Articles

Reverse Engineering: what it is and how it can be used for Information Security

By April 3, 2020 No Comments

*Lucas Santos

Do you know what reverse engineering is?

Even if you do not know this term, it is likely that you have already practiced.

Reverse engineering it is the name given to the process of exploring an object that consists of “deconstructing it”. In other words, disassemble an object to study it. For example, when a child disassembles the toy to understand how it works, they are practicing Reverse Engineering without knowing it.

Simple to understand, right? But when and how can we use this process?

The use of reverse engineering

The process of Reverse engineering has several possibilities of use, from professional to simply out of curiosity.

Currently, in the corporate scenario, we can see the use of the resource in the following scenarios:

• Market competitiveness: when we see a brand launching a product on the market and, shortly after, we see that a competing brand launched a similar product. It is very common to see this practice in the automobile market, electronic devices, software and even in the world of games.

• Product improvement: in some cases, producing companies practice Reverse Engineering on their own product in order to identify opportunities for improvement or even to identify and correct flaws.

• Learning: students can practice Reverse Engineering in successful projects in order to acquire knowledge and observe good practices to apply them in their projects.

• Military: Reverse Engineering was widely used by the Japanese in World War II to understand the technology used in the enemy's weapons.

• Software: programmers analyze the software for different purposes, such as reproducing the software, using the techniques observed in the development of their own software, among others. This is where we see an important factor for Information Security: Reverse malware engineering.

Reverse Engineering in Information Security

For Information Security, Reverse Engineering can be used to analyze any threats and enable the development of better targeted defensive actions.

When we thoroughly analyze a ransomware, for example, it is possible to identify the entrance doors to the malware, the irradiation methods by the operating system, the method it uses to encrypt the target data.

These actions optimize the development of a defensive action to minimize or even reverse the effects of the malware, since the resources and methods used in the functionality of the malware.

What is needed to practice Reverse Engineering?

The necessary resources for the practice of Reverse engineering depend a lot on their purpose. If this is practiced purely out of curiosity, no knowledge is needed, only the tools necessary to “dismantle” the object. For example, if we want to know how the clock works, we would only need the tools to open the device.

However, for professional / academic use, it is already necessary to have prior knowledge about the object to be analyzed. For the example of software engineering that was previously given, previous knowledge in programming language is necessary to be able to interpret the syntaxes contained in the malware. This prior knowledge facilitates the understanding of the functioning of the analyzed object.

Final considerations

The use of Reverse engineering is controversial, as it can be considered a legal justification for plagiarism.
This practice, however, can be considered as an important lever for the market, since it allows big brands to study the products of competing brands to develop their versions of the same product - sometimes even better than the pioneer products.

* Lucas Santos is Consultant in GRC & Information Security at [SAFEWAY]

 

About [SAFEWAY]

THE SAFEWAY is an Information Security consulting company, recognized by its clients for offering high added value solutions, through projects that fully meet the needs of the business. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, who constitute, in large part, the 100 largest companies in Brazil.

Today, through 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions for technology, processes and people. SAFEWAY's SOC uses QRadar to monitor customer environments.