Introduction to Software Reverse Engineering using HEX Editor
Introduction:
Reverse engineering is the process of extracting the knowledge or design blueprints from any man-made things. Reverse engineering (RE) is the process of discovering the technological principles of a device or a System through analysis of its structure, Function and operation. Software reverse engineering is reorganising and modifying existing software system (legacy system) to make them more maintainable and analysing software with a view to understanding its design and specification.
Reverse engineering has its origins in the analysis of hardware for commercial or military advantage. The purpose is to deduce design decisions from end products with little or no additional knowledge about the procedures involved in the original production. The same techniques are currently being researched for application to legacy software systems, not for industrial or defence ends, but rather to replace incorrect, incomplete, or otherwise unavailable documentation. Reverse engineering is the process of analyzing a subject system to create representations of the system at a higher level of abstraction.
It can also be seen as “going backwards through the development cycle”. is an inversion of the traditional WaterFall Model.
Reverse engineering Advantages
- Transforming obsolete products into useful ones by adapting them to new systems.
- Some features of the system needs to be refined out.
- It can be use, if there is no adequate documentation of the original design.
- Investigating and correcting errors and limitations in existing programs.
- Studying the design principles of a product as part of an education in engineering.
- Understanding how a product work
- Malware Analysis
- Vulnerability Analysis
- Security Assessment of 3rd-party COTS
- Evaluation/Breaking of copy-protection schemes
- To obtain the lost source code from executable code
Why Still a Black Art
Many people think that it is used only for software cracking. Some people think Reverse Engineering as Hacking. But actually Reverse Engineering is an art to learn about a product in deep
Approaches to Reverse Engineering
- White Box Analysis
It involves in analysis of source code. De-compiling the source code from binary code. Effective for finding programming and implementation errors in software.
- Black Box Analysis
Black box analysis refers to analyzing a running program by probing it with various inputs. This can be used to test for the security issues of the system.
- Gray Box Analysis
Gray box analysis combines white box techniques with black box input testing. A good example of a simple gray box analysis is running a target program within a debugger and then supplying particular sets of inputs to the program.
Tools
Reversing is all about the tools. The following sections describe the basic categories of tools that are used in reverse engineering
- System-Monitoring Tools
System-level reversing requires a variety of tools that sniff, monitor, explore, and otherwise expose the program being reversed. Most of these tools displayinformation gathered by the operating system about the application and itsenvironment. Because almost all communications between a program and theoutside world go through the operating system, the operating system can usuallybe leveraged to extract such information.
Eg: Process Explorer
- Disassemblers
As I described earlier, disassemblers are programs that take a program’s executable binary as input and generate textual files that contain the assembly language code for the entire program or parts of it. This is a relatively simple process considering that assembly language code is simply the textual mapping of the object code. Disassembly is a processor-specific process, but some dissemblers support multiple CPU architectures.
Eg: IDA Pro
- Debuggers
A debugger is a program that allows software developers to observe their program while it is running. The two most basic features in a debugger are the ability to set breakpoints and the ability to trace through code.
Eg: ollydbg
- Decompiler
Decompilers are the next step up from dissemblers. A decompiler takes an executable binary file and attempts to produce readable high-level language code from it. The idea is to try and reverse the compilation process, to obtain the original source file or something similar to it.
A Reverse engineer must know the following things
- IA-32 or 64 Architecture
- IA-32 or 64 Instruction Set
- Programming Skills
Because in reverse engineering the tools display machine codes which are maximum belongs to IA-32 or 64. If a reverser know all about that then only they can be successful in his job.
HEX Editor
A hex editor (or binary file editor or byte editor) is a type of computer software that allows a user to manipulate the fundamental Binary (0 / 1, zero / one) data that makes up computer Files.
By using a hex editor, a user can see or edit the raw and exact contents of a file, as opposed to the interpretation of the same content that other, higher level application software may associate with the format. A typical hex editor has three areas: an address area on the left, a hexadecimal area in the center, and a character area.
Address Area
The address area on the left side of the hex editor displays the address of the first byte of each line.
Hexadecimal Area
The middle hexadecimal area is the most commonly used area of a hex editor. It lists each byte of the file in a table, usually sixteen bytes per line.
Character Area
The character area on the right of the hex editor displays the ASCII representation of each of the bytes in the hexadecimal area.
Reverse Engineering a C program using HEX Editor
I write a following C program, I compiled it and object file is obtained.
Program:
- #include<stdio.h>
- #include<conio.h>
- #include<string.h>
- void main()
- {
- char a[100];
- clrscr();
- printf(“\nEnter password….:”);
- scanf(“%s”,a);
- if((strcmp(a,”default”))==0)
- printf(“\nPassword Correct”);
- else
- printf(“\nWrong Password”);
- getch();
- }
Explanation:
During execution this program displays a message” Enter password….:” then it get an String from the user and stored it in a character array. Then the obtained String is compared with String in the program. If it equal display “Password Correct” message otherwise display “Wrong Password” message.
Procedure:
Step1: open the HEX editor
Step2: Load the corresponding object file of the program.
Step3: Look at the yellow circle area in magnify it
Here we can saw text which displayed in the output “Enter password….:”,then it get a string using %s ,after that we have 3 Strings,
- default
- Password Correct
- Wrong Password
Second string is displayed when entered password is correct, Third string is displayed when entered password is wrong. Therefore entered string is compared with the remaining unused first String, therefore First String is the password……..
The Password is default
Thus We find each statement of program using object code and HEX Editor.
This method is similar to Black box Analysis…….
This is an example to explain reverse engineering and cracking a Software.
Conclusion:
Reverse engineering is a vast and complex world, It can’t be learned easily like learning programming languages in a month. It needs both programming knowledge and hardware knowledge. With lot of practice we can make it easier. A good reverser know an application inside and outside.
I Want to use this medium to appreciate an online ghost hacker, after being ripped off my money he helped me find my cheating lover and helped me hacked his WHATSAPP, GMAIL, kik and all his social media platforms and i got to know that he has being cheating on me and in less than 24 hours he helped me out with everything, hacking setting is trust worthy, contact him via: hackingsetting50@gmail.com
ReplyDeleteDo you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com