Tutorial De Ingeniería Inversa #1

Tutorial #1 : What is Reverse Engineering

by R4ndom on May.21, 2012, under Reverse Engineering, Tutorials

What is reverse engineering?

Reverse engineering is the process of taking a compiled binary and attempting to recreate (or simply

understand) the original way the program works. A programmer initially writes a program, usually in a highlevel

language such as C++ or Visual Basic (or God forbid, Delphi). Because the computer does not

inherently speak these languages, the code that the programmer wrote is assembled into a more machine

specific format, one to which a computer does speak. This code is called, originally enough, machine

language. This code is not very human friendly, and often times requires a great deal of brain power to

figure out exactly what the programmer had in mind.

What is reverse engineering used for?

Reverse engineering can be applied to many areas of computer science, but here are a couple of generic

categories;

Making it possible to interface to legacy code (where you do not have the original

code source).

Breaking copy protection (ie. Impress your friends and save some $$).

Studying virii and malware.

Evaluating software quality and robustness.

Adding functionality to existing software.

The first category is reverse engineering code to interface with existing binaries when the source code is

not available. I will not be discussing this much, as it is boring.

The second category (and the biggest) is breaking copy protection. This means disabling time trials,

defeating registration, and basically everything else to get commercial software for free. This we will be

discussing at great length.

The third category is studying virus and malware code. Reverse engineering is required because not a lot

of virus coders out there don’t send instructions on how they wrote the code, what it is supposed to

accomplish, and how it will accomplish this (unless they are really dumb). This is a pretty exciting field, but

requires a great deal of knowledge. We will not discuss this much until later on.

The fourth category is evaluating software security and vulnerabilities. When creating large (think Windows

Operating Systems), reverse engineering is used to make sure that the system does not contain any major

vulnerabilities, security flaws, and frankly, to make it as hard as possible to allow crackers to crack the

software.

The final category is adding functionality to existing software. Personally, I think this is one of the most fun.

Don’t like the graphics used in your web design software? Change them. Want to add a menu item to

encrypt your documents in your favorite word processor? Add it. Want to annoy your co-workers to no end

by adding derogatory message boxes to Windows calculator? Let’s do it. This we will be getting into later

in the series.

What knowledge is required?

As you can probably guess, a great deal of knowledge is necessary to be an effective reverse engineer.

Fortunately, a great deal of knowledge is not necessary to ‘begin’ reverse engineering, and that’s where I

hope to come in. That being said, to have fun with reversing and to get something out of these tutorials

you should at least have a basic understanding of how program flow works (for example, you should know

The Legend Of Random

Programming and Reverse Engineering

Login

Remember me

Recover password

Recent Posts

Tutorial #8: Frame Of Reference

R4ndom’s Ramblings: Captcha alternatives

(besides suicide)

Tutorial #7: More Crackmes

Adding a Splash Dialog

A new series of tutorials

Recent Comments

NoName on Adding a Splash Dialog

R4ndom on Tutorial #8: Frame Of

Reference

R4ndom on Adding a Splash Dialog

NoName on Adding a Splash Dialog

freener on Tutorial #8: Frame Of

Reference

Archives

June 2012

May 2012

Categories

Beginner

Intermediate

Random's Ramblings

Reverse Engineering

Tools

Tutorials

Uncategorized

Meta

Register

Log in

Entries RSS

Comments RSS

Home Tutorials Tools Contact

what a basic if…then statement does, what an array is, and have at least seen a hello world program).

Secondly, becoming familiar with Assembly Language is highly suggested; You can get thru the tutorials

without it, but at some point you will want to become a guru at ASM to really know what you are doing. In

addition, a lot of your time will be devoted to learning how to use tools. These tools are invaluable to a

reverse engineer, but also require learning each tool’s shortcuts, flaws and idiosyncrasies. Finally, reverse

engineering requires a significant amount of experimentation; playing with different

packers/protectors/encryption schemes, learning about programs originally written in different programming

languages (even Delphi), deciphering anti-reverse engineering tricks…the list goes on and on. At the end

of this tutorial I have added a ‘further reading’ section with some suggested sources. If you really want to

get good at reversing, I highly suggest you do some further reading.

What kinds of tools are used?

There are many different kinds of tools used in reversing. Many are specific to the types of protection that

must be overcome to reverse a binary. There are also several that just make the reverser’s life easier. And

then some are what I consider the ‘staple’ items- the ones you use regularly. For the most part, the tools fit

into a couple categories:

1. Disassemblers

Disassemblers attempt to take the machine language codes in the binary and display them in a friendlier

format. They also extrapolate data such as function calls, passed variables and text strings. This makes

the executable look more like human-readable code as opposed to a bunch of numbers strung together.

There are many disassemblers out there, some of them specializing in certain things (such as binaries

written in Delphi). Mostly it comes down to the one your most comfortable with. I invariably find myself

...