondary indexes instead.
The point of this stage is to undo the database’s mechanics. Here, you have to resolve identity and foreign keys.
If queries are available, leverage them to advance your understanding of the two.
Don’t expect the model to be complete. Don’t be surprised if parts of the structure are confusing, either.
Out of all stages of reverse engineering, this is where you can interpret the model and make conclusions.
Before consulting application experts, you should eliminate all unnecessary files and database access keys. Remove duplicate data structures too.
In addition, you should get rid of database errors and consolidate any separate models. To learn more about databases, check out this article.
Not all apparent errors are genuine mistakes, though.
To avoid misapprehension and incorrectly concluding that the developer messed up, ensure you thoroughly understand the database.
What Does the Law Say?
It depends on the jurisdiction.
In general, RE is legal even in countries that protect trade secrets, like the United States. The usual caveat is that you should gather data properly.
Many software vendors have cried foul and brought accusations of IP infringement.
For instance, Oracle has threatened to sue third parties that use RE to assess the security of proprietary technologies.
But courts have recognized that RE is acceptable, for it benefits the public and promotes healthy competition in the market.
In the European Union, reverse-engineering a program is legal as long as the goal is to achieve interoperability.
The problem is that laws regulating RE are hard to enforce outside a country’s borders.
Often, powerful foreign entities, especially government agencies, obtain design data illegally and reverse-engineer technologies for purposes that infringe IP.