Reverse Engineer Any Software

Reverse engineering, the process of taking a software program’s binary code and recreating it so as to trace it back to the original source code, is being widely used in computer hardware and software to enhance product features or fix certain bugs. For example, the programmer writes the code in a high-level language such as C, C++ etc. (you can learn basic C programming with this beginners course); as computers do not speak these languages, the code written in these programming languages needs to be assembled in a format that is machine specific. In short, the code written in high level language needs to be interpreted into low level or machine language.

The process of converting the code written in high level language into a low level language without changing the original program is known as reverse engineering. It’s similar to disassembling the parts of a vehicle to understand the basic functioning of the machine and internal parts etc. and thereafter making appropriate adjustments to give rise to a better performing or superior vehicle.

If we have a look at the subject of reverse engineering in the context of software engineering, we will find that it is the practice of analyzing the software system to extract the actual design and implementation information. A typical reverse engineering scenario would comprise of a software module that has been worked on for years and carries the line of business in its code; but the original source code might be lost, leaving the developers only with the binary code. In such a case, reverse engineering skills would be used by software engineers to detect probable virus and malware to eventually protect the intellectual property of the company. 

At the turn of the century, when the software world was hit by the technology crisis Y2K, programmers weren’t equipped with reverse engineering skills. Since then, research has been carried out to analyse what kind of development activities can be brought under the category of reverse engineering so that they can be taught to the programmers. Researchers have revealed that reverse engineering basically comes under two categories-software development and software testing. A number of reverse engineering exercises have been developed since then in this regard to provide baseline education in reversing the machine code.

Reverse Engineering

Reverse engineering can be applied to several aspects of the software and hardware development activities to convey different meanings. In general, it is defined as the process of creating representations of systems at a higher level of abstraction and understanding the basic working principle and structure of the systems under study. With the help of reverse engineering, the software system that is under consideration can be examined thoroughly. There are two types of reverse engineering; in the first type, the source code is available, but high-level aspects of the program are no longer available. The efforts that are made to discover the source code for the software that is being developed is known as reverse engineering. In the second case, the source code for the software is no longer available; here, the process of discovering the possible source code is known as reverse engineering. To avoid copyright infringement, reverse engineering makes use of a technique called clean room design.

In the world of reverse engineering, we often hear about black box testing. Even though the tester has an API, their ultimate goal is to find the bugs by hitting the product hard from outside. 

Apart from this, the main purpose of reverse engineering is to audit the security, remove the copy protection, customize the embedded systems, and include additional features without spending much and other similar activities.

Where is Reverse Engineering Used?

Reverse engineering is used in a variety of fields such as software design, software testing, programming etc. 

In software design, reverse engineering enables the developer or programmer to add new features to the existing software with or without knowing the source code. Different techniques are used to incorporate new features into the existing software. 

Reverse engineering is also very beneficial in software testing, as most of the virus programmers don’t leave behind instructions on how they wrote the code, what they have set out to accomplish etc. Reverse engineering helps the testers to study the virus and other malware code. The field of software testing, while very extensive, is also interesting and requires vast experience to study and analyze virus code. 

The third category where reverse engineering is widely used is in software security. Reverse engineering techniques are used to make sure that the system does not have any major vulnerabilities and security flaws. The main purpose of reverse engineering is to make the system robust so as to protect it from spywares and hackers. Infact, this can be taken a step forward to Ethical hacking, whereby you try to hack your own system to identify vulnerabilities. 

While one needs a vast amount of knowledge to become a successful reverse engineer, he or she can definitely have a lucrative career in this field by starting off with the basics. It is highly suggested that you first become familiar with assembly level language and gain significant amount of practical knowledge in the field of software designing and testing to become a successful software engineer. 

Reverse Engineering Tools

As mentioned above, reverse engineering is the process of analyzing the software to determine its components and their relationships. The process of reverse engineering is accomplished by making use of some tools that are categorized into debuggers or disassemblers, hex editors, monitoring and decompile tools: 

• Disassemblers – A disassembler is used to convert binary code into assembly code and also used to extract strings, imported and exported functions, libraries etc. The disassemblers convert the machine language into a user-friendly format. There are different dissemblers that specialize in certain things. 
• Debuggers – This tool expands the functionality of a disassembler by supporting the CPU registers, the hex duping of the program, view of stack etc. Using debuggers, the programmers can set breakpoints and edit the assembly code at run time. Debuggers analyse the binary in a similar way as the disassemblers and allow the reverser to step through the code by running one line at a time to investigate the results. 
• Hex Editors – These editors allow the binary to be viewed in the editor and change it as per the requirements of the software. There are different types of hex editors available that are used for different functions. 
• PE and Resource Viewer – The binary code is designed to run on a windows based machine and has a very specific data which tells how to set up and initialise a program. All the programs that run on windows should have a portable executable that supports the DLLs the program needs to borrow from. 

Reverse engineering has developed significantly and taken a positive approach to creating descriptive data set of the original object. Today, there are numerous legitimate applications of reverse engineering. Due to the development of numerous digitising devices, reverse engineering software enables programmers to manipulate the data into a useful form. The kind of applications in which reverse engineering is used ranges from mechanical to digital, each with its own advantages and applications. Reverse engineering is also beneficial for business owners as they can incorporate advanced features into their software to meet the demands of the growing markets.

Dynamic Menu Builder

The problem

As with every abstraction it starts with a problem you are trying to solve. In this case the problem was code duplication and general tediousness with the construction of the context (right click) menus in x64dbg.

The general idea of Qt is great. From my understanding, every context menu is a QMenu with a bunch of QAction or other QMenu items in it. When a user right-clicks in the widget a signal will be emitted and the widget can connect to the signal, construct the QMenu and ‘execute’ the menu on the mouse position. Each QAction has a signal called triggered() which you can connect to a slot in your widget to handle the click event.

If there is no variation in the menu everything works perfectly fine. You just create all the actions, menus and connections in the constructor and store the final QMenu item in the class. Then when you need the menu you do mMenu->exec(position) and you are done with it.

In x64dbg the menus are based on the context, so the static approach doesn’t work. What we did was create and connect all the QAction items in the constructor and then dynamically create the menu. What this did was create a lot of fragmentation. All the actions had to be declared in the header, the slots for the actions had to be declared in the header and the source and adding a new action would result in a lot of code that looked exactly like this:

mFollowAddress = new QAction("&Follow in Disassembler", this); connect(mFollowAddress, SIGNAL(triggered()), this, SLOT(followAddress())); 

For actions with a shortcut and an icon it was even worse:

mToggleBreakpoint = new QAction("Toggle Breakpoint", this); mToggleBreakpoint->setShortcutContext(Qt::WidgetShortcut); mToggleBreakpoint->setIcon(QIcon(":/images/icons/breakpoint.png")); addAction(mToggleBreakpoint); connect(mToggleBreakpoint, SIGNAL(triggered()), this, SLOT(toggleBreakpoint())); 

Shortcuts also require setting the actual shortcut in a dedicated slot called refreshShortcutsSlot()which is connected to the settings dialog so shortcuts are updated when the user updates the settings:

void ReferenceView::refreshShortcutsSlot() { mToggleBreakpoint->setShortcut(ConfigShortcut("ActionToggleBreakpoint")); mToggleBookmark->setShortcut(ConfigShortcut("ActionToggleBookmark")); } 

Finally the menu is created in contextMenuEvent like this:

if(!DbgMemIsValidReadPtr(addr)) return; wMenu->addAction(mFollowAddress); wMenu->addAction(mFollowDumpAddress); if(apiAddressFromString(mCurList->getCellContent(mCurList->getInitialSelection(), 1))) wMenu->addAction(mFollowApiAddress); wMenu->addSeparator(); wMenu->addAction(mToggleBreakpoint); wMenu->addAction(mToggleBookmark); 

As you can imagine, adding an action with an icon, a shortcut and some context-dependent behaviour was a very tedious process and this needed to change.

MenuBuilder

Part of the solution is a MenuBuilder class. This is a recursive datatype (like QMenu) but it lazily builds the menu, which allows for proper context-awareness.

To achieve context-awareness, each QAction/QMenu/MenuBuilder you add to a MenuBuilder is paired with an std::function. If the callback returns true, the item is added to the final QMenu, otherwise it is ommitted. This allows for constructs like this:

mBuilder->addAction(followAction, [this](QMenu* menu) { //only add followAction if the selected address is readable. return DbgMemIsValidReadPtr(this->selectedAddress()); }); 

The followAction will only be added to the final QMenu if the currently selected address is a valid memory address. This is a huge save in code, the menu creation slot can be replaced with:

QMenu menu; mBuilder->build(&menu); menu.exec(pos); 

There are some extra features (like using the menu parameter of the lambda to add extra actions to the final QMenu, but if you want more details, read the code here.

Actions

The next problem to solve is the creation of the QAction and QMenu items. The solution was to create a few simple helper methods in the base class (AbstractTableView):

template<typename T> inline QAction* makeAction(const QString & text, T slot) { return connectAction(new QAction(text, this), slot); } inline QAction* connectAction(QAction* action, const char* slot) { connect(action, SIGNAL(triggered(bool)), this, slot); return action; } inline QAction* connectAction(QAction* action, QActionLambda::TriggerCallback callback) { auto lambda = new QActionLambda(action->parent(), callback); connect(action, SIGNAL(triggered(bool)), lambda, SLOT(triggeredSlot())); return action; } 

The makeAction uses a template because I added lambda support to the actions. This is not in Qt 4 and rather simple to implemented so I decided to add it:

class QActionLambda : public QObject { Q_OBJECT public: typedef std::function<void()> TriggerCallback; QActionLambda(QObject* parent, TriggerCallback callback) : QObject(parent), _callback(callback) { } public slots: void triggeredSlot() { if(_callback) _callback(); } private: TriggerCallback _callback; }; 

Now to create an action you’d write:

makeAction("Selection (&No Bytes)", SLOT(copySelectionNoBytesSlot())) 

And similarly an action with shortcut and icon:

makeShortcutAction(QIcon(":/icons/images/highlight.png"), "&Highlighting mode", SLOT(enableHighlightingModeSlot()), "ActionHighlightingMode") 

Final words

I guess that’s about it for this blog post. If you want to see what the final menu creation code looks like, check out the code here. For reference, the old code is available here, as you can tell it is a great improvement.

Delphi Tips: Hashing a String With Delphi Encryption Compendium(DEC)

Today, I wanted to use the Delphi Encryption Compendium(DEC) to hash a string. It is a little bit difficult to figure out how to use the components since they are poorly documented, but after a few minutes, I came up with this. At first, I tried to use the CalcBinary function, which allows you pass a string to it. It worked fine, but it is limited due to the fact that it would cast all input strings as an ansistring type. As a result, I switched to the CalcStream type to overcome this limitation. Here are two functions which you can use to calculate an MD5 hash for either a UnicodeString or AnsiString. These functions can be easily converted to a different hash type simply by changing the declaration and create type. The available hash types are: 

THash_MD2, THash_MD4, THash_MD5, THash_RipeMD128, THash_RipeMD160, THash_RipeMD256, THash_RipeMD320, THash_SHA, THash_SHA1, THash_SHA256, THash_SHA384, THash_SHA512, THash_Haval128, THash_Haval160, THash_Haval192, THash_Haval224, THash_Haval256, Thash_Tiger, THash_Panama, THash_Whirlpool, THash_Whirlpool1, THash_Square, THash_Snefru128, THash_Snefru256, andTHash_Sapphire. 

You can specify haval rounds like this: hash.rounds:=3; //(3,4,and 5 are valid round types.)

Uses DECHash, DECFmt; 

Function GetMD5_Unicode(input: UnicodeString):String;

var

val: tStringStream;

hash: tHash_MD5;

len: int64;

Begin

val:=tStringStream.Create;

len:=length(input)*2;

val.Write(input[1], len);

val.Seek(0, soFromBeginning);

hash:=tHash_MD5.Create();

result:=string(hash.CalcStream(val, len, TFormat_HEX)); 

hash.Free;

val.Free;

End;

Function GetMD5_Ansi(input: AnsiString):String;

var

val: tStringStream;

hash: tHash_MD5;

len: int64;

Begin

val:=tStringStream.Create;

len:=length(input);

val.Write(input[1] ,len);

val.Seek(0, soFromBeginning);

hash:=tHash_MD5.Create();

result:=string(hash.CalcStream(val, len, TFormat_HEX));

hash.Free; 

val.Free;

End;

The Delphi Encryption Compendium(DEC) can be downloaded here:

https://github.com/winkelsdorf/DelphiEncryptionCompendium/releases

Until next time, happy programming and reversing. :)

Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?

We do not collect information from visitors of our site, or other details to help you with your experience.

When do we collect information?

We collect information from you when you or enter information on our site.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

How do we protect visitor information?

We use regular Malware Scanning

We do not use an SSL certificate 

We only provide articles and information. We never ask for personal or private information like email addresses, or credit card numbers. 

Do we use 'cookies'? 

We do not use cookies for tracking purposes, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies. If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly. 

Third-party disclosure 

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. 

Third-party links 

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites. 

Google 

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en 

We have not enabled Google AdSense on our site but we may do so in the future. 

California Online Privacy Protection Act 

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf 

How does our site handle do not track signals? 

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. 

Does our site allow third-party behavioural tracking? 

It's also important to note that we do not allow third-party behavioural tracking 

COPPA (Children Online Privacy Protection Act) 

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. 

Fair Information Practices 

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. 

If there are any questions regarding this privacy policy you may contact us using the information below. 

Last Edited on 2016-04-17

About Us

One stop shop for all the information about Cryptography, CTF and many more tools. You can take our online challenges to enhance your understanding and develop skills.

For any questions, feel free to give me a buzz.

Happy Reading !

Admin