Chapter 3

Reverse Engineering

Lecture notes 1

ASTU, 2023
 Chapter outlines

 Definition
 Reuse and Reusability
 Maintenance measures

2
 Definition

Reverse engineering
 Reverse engineering is defined as the process of analyzing a subject system to:
(i) identify the system’s components and their interrelationships; and
(ii) create representations of the system in another form or at a higher level of
abstraction
 Reverse engineering in software refers to the process of analyzing a software
system or component to understand its design, functionality, and
implementation details, often without access to its original source code or
documentation.
 It involves extracting information from the compiled or executable form of the
software to gain insights into its inner workings.
3
 Why Reverse Engineering?

The factors necessitating the need for reverse engineering are as

follows:
 The original programmers have left the organization.
 The language of implementation has become obsolete, and the system
needs to be migrated to a newer one.
 There is insufficient documentation of the system.
 The business relies on software, which many cannot understand.
 The company acquired the system as part of a larger acquisition and lacks
access to all the source code.
 The system requires adaptations and/or enhancements.
 The software does not operate as expected.
4
 Key steps in reverse engineering

Six key steps in reverse engineering, as documented in the IEEE Standard for
Software Maintenance are:
 Partition source code into units;
 Describe the meanings of those units and identify the functional units;
 Create the input and output schematics of the units identified before;
 Describe the connected units;
 Describe the system application; and
 Create an internal structure of the system

5
 Reverse Engineering Concepts
 Define Objectives: Clearly define the objectives and goals of the reverse engineering process.
 Determine what specific information or knowledge you want to extract or understand
from the target artifact.
 Obtain the Target Artifact: Acquire the target artifact or product that you intend to reverse
engineer.
 This could be a physical object, software application, electronic device, or any other item
of interest.
 Analysis: Perform a thorough analysis of the target artifact to understand its structure,
behavior, and functionality.
 This analysis can include various techniques, such as:
 Observation: Observe the artifact's physical or digital characteristics, interfaces, and external
behavior.
 Disassembly: If applicable, disassemble the physical artifact to examine its internal
components, connections, and circuitry. 6
 Reverse Engineering Concepts..
 Instrumentation: Use specialized tools or equipment to gather data about the artifact's
behavior, such as input/output interactions or communication protocols.
 Dynamic Analysis: Run the software or system and monitor its runtime behavior to
gain insights into its operations, data flow, and control flow.
 Static Analysis: Analyze the static characteristics of the software, including examining
the code, data structures, and binaries without executing the program.
 Documentation: Document your findings and observations during the analysis phase.
 This documentation may include notes, diagrams, photographs, or any other form of
recording the information you gather.
 Reconstruction: Based on the information obtained from the analysis, reconstruct the higher-
level representations of the artifact.
 This can involve creating architectural diagrams, flowcharts, or pseudo-code to represent
the artifact's design or functionality.
7
 Reverse Engineering Concepts..

Understanding and Enhancement: Once you have a clear understanding of the artifact, you
can use this knowledge to improve or enhance it.
• It may involve identifying areas for optimization, bug fixing, or implementing new
features.

Legal and Ethical Considerations: It is important to consider legal and ethical aspects when
engaging in reverse engineering.
• Ensure that you comply with relevant laws, licensing agreements, and intellectual property
rights. Seek legal advice when necessary.

8
 Reverse engineering tools
 Reverse engineering tools are software applications or utilities that aid in the
process of analyzing and understanding a product or system.
 These tools assist in tasks such as decompiling binaries, examining code,
analyzing network traffic, or visualizing software architecture.
 Here are some commonly used reverse engineering tools:
 Disassemblers and Decompilers:
 Interactive Disassembler Professional (IDA Pro): A widely used
disassembler and debugger for analyzing binary code, with support for
various architectures and file formats.
 GNU High-Level Interactive Disassembler (Ghidra): An open-source
software reverse engineering framework developed by the National
Security Agency (NSA). 9

 It includes a disassembler, decompiler, and debugging features.

 Reverse engineering tools..
 Radare2: A free and open-source reverse engineering framework that
provides disassembly, debugging, binary analysis, and scripting
capabilities.
 Hopper: A disassembler and decompiler for macOS and Linux that supports
multiple architectures and provides a user-friendly interface.
 Decompilation provides the basis for comprehension, maintenance, and new
development, with source code, but any high-level comprehension is provided
by the reader
 Decompilation provides a limited kind of program comprehension.
 Decompilation is certainly reverse engineering, since it is increasing the level
of abstraction.
 However, compilation is not considered part of the forward engineering, since
10

it is an automatic step.
Overview of Decompilation and traditional reengineering

11

Relationship between Decompilation and traditional reengineering

 Reverse engineering tools and techniques..

Debuggers:
 OllyDbg: A popular debugger for Windows that allows dynamic analysis of
executable files, including code tracing, breakpoints, and memory examination.
 WinDbg: A powerful debugger from Microsoft that offers advanced debugging
capabilities for Windows applications, drivers, and kernel-mode programs.
 GDB: The GNU Debugger, commonly used on Unix-like systems, allows
debugging and analyzing applications at the source code level.
 Network Analysis Tools:
 Wireshark: A network protocol analyzer that captures and analyzes network traffic, helping
to understand communication protocols, identify vulnerabilities, and troubleshoot network
issues.
 Burp Suite: A comprehensive web application security testing tool that includes a proxy,
scanner, fuzzer, and other features for analyzing and manipulating web traffic. 12
 Reverse engineering tools and techniques..

Code Analysis Tools:

 Decompiler tools: Tools like JD-GUI, jadx, and dnSpy can decompile compiled code
(e.g., Java, .NET) back into their high-level language representations, aiding in
understanding and analysis.
 Static analysis tools: Tools like SonarQube, FindBugs, and Checkmarx perform static
code analysis, identifying potential vulnerabilities, coding errors, and security flaws in
software applications.
 Dynamic analysis tools: Tools like Fuzzers, such as AFL and Peach, and dynamic
analysis frameworks like Angr and S2E help analyze software behavior during runtime,
uncovering vulnerabilities and potential exploits.

13
 Reverse engineering tools and techniques..
Reverse Engineering Suites:

 Radare2:Radare2 is a comprehensive reverse engineering framework that combines various

analysis and debugging capabilities.
 Binary Ninja: A commercial reverse engineering platform that offers advanced disassembly,
decompilation, and graph visualization features.
 x64dbg: An open-source debugger for Windows that provides both static and dynamic
analysis capabilities, including disassembly, debugging, and code patching.

14
Relationship between reengineering and reverse
engineering

15
General Model of Software Reengineering

16
 Benefits of Reverse Engineering:
 Understanding Legacy Systems: Reverse engineering allows you to gain insights into
existing legacy systems or products whose documentation or source code may be
unavailable or outdated.
 It helps in understanding their design, functionality, and dependencies, which can be
valuable for maintenance, migration, or integration purposes.
 Interoperability and Compatibility: Reverse engineering can help in understanding the
protocols, file formats, or APIs used by a system, enabling interoperability and
compatibility with other systems.
 It allows you to develop software or hardware components that can communicate
effectively with the existing system.
 Security Analysis: Reverse engineering can be used to identify vulnerabilities, security
flaws, or weaknesses in software or hardware systems.
 By analyzing the system's design and implementation, security researchers can discover and address
potential security risks, leading to improved security measures.
17
 Benefits of Reverse Engineering:

 Competitive Analysis: Reverse engineering can provide insights into the functionality,
features, or performance of a competitor's product.
 It allows businesses to understand their competitors' offerings, identify unique selling
points, and make informed decisions about their own product development and
marketing strategies.
 Knowledge Transfer and Learning: Reverse engineering can serve as an educational tool,
allowing individuals to learn from existing systems and gain knowledge about different
technologies, architectures, or design patterns.
 It can be particularly useful for students, researchers, or developers seeking to expand
their understanding of software or hardware systems.

18
 Risks of Reverse Engineering:

 Legal and Ethical Concerns: Reverse engineering can raise legal and ethical issues,
especially when it involves proprietary or copyrighted systems or products. Unauthorized
reverse engineering may infringe intellectual property rights, contractual agreements, or
trade secrets.
 It's crucial to ensure compliance with relevant laws and obtain proper permissions
before engaging in reverse engineering activities.

 Incomplete or Inaccurate Understanding: Reverse engineering may not always provide a

complete or accurate understanding of a system.
 The process relies on assumptions, interpretations, and limited information available from the artifact
being analyzed.
 This can lead to misunderstandings or incorrect conclusions about the system's design or functionality.

19
 Risks of Reverse Engineering:
 Time and Resource Intensive: Reverse engineering can be a time-consuming and resource-
intensive process, requiring expertise, specialized tools, and significant effort.
 It may involve complex analysis, trial and error, and iterative exploration to uncover
the desired information. This can impact project timelines and resource allocation.

 Potential Damage to the System: Reverse engineering activities, particularly when

involving dynamic analysis or modification of the system, carry the risk of unintended
consequences.
 Incorrect analysis, modifications, or testing can lead to system failures, data loss, or
other undesirable outcomes.
 Careful planning, backup measures, and adherence to best practices are essential to
mitigate such risks.

20
 What is Reuse?

 Reuse in software engineering refers to the practice of utilizing existing

software artifacts, such as code modules, libraries, frameworks, designs, or
components, in the development of new software systems.
 Instead of building everything from scratch, developers leverage reusable
assets to save time, effort, and resources.

21
 Benefits of Reuse:

 Increased Productivity: Reusing existing software components reduces

development time and effort, allowing developers to focus on new or unique
functionalities.
 Improved Quality: Reused components have often been tested and debugged,
leading to higher reliability and fewer errors in the software.
 Faster Time to Market: Reusing proven components accelerates the
development process, enabling quicker deployment and release of software
products.
 Cost Savings: Reuse reduces the need to reinvest in developing functionality
that already exists, resulting in cost savings for organizations.
22
 Types of Reuse:

 Code Reuse: Reusing code snippets, libraries, or frameworks can significantly

speed up development. Developers can leverage existing functionality,
algorithms, or utility functions to achieve common tasks.
 Design Reuse: Reusing design patterns, architectural styles, or system
structures promotes consistency and best practices. Well-established design
patterns, such as MVC or Observer, can be reused across different projects.
 Component Reuse: Reusing entire software components or systems, such as
microservices or software-as-a-service (SaaS) offerings, allows developers to
integrate pre-built functionality into their applications.

23
 Reusability:
 Reusability is the inherent quality of software artifacts that enables them to be easily
reused in different contexts.
 It refers to the design and implementation characteristics that facilitate the
effective and efficient reuse of software components.

24
 Cont…d
Key characteristics of reusable software artifacts include:
 Modularity: Breaking down software into small, self-contained modules or
components that can be easily understood and reused independently.
 Abstraction: Hiding implementation details and exposing only necessary
interfaces and functionality, making it easier to reuse components without
knowledge of their internal workings.
 Loose Coupling: Minimizing interdependencies between components,
allowing them to be used or modified without affecting other parts of the
system.
 Standardization: Following coding and design standards to ensure
compatibility and ease of integration with other components or systems.
25
 Designing for Reusability:

 To maximize reusability, software engineers should consider the following

principles and best practices during the design phase:
 Encapsulation: Designing components with well-defined interfaces and
hiding their internal implementation details.
 Separation of Concerns: Dividing functionality into separate modules or
components, each responsible for a specific task.
 Interface Definition: Clearly defining and documenting interfaces to guide
component usage and interaction.
 Documentation: Providing clear and comprehensive documentation for
reusable components to facilitate understanding and adoption.
26
 Maintenance measures
 Software maintenance encompasses all the activities involved in keeping a software
system operational and up-to-date after its initial development.
 To effectively measure software maintenance, several key metrics and measures can be
considered.
 Defect Density: This measure calculates the number of defects found in a given period,
usually per unit of code size (e.g., defects per thousand lines of code). It helps assess the
quality of the software and identify areas that require improvement.
 Mean Time to Repair (MTTR): calculates the average time taken to fix
reported defects or issues.
 It provides insights into the efficiency and effectiveness of the maintenance process
and helps in setting realistic expectations for issue resolution.
 Mean Time Between Failures (MTBF): calculates the average time between
consecutive failures occurring in the software system.
 It helps assess the system's reliability and provides an indication of its stability and 27

robustness.
 Maintenance measures…
 Maintenance Effort: quantifies the resources (e.g., time, effort, personnel) expended on
software maintenance activities.
 It helps evaluate the overall cost of maintenance and can be useful for budgeting and
resource allocation purposes.
 Change Request Rate: This measure determines the frequency of change requests or
modifications made to the software.
 It provides insights into the software's adaptability to evolving needs and the level of
stakeholder engagement.
 Customer Satisfaction: assesses the satisfaction level of software users or customers with
the maintenance activities.
 It can be measured through surveys, feedback, or ratings, and helps gauge the
effectiveness of the maintenance process in meeting user expectations.

28
 Maintenance measures…
 Documentation Coverage: evaluates the extent and quality of documentation available for
the software system, including user manuals, technical specifications, and support
documentation.
 Adequate documentation facilitates maintenance activities and reduces the time
required for issue resolution.
 Regression Test Coverage: it measures the percentage of the system covered by regression
tests.
 It helps ensure that modifications or bug fixes do not introduce new defects or
regressions into the software.

29
 Maintenance measures…
 Mean Time to Discover (MTTD): it calculates the average time taken to
detect or discover defects after they occur.
 It helps identify bottlenecks or weaknesses in the defect detection and
reporting processes.
 Technical Debt: quantifies the accumulated "debt" resulting from shortcuts
or suboptimal design decisions made during development or maintenance.
 It helps gauge the level of effort required to address technical debt and maintain the
software's long-term health.

30