The “What” of Reverse Engineering
Reverse engineering in software is usually described as the process of analyzing a binary and understanding its working, to either audit its goals or to replicate them. This usually involves using several tools and techniques to translate machine code into a high level programming language. But don’t be fooled, even in CTFs this might not be enough as it’s scope and applications are limitless.
Reverse engineering by the authors of Practical Reverse Engineering is defined as the process of understanding a system, i. e. a problem solving process. This is the definition that has made the most sense to me in the practical situations I have encountered reverse engineering in. It can be said that the process has a broad meaning and it encompasses a lot of things even in software. Hence I find the term “Problem Solving” to be closer to the real thing.
The “Why” of Reverse Engineering
Learning to reverse engineer and doing so will help you to gain a deeper and more thorough understanding of the applications and operating systems you use. The understanding of how a particular set of data can make a computer do all kinds of things opens new doors of opportunity for further learning and application. You are also likely to encounter several situations where, reverse engineering is going to be an helpful skill to possess.
A practical and real life example of reverse engineering that you will most probably come across is having to work with someone else’s undocumented, badly written code. This can be a painful and troublesome experience for an average coder but having worked with all kinds of poorly decompiled code as a reverse engineer, these situations can turn out to be a walk in the park and even a fun little challenge.
A similar case can be of when you have lost the source code and all you have is the compiled binary or when you receive suspicious software and you are doubtful of its intentions.
In such commonplace situations, having mastery over the skill of reverse engineering is going to be of great advantage.
Professionally in the field of cybersecurity, reverse engineering is used by Malware Analysts to analyze and develop signatures that help in detecting malicious software and viruses.
It is used to detect vulnerabilities in a system which can be then used to exploit the said system, for example – cracking a game/software. This knowledge can then be used to prevent misuse or unauthorized use of systems. In several cases, analysis/reverse engineering of malicious software like ransomware will actually help us beat the bad guys and save the day!