Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reverse Engineering CS3300 Fall 2015. What is it? Extracting design information from existing software Two types: Source Code based (easier) or Binary.

Published byPhebe Goodwin Modified over 9 years ago

Similar presentations

Presentation on theme: "Reverse Engineering CS3300 Fall 2015. What is it? Extracting design information from existing software Two types: Source Code based (easier) or Binary."— Presentation transcript:

1 Reverse Engineering CS3300 Fall 2015

2 What is it? Extracting design information from existing software Two types: Source Code based (easier) or Binary (harder) In reverse engineering 50-80% of effort is trying to understand the program Reverse engineering is sometimes referred to as “program understanding”

3 Biggerstaff Paper – Activities Forward Engineering Reverse Engineering Redocumentation Design Recovery Restructuring Re-engineering

4 Problem Maintainers are not the original developers Concept Assignment Problem Biggerstaff et. al.

5 Is this legal? Clearly a company can reverse its own code if the original developers are gone or source code is lost Reversing other peoples code:  Cyber warfare  Virus makers  Virus fighters  Compatability (Sega (Genesis) vs. Accolade)

6 For Binary RE Decompilers  Boomerang http://boomerang.sourceforge.net/cando.php?hidemenu http://boomerang.sourceforge.net/cando.php?hidemenu  JaD a java bytecode decompiler

7 Complications Transformers Obfuscators  Eliminate symbolic information Variable names String constants  Alter statement sequence  Add antidebug code  Optimizers

8 With Source Code (Static) Call Graphs  cflow

9 Static Analyzers UML class diagram generators Class Browsers (like in Eclipse) Control Flow Graphs and Slicing Cross-Reference Listings (XREF) Pretty Printers or formatters SCITools https://scitools.com/https://scitools.com/

10 Dynamic Tools ISVis OWASP Lapse+ https://www.owasp.org/index.php/OWASP_LAPSE_Project https://www.owasp.org/index.php/OWASP_LAPSE_Project Imagix http://www.imagix.com/products/source-code- analysis.htmlhttp://www.imagix.com/products/source-code- analysis.html

11

12

Download ppt "Reverse Engineering CS3300 Fall 2015. What is it? Extracting design information from existing software Two types: Source Code based (easier) or Binary."

Similar presentations

Software Re-engineering

Software Re-engineering
Reverse Engineering Computer Science Computer Science University of Windsor University of Windsor Shaochun Xu.

Reverse Engineering Computer Science Computer Science University of Windsor University of Windsor Shaochun Xu.
Chapter 11 Software Evolution

Chapter 11 Software Evolution
Course Outline Traditional Static Program Analysis Software Testing

Course Outline Traditional Static Program Analysis Software Testing
1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.

1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.
Course Outline Traditional Static Program Analysis –Theory Compiler Optimizations; Control Flow Graphs Data-flow Analysis – today’s class –Classic analyses.

Course Outline Traditional Static Program Analysis –Theory Compiler Optimizations; Control Flow Graphs Data-flow Analysis – today’s class –Classic analyses.
Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.

Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Machine Code Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Machine Code Teodoro (Ted) Cipresso,
Java Planning our Programs Flowcharts Arithmetic Operators.

Java Planning our Programs Flowcharts Arithmetic Operators.
CMMI – Continuous as well as staged model CMMI capability levels – Incomplete, performed, managed, defined, quantitatively managed, optimized Example.

CMMI – Continuous as well as staged model CMMI capability levels – Incomplete, performed, managed, defined, quantitatively managed, optimized Example.
Reverse Engineering When is it the most cost effective? Raymond Utz.

Reverse Engineering When is it the most cost effective? Raymond Utz.
Reverse Engineering Valeriya Perelman 12/10/04. Outline Motivation Terminology Related work Approach discussion Challenges References.

Reverse Engineering Valeriya Perelman 12/10/04. Outline Motivation Terminology Related work Approach discussion Challenges References.
Lecturer: Dr. AJ Bieszczad Chapter 1111-1 Lehman’s system types S-system: formally defined, derivable from a specification P-system: requirements based.

Lecturer: Dr. AJ Bieszczad Chapter Lehman’s system types S-system: formally defined, derivable from a specification P-system: requirements based.
Welcome to CS680! Tue Thu 7pm - 8:15pm :-(

Welcome to CS680! Tue Thu 7pm - 8:15pm :-(
IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.

IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.
NJIT 1 On to Object Design Chapter 14 Applying UML and Patterns.

NJIT 1 On to Object Design Chapter 14 Applying UML and Patterns.
Obfuscation techniques in Java Therese Berge Jonas Ringedal.

Obfuscation techniques in Java Therese Berge Jonas Ringedal.
Driss Kettani Sommerville, 6th edition Software Engineering II Software re-engineering l Reorganising and modifying existing software systems to make them.

Driss Kettani Sommerville, 6th edition Software Engineering II Software re-engineering l Reorganising and modifying existing software systems to make them.
SOFTWARE REVERSE ENGINEERING

SOFTWARE REVERSE ENGINEERING

Similar presentations

Ads by Google