At a base level, reverse engineering software is “the process of taking a piece of software or hardware and analyzing its functions and information flow so that it can be better understood.”1 When companies create or release software, they organize the programming code in a way that makes it impossible to change without access to the underlying source code. But sometimes, businesses need to alter certain parts of that code for software to work with their existing IT systems. In these instances, developers use reverse engineering software to legally alter, customize, or change pre-programmed computer software.
Let’s dive into the details of this revolutionary technology and review the top five reverse engineering tools for 2022.
Breaking Down the Basics
When used to its full capacity, reverse engineering software can benefit cybersecurity strategists in the following ways:
- Build better malware protection software by reverse engineering malware programs
- Test software's resistance to reverse engineering
- Improve compatibility with third-party applications
- Discover how network communication protocols work.2
Most reverse engineering software includes a portable executable (PE) editor that can view and alter the code of an application's core operating file. Reverse engineers also use another popular tool called a hex editor, which can change the fundamental binary code that computer programming is built on.3
The Legal Side of Software
Using reverse engineering software to steal or copy code is illegal, as hackers can then distort and exploit it for their own gain. With access to underlying code, cyber criminals often take the opportunity to insert malware into legitimate software applications. Subsequently, cybersecurity professionals need to leverage reverse engineering software in their cyber defense to unpack the malware and discover its intended purpose.4
There are many famous examples of legal reverse engineering in software, such as when Phoenix Technologies, a software solutions company, reverse engineered IBM's BIOS system to build PCs that would be compatible with IBM’s proprietary system. By using a “clean room” or “Chinese wall” approach, Phoenix was able to create code that was different but functioned almost identically to what IBM had created. Other companies, such as Cyrix Corporation and Advanced Micro Devices Inc., have successfully reverse-engineered Intel Corp. microprocessors to make less-expensive, Intel-compatible chips.5
Unfortunately, there are also notable examples of illegal uses. In 2001, Russian programmer Dmitry Sklyarov cracked Adobe's e-book file encryption using reverse engineering during a conference in the United States. Sklyarov was subsequently arrested by the FBI for violating the Digital Millennium Copyright Act (DMCA), which has declared it illegal to circumvent copy protection, duplicate digital copyrighted works, and sell them. Individuals also cannot manufacture or distribute tools or techniques for circumventing copy controls, which has led to multiple court cases since DMCA’s creation. 5,6
The 5 Best Reverse Engineering Tools Available in 2022
If you’re trying to reverse engineer software (legally, of course), check out our list of applications used by some of the world's top developers, government agencies, and cybersecurity professionals.
The Ghidra reverse engineering software was developed by the National Security Agency (NSA) and made available in 2019 for public use. It's one of the most advanced reverse engineering tools on the market today. It’s particularly popular for unpacking and analyzing malware.
Ghidra's graphical user interface (GUI) is built on Java's Swing framework with a decompiler written in C++ and plugins written in Python. Besides its reverse engineering capabilities, Ghidra features powerful debugging features for both Windows and Linux.6
2. Cerbero Suite
Cerbero Suite is a suite of academic and commercial reverse engineering tools based on an earlier free version called CFF Explorer. It supports many file formats and runs on almost all platforms, including Windows, OS X and Linux.
Cerbero Suite is one of the more popular reverse engineering software, with tools for both hex and PE editing. It supports both 32-bit and 64-bit architecture and has tools for editing .NET files, disassembly, signature management, and file scanning. The Advanced version of the Cerbero Suite includes a Sleigh decompiler, crash dump analysis, a native UI for Ghidra, and additional forensics formats.7
3. IDA Pro
IDA Pro from Hex-Rays is probably the most comprehensive reverse engineering software available, supporting multiple executable formats and including its own built-in command language. It's also one of the most expensive reverse engineering platforms, although there is a test version with limited functionality available for free.
The interactive nature of the IDA Pro disassembler means you can change elements of the displayed data in real-time, including functions, variables, names, and library functions. It's written in C++ and runs on Microsoft Windows, OS X, and Linux. The IDA Pro platform benefits from several plugins, the most notable of which is the Hex-Rays decompiler. With this tool, software developers can unpack the native C++ processor code of multiple architecture types.8
4. Relocation Section Editor
Relocation Section Editor is a type of reverse engineering software aimed at achieving a specific goal rather than unpacking the entire code. Developers use it to edit or remove the relocation table found in executable files, which is a part of that program that directs code to the appropriate place. When patching software or adding new code to the program, it's important to edit the relocation table and direct the code as required. In some instances, the relocation table can be removed entirely so long as you specify this change in the PE header.9
You can use Relocation Section Editor in conjunction with Scylla (not to be confused with ScyllaDB), a simple Windows-based reverse engineering tool that dumps information from an application process. With the data exported, developers can attempt to restore the PE file's source code in an editable format.10
5. API Monitor
API Monitor from Rohitab is a tool used by developers to view the API calls that Windows applications and services make when executed. It's useful when you need to reverse engineer software because it allows developers to track and view when certain parts of a program are being executed.
API Monitor includes individual versions for monitoring both 32-bit and 64-bit applications, with definitions for over 15,000 APIs, 1,800 COM interfaces, and almost 200 DLL files. The latest version supports breakpoints, structural decoding, arrays, unions, and enumerated data types. API Monitor runs on both Windows Desktop and Server and includes a portable version that doesn't require installation.11
Practice and Perfect Software in Real Time
Reverse engineering tools are critical for effective cybersecurity defense because of their unmatched ability to unpack and examine virus and malware code. For those in the cybersecurity field, it’s essential that you understand and know how to leverage these tools on behalf of your organization. Pursuing further education, like an online master's degree in cybersecurity, will ensure you can utilize the latest knowledge and skills against urgent and evolving threats.
- Retrieved on November 24, 2021, from thecyberwire.com/glossary/reverse-engineering
- Retrieved on November 24, 2021, from link.springer.com/chapter/10.1007/978-3-642-04117-4_31
- Retrieved on November 24, 2021, from searchsoftwarequality.techtarget.com/definition/reverse-engineering
- Retrieved on November 24, 2021, from lastline.com/blog/reverse-engineering-malware/
- Retrieved on November 24, 2021, from computerworld.com/article/2585652/reverse-engineering.html
- Retrieved on January 4, 2021, from ipwatchdog.com/2021/03/27/reverse-engineering-law-understand-restrictions-minimize-risks/id=131543/
- Retrieved on November 24, 2021, from techtarget.com/searchsecurity/feature/How-to-use-Ghidra-for-malware-analysis-reverse-engineering
- Retrieved on November 24, 2021, from cerbero.io/
- Retrieved on November 24, 2021, from hex-rays.com/ida-pro/
- Retrieved on November 24, 2021, from github.com/mohic/Relocation-Section-Editor
- Retrieved on November 24, 2021, from skuad.io/hire-remote-developers/reverse-engineering-developers
- Retrieved on November 24, 2021, from rohitab.com/apimonitor