Top 5 Reverse-Engineering Tools in 2020
Introduction to Reverse-Engineering
Reverse engineering is a process that hackers use to figure out a program’s components and functionalities in order to find vulnerabilities in the program. You recover the original software design by analyzing the code or binary of the program, in order to hack it more effectively. Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation. This involves taking some device, system or software and breaking it apart, analyze it and conclude how it works. When reverse engineer conclude how system works he can take advantage of it, he can recreate it, document it or fix flaws. Reverse engineering is commonly used to document system that is poorly documented and designers are no longer available, to retrieve lost source code and fix problems, to use undocumented API for interoperability, to create competitive project similar as reversed project or to overcome protection. Here we will focus on software reverse engineering in both PC and mobile applications.
There are so many different software applications in the modern world, and the source code of the most of them is hidden from our sight. But there are a number of situations, when we do need to understand the logic of functioning of platforms and applications, their algorithms and specifics. There are a lot of products to make this task easier. We are going to discuss some of the best reverse engineering software; mainly it will be tools reverse engineering tools for Windows. Notice that you can learn more details about the process and nuances of Windows software reversing in this post (great example included). When the apps studied by Aite and Arxan were decompiled, all kinds of sensitive information was exposed, including API URLs, API keys, and API secrets hard-coded into the apps. Also exposed were URLs for nonstandard port numbers and development servers used by developers for testing and QA, as well as several private keys that were hard-coded into the apps' files and located in their subdirectories, making it possible to crack the private key passwords. To counter reverse-engineering attacks, security teams need to know what tools are available and how they work. Here are the top ones to consider.
IDA Pro
IDA Pro from Hex-Rays is considered by industry insiders to be the top reverse-engineering tool, not only because of its price tag, but because of its feature set. "An IDA Pro license costs thousands and thousands of dollars, but it's worth it. It's a fantastic piece of software," Horne Cyber's McGrew said. Written in C++, IDA Pro is an interactive disassembler that runs on Microsoft Windows, macOS, and Linux. In recent times, the program's place as the one to beat has been challenged. "A lot of mid-tier tools are challenging IDA Pro because they can be less than a tenth of the price of that expensive tool," Arxan's Lint said. Hex-Rays does offer a free version of IDA, but it lacks all the features in the latest version of the program, v. 7.0; doesn't support all the processors and file formats found in 7.0; and lacks technical support.
Ghidra
Ghidra made headlines earlier this year when the NSA open-sourced the reverse-engineering framework. It supports Windows, macOS, and Linux. Its feature set includes disassembly, assembly, decompilation, graphing, and scripting. In addition, it supports an array of process instruction sets and executable formats that can run in either interactive or automated modes. What's more, the program is customizable by writing plugins or scripts using Python or Java. "There is no major feature of Ghidra that does not already exist in current software reverse-engineering tools," McGrew said. "The biggest difference is that Ghidra is free for everyone, has a complete feature set, and has the best user interface in the market."
Binary Ninja
Binary Ninja, made by Vector 35, prides itself on its ease of use, making automation easier and more approachable than other solutions in the market. It supports 64-bit Linux Ubuntu, macOS 10.13, and 64-bit Windows 10, as well as PE.COFF, ELF, Mach-O, .NES, and raw binary files. Currently, it doesn't have a decompiler, but it plans to add one in an upcoming "advanced" version of the program. Although easy to use, the software has had some problems gaining acceptance in the reverse-engineering community. When speaking with colleagues over the past year, "I've found that many either haven't heard of Binary Ninja or have found it hard to figure out how to incorporate it as a tool in their daily work," Erika Noerenberg, a senior malware analyst and reverse engineer in the threat research group of LogRhythm Labs, said during a presentation at BSides Charm last year. Versions of Binary Ninja are available for student and personal use for $149, and a commercial edition costs $599.English.
Hopper
Hopper is a disassembler for macOS and Linux. It can disassemble, decompile, and debug 32- and 64-bit executables. The Mac version uses the Cocoa framework, while the Linux edition uses Qt 5.Hopper includes an SDK so you can extend your features, and even write your own file and CPU support. In addition, most of the software's features can be invoked from Python scripts, giving you the flexibility to transform binaries. To make procedures easy to understand, when triggered the program will display a graphical representation of the control flow graph, which can also be exported as a PDF file. Hopper offers a personal license tied to a user for $99 and computer license tied to single machine for $129.
Radare 2
Radare2 was the top open-source tool for reverse engineering before the NSA decided to release Ghidra. It's a command-line-based program, so its learning curve can be steep, but over the years a web interface and a graphical interface, called Cutter, have been developed for it. "It's very capable, but it's more difficult to use compared to Ghidra," McGrew said. The software includes a disassembler and supports local and remote debuggers. It can run on Linux, BSD, Windows, OSX, Android, iOS, Solaris, and Haiku, and can be scripted in Python, JavaScript, Go, and others. In addition, it supports more than 15 file formats, including WinRAR and raw binary, and some 33 instruction sets, including Intel x86 and ARM.
Apk Tool
ApkTool focuses on reverse engineering third-party, closed, binary Android apps. The open-source program can decode resources to nearly their original form, making changes in them, and rebuilding them back to binary APK/JAR. The project-like file structure used by the disassembler and its use of automation makes using the app easier than some other offerings on the market. Java 7 is required to use the program.
Detection is key
Application developers and security teams need to include control mechanisms in their coding to detect reverse-engineering attacks. Otherwise, all sensitive data handled by an app will be at risk of compromise. To lower the risk of vulnerabilities being identified and ultimately exploited, organizations must adopt a comprehensive approach to application security—including app shielding against reverse engineering, encryption, and threat analytics—and ensure their developers receive adequate secure programming training and implement security in the software development lifecycle when writing the code.
How is your team fighting against reverse engineering?
Share your experiences in the comments below.