most products, and so reversing an entire software product in order to create a
competing product just doesn’t make any sense. It is usually much easier to
design and develop a product from scratch, or simply license the more com-
plex components from a third party rather than develop them in-house. In the
software industry, even if a competitor has an unpatented technology (and I’ll
get into patent/trade-secret issues later in this chapter), it would never make
sense to reverse engineer their entire product. It is almost always easier to
independently develop your own software. The exception is highly complex
or unique designs/algorithms that are very difficult or costly to develop. In
such cases, most of the application would still have to be developed indepen-
dently, but highly complex or unusual components might be reversed and
reimplemented in the new product. The legal aspects of this type of reverse
engineering are discussed in the legal section later in this chapter.
Evaluating Software Quality and Robustness
Just as it is possible to audit a program binary to evaluate its security and vul-
nerability, it is also possible to try and sample a program binary in order to get
an estimate of the general quality of the coding practices used in the program.
The need is very similar: open-source software is an open book that allows its
users to evaluate its quality before committing to it. Software vendors that
don’t publish their software’s source code are essentially asking their cus-
tomers to “just trust them.” It’s like buying a used car where you just can’t pop
up the hood. You have no idea what you are really buying.
The need for having source-code access to key software products such as
operating systems has been made clear by large corporations; several years
ago Microsoft announced that large customers purchasing over 1,000 seats
may obtain access to the Windows source code for evaluation purposes. Those
who lack the purchasing power to convince a major corporation to grant them
access to the product’s source code must either take the company’s word that
the product is well built, or resort to reversing. Again, reversing would never
reveal as much about the product’s code quality and overall reliability as tak-
ing a look at the source code, but it can be highly informative. There are no spe-
cial techniques required here. As soon as you are comfortable enough with
reversing that you can fairly quickly go over binary code, you can use that
ability to try and evaluate its quality. This book provides everything you need
to do that.
Low-Level Software
Low-level software (also known as system software) is a generic name for the infra-
structure of the software world. It encompasses development tools such as
compilers, linkers, and debuggers, infrastructure software such as operating
Foundations 9