Not specifically, more just the occasional paper you see posted where they've found a way to recover missing data from surrounding context. I.e. something like reverse engineering redaction boxes from JPEGs by reversing a non-lossless algorithm twice, once to get the lossy image in raw form with redactoin boxes, and at that point again to determine what was likely under those boxes from the surrounding lossy compression as it existed before.
At least most of the decompiler logic comes from formal methods, thus reducing possible edge cases compared to statistics. There's a room for AI in reversing, but it should be a specifically trained model with a carefully extracted features from binary, not only disassembly output: graphs, debug and demangling info, types, IL analysis results, etc.
All these GPT-based plugins are just toys. There's more serious research like this[1][2][3]
They could add the detection to GIMP. But then that would reveal what the algorithm is. And that would allow specific strategies for producing false negatives or false positives.
I'm still undecided about whether countermeasures to reverse engineering like this are useful or not in the long run.
This was a great post with references to many tricks and tools I was not aware of that might help me in similar endeavors. Do you have any particular advice for reverse engineering image data files (not encrypted, of a completely proprietary format)?
> there exist some deobfuscators that bring the code back
Care to elaborate? The author of Movfuscator is very experienced and capable at reverse engineering. In one of his video talks he hits some Movfuscated code with some tools and says he doesn't know of anything that can deobfuscate it. That may have changed since then -- I'd be curious to know.
This is reverse engineering in the same way that I redraw a map of my drainage pipes when there's a leak in my house. My plumber is not going to sue me and neither will Bose.
> The only definition of "reverse engineering software" that I use
Uhm, no, that's far too narrow. Reverse engineering is any kind of introspection into a device in question, designed for obtaining any degree of understanding of its inner functioning.
What you're talking about is called "decompilation", and it's not even among the most useful reverse engineering techniques.
Having that full fidelity raw data would be a gold mine, even without instructions. I'm sure the hacker community would reverse engineer it within months.
Any examples? You can't reverse it if the data is gone.
reply