So what are the common applications of reverse engineering in the software
world? Generally speaking, there are two categories of reverse engineering
applications: security-related and software development–related. The follow-
ing sections present the various reversing applications in both categories.
Security-Related Reversing
For some people the connection between security and reversing might not be
immediately clear. Reversing is related to several different aspects of computer
security. For example, reversing has been employed in encryption research—a
researcher reverses an encryption product and evaluates the level of security it
provides. Reversing is also heavily used in connection with malicious soft-
ware, on both ends of the fence: it is used by both malware developers and
those developing the antidotes. Finally, reversing is very popular with crack-
ers who use it to analyze and eventually defeat various copy protection
schemes. All of these applications are discussed in the sections that follow.
Malicious Software
The Internet has completely changed the computer industry in general and the
security-related aspects of computing in particular. Malicious software, such
as viruses and worms, spreads so much faster in a world where millions of
users are connected to the Internet and use e-mail daily. Just 10 years ago, a
virus would usually have to copy itself to a diskette and that diskette would
have to be loaded into another computer in order for the virus to spread. The
infection process was fairly slow, and defense was much simpler because the
channels of infection were few and required human intervention for the pro-
gram to spread. That is all ancient history—the Internet has created a virtual
connection between almost every computer on earth. Nowadays modern
worms can spread automaticallyto millions of computers without any human
intervention.
Reversing is used extensively in both ends of the malicious software chain.
Developers of malicious software often use reversing to locate vulnerabilities
in operating systems and other software. Such vulnerabilities can be used to
penetrate the system’s defense layers and allow infection—usually over the
Internet. Beyond infection, culprits sometimes employ reversing techniques to
locate software vulnerabilities that allow a malicious program to gain access to
sensitive information or even take full control of the system.
At the other end of the chain, developers of antivirus software dissect and
analyze every malicious program that falls into their hands. They use revers-
ing techniques to trace every step the program takes and assess the damage it
could cause, the expected rate of infection, how it could be removed from
infected systems, and whether infection can be avoided altogether. Chapter 8
Foundations 5