> there exist some deobfuscators that bring the code back
Care to elaborate? The author of Movfuscator is very experienced and capable at reverse engineering. In one of his video talks he hits some Movfuscated code with some tools and says he doesn't know of anything that can deobfuscate it. That may have changed since then -- I'd be curious to know.
Oh man, in my times "reverse engineer" was something about restoring functionality from compiled compressed (with some homebrew compressor) encrypted obfuscated binary executable, which could possibly actively resist to in-memory debugging.
Uses movfuscator, one of the most painful tools when you're faced with reverse engineering. Also one of the most fun, from the other side of the aisle.
I only read the abstract, but saw it mentioned program obfuscation, which is something I'm passingly familiar with but don't know much about.
Does anyone know the current state of this? From what I've heard from reverse engineers most software seems fairly easy to reverse. And even something like Stuxnet was capable of being reversed by a relatively small consulting firm if I recall correctly.
> I mean, literally, the "bomblab", aka "Dr. Evil's Insidious Bomb, Version 1.1" is standard at every university’s computer science course, and teaches how to reverse engineer and bypass such checks in binaries.
i've read the syllabus from such a class; do you happen to know of such an activity that can be participated in by a non-student?
I would like to learn more about executable reverse engineering, and that sort of approach appeals to me.
It's essentially an arms-race. For every anti-debugging or obfuscation technique there's a reverse engineer who is willing to do hard work to overcome it. It becomes a kind of psychological warfare-- trying to wear-down the reverse enginner to make the give up.
If this kind of thing interests you check out 4AM's Apple II cracks. He's removing the copy protection on old software so the techniques aren't directly applicable to current machines, but there's a font of creativity in the code he's reverse engineering. https://twitter.com/a2_4am
Regarding your last sentence. Reverse Engineering is a complex task, and obfuscation is but one of the many challenges a reverse engineer faces, granted malloc/free or stack variable and the example binary not being one of them.
> The only definition of "reverse engineering software" that I use
Uhm, no, that's far too narrow. Reverse engineering is any kind of introspection into a device in question, designed for obtaining any degree of understanding of its inner functioning.
What you're talking about is called "decompilation", and it's not even among the most useful reverse engineering techniques.
Well, you have no guarantee that a sane compiler was used, obfuscation and encryption may also play a part. Things worth reverse engineering are often convoluted in such ways.
This reminds me of a work I did as an undergrad which landed in a paper called "Can a Program Reverse-Engineer Itself?". The idea is to take any program/function and make it a quine so you can retrieve its original code even if it has been obfuscated. You can find the paper here: http://pablo.rauzy.name/research.html#imacc11.
Sorry, I was doing multiple edits on my comment in the last few minutes without noticing the replies. I did mention that reverse engineering is possible, but it's really tedious and not as easy to interpret all the code flows compared to having the source code.
I would imagine that improved reverse engineering techniques would also help to dissect botnets, viruses, P2P networks, and other sorts of obfuscated software.
I'd rather believe that than believe that the DoD has lost a significant portion of its code base for its critical applications.
> The only definition of "reverse engineering software" that I use is this
That's the definition of decompiling not reverse engineering. The original IBM BIOS was reverse engineered by two teams: one which read the disassembled binary and wrote a written specification and a second team that took that specification and wrote code.
> Reverse engineering is a very broad term, but generally involves analysis of decompiled source, no?
Not necessarily. If you are reverse-engineering a file format for the purposes of reading and writing files compatible with the software, oftentimes you start by using the software to generate multiple files with small changes. Your analysis is limited to the output generated by the software, not the actual software itself (you treat the software as a black box).
Care to elaborate? The author of Movfuscator is very experienced and capable at reverse engineering. In one of his video talks he hits some Movfuscated code with some tools and says he doesn't know of anything that can deobfuscate it. That may have changed since then -- I'd be curious to know.
reply