ملحوظة: المقال باللغتين العربية والإنجليزية لمساعدة أكبر قدر ممكن من الناس ونشر العلم 💜
NOTE: This article is in both Arabic and English to help as many people as possible and spread the knowledge! 💜
مقدمة
يعنى أيه هندسة عكسية؟ 🧩
هنا مكنش الواحد بيقرأ الـ manual بتاع اللعبة مثلا أو يبعت ميل للشركة يقولهم عملتوها أزاى والنبى .. كان التفكيك disassembling (خليك فاكر المصطلح دا) هو أول خطوة وبعدين نبص ع التوصيلات واللى مش فاهمينه زى الموتور مثلا بيشتغل ازاى كنا بنشيله ونوصله ببطارية مثلا ف نعرف بعبقريتنا المعهودة أنه محتاج بطارية عشان يشتغل! وهكذا لكل جزئية وبعد ما نفهم كنا نعيد تركبيها أو نرميها لو باظت فى سبيل العلم.
يعنى أيه هندسة عكسية (تانى 😁)؟
ما وراء البرنامج 👻
البرنامج بعد ما يكتبه الـ Developer أو المبرمج عشان يشغله (بدون دخول فى تفاصيل كتير) تقدر تتخيل إنه بيترجم من لغة البرمجة لـ machine code البروسيسور يقدر يفهمه العملية دى اسمها compiling .. بس مش بيتترجم مباشرة كده لأ بيترجم الأول للغة الجميلة assembly وبعدها للـ machine code .. و العملية اللطيفة الاخيرة دى اللى من الAssembly لل machine code بنسميها assembling .. طب دا ايه علاقته بالريفرس؟ 😒
فكر بالعكس 🧠
كـ Reverse Engineer أنت عندك البرنامج مش معاك الsource code اللى ممكن تقرأه وتفهم ولا أى حاجة غير عقلك والتولز اللى هتشتغل بيها .. على ذكر التولز بقى فيه حاجة اسمها disassembler وواضح إنه بيعكس أخر عملية قولنا عليها وهو إنك تديله البرنامج يرجع الـ Assembly code ومن هنا بقى عندك كود تقدر تقرأه وتحلله وتشتغل عادى!
وبديهياً زى ما فيه disassembler فيه بردوا decompiler ودا بيعكس العملية اللى بتحول الكود اللى كاتبه المبرمج لـ machine code ومع شوية ذكاء هتعرف إن لو أديت الـ decompiler البرنامج هيطلع من الناحية التانية (مروراً بالـ assembly code) الكود اللى كاتبه المبرمج أو نقدر نقول High-level language هل دا صح؟ لأ مش صح عشان مش بيطلع الكود بالظبط لأن تم ترجمته من low-level language بس هو بيقدر يقرب جدا من شكل الكود الأصلى بحيث يبقى سهل فى التعامل وتقدر تعدل فيه لحد ما توصل للشكل المفهوم اللى يعجبك!
تطبيقات الهندسة العكسية 👾
من أشهر الحاجات هى الـ RE للفيروسات أو الـ Malwares عامة ودا مجال معروف وهو الـ Malware Analysis المهارة بتاعت الـ RE دى أساسه عشان نقدر نفهم الفيروس دا بيعمل ايه وبيجمع انهى داتا وبيوديها لفين وازاى نقدر نتعرف عليه ونمسكه وكل دا
الأدوات اللى محتاجها 🛠
بالنسبة للبرامج أو الالعاب اللى مكتوبة بـ .NET / C# ممكن تستخدم dnSpy وdotPeek والاتنين على الويندوز
بالنسبة للموبايل ابلكيشنز (اندرويد) JD-GUI وapktool وdex2jar وكلهم على لينكس
اطبق اللى اتعلمته على ايه؟ 💎
خاتمة
Intro
Since there is a scarcity in Reverse Engineering’s resources globally i decided to write an article to help explaining what’s Reverse Engineering and how to start with some helpful resources 💪
What’s RE ? 🧩
when we were kids some of us were curious about how a toy works and try to disassemble it to understand how it’s working under the hood .. Yup, that’s Reverse Engineering I’m done!
reading the manual or sending the manufacturer a mail wasn’t usually the case, the disassembling (Remember that word) was the first thing to do and taking a look at the wires (if exists) and if something was ambiguous like the toy motor (for example), we would take it off and connect it with a battery and discover (using our brilliant minds) that it definitely needs a battery to work! And so on for each ambiguous unit until we understand and reassemble it or we threw it away if it’s no longer working for the sake of knowledge!
What’s RE (again 😁)?
Okay what’s about programs, games and so on? What does Reverse Engineering mean? It’s pretty much the same but remove the word “toy” and put the word “program” or “executable” instead .. and also the same thing replace the word “motor” by the word “function” that’s it!
The Reverse Engineer’s main purpose is to understand what’s the program is doing and hence discover the security flaws that might be existed in that the program and that could be done with numerous of methods
But what does the “program” even mean?! 🤔
behind the program 👻
The program is like the browser you are reading this post from whether it’s on your laptop or the mobile application that’s written in a programming language (e.g. C++, java, python, C#, etc…) spoiler: some technical geeky stuff ahead!
After the developer or programmer writes the program’s code and hit Run (without going into further details) you can imagine that it’s being translated from the programming language into the machine code which the processor (CPU) can understand, and this operation is called “Compiling” .. but it’s not directly translated this way first it’s translated into the amazing “assembly” language and to the machine code afterwards, and this last operation (from assembly to machine code) is called “Assembling”
But what’s that even do with Reverse Engineering?! 😒
Think backwards 🧠
The last operation we have just talked about is pretty much the same as the manufacturer which assembled the motor and LEDs on the toy’s board in our toy example .. Now think backwards! above i said remember a word (that you might forgot 😂) which was “disassembling”
As a Reverse Engineer you have the program (executable) not the source code which you can read and understand, nothing but your brain and the tools you are working with .. tools like the “disassembler”, which obviously is the reverse of the last operation we talked about, with the disassembler you can get the Assembly code out of the program and from here you have a code which you can read and analyze!
There’s also a tool called “Decompiler” and, as you might have guessed, it reverses the operation that translates the source code to the machine code. So the decompiler can retrieve the High-level source code from the program (passing through assembly code), but is that correct? No, not really because it doesn’t retrieve the exact same source code since it’s produced from a low-level language but it’s close to the original source code to make the program more human-readable and you can edit it until you get a good results
RE applications 👾
In some way you have seen some of the RE applications for example cracked programs or a games are made by reverse engineers who were able to disable the program’s protection or verification in order to make it free! (not good)
One of the most known and important applications of RE is the Reverse Engineering of Viruses or Malwares in general which is known as “Malware Analysis” where RE helps to understand how this Malware works, what’s it doing, what’s the data it collects, where is it being exfiltrated, how to identify its malicious activity and eliminate it, and so on!
Tools you need 🛠
till now we have mentioned two tools, the disassembler (on Linux you can use: radare2, gdb, objdump and ghidra .. on Windows: IDA freeware, windbg, ollydbg and immunity debugger) and as for the decompiler you can use IDA pro it’s not free but you can use ghidra too!
As for programs/games that’s written in .NET/ C# you can use dnSpy and dotPeek on Windows
And finally for mobile applications (android) you can use JD-GUI, apktool and dex2jar which all are on Linux
How to practice my skills? 💎
There are CTF competitions where you can find Reverse Engineering challenges you can practice on .. and there are websites for this kind of challenges, the idea of the challenge here is to understand how the program works and try to figure your way out to the solution or the “Flag” which you can submit and earn points! some of these websites:
- CyberTalents
- crackmes.one
- crackmes.cf (many challenges right here)
- TryHackMe
- root-me
Outro
You deserve a respect for you patience for reaching here! and patience is a key in RE .. another thing is that you need to search and always ask Google, maybe that’s the reason many people quit, and remember each piece of information no matter how small it is someday you might need it or face it in a challenge you are working on! 💜