By Tu Le
Reverse engineering in the context of software engineering is the practice of analyzing the software and its system to extract the actual design information. There are legitimate reasons why an application might be reverse engineered, for example the original source code of a product that has been available for many years might be lost and the application producer needs to get it back to protect his intellectual property (IP). In this case, reverse engineering skills would be used by software engineers to recover and protect the IP of the company. Unfortunately, in most cases, reverse engineering tactics are being used by competitors to disclose IP and by hackers for malicious purposes such as piracy or distributing malware. As a result, application producers need to consider implementing an anti-reverse engineering strategy to prevent information disclosure, tampering and software piracy.
Following are some recommended best practices to thwart security hacks. First and foremost it is critical to apply the security in layers to provide maximum protection. Layers to consider include:
- Anti-Analysis: Used to slow down reverse engineers (hackers) from analyzing and understanding the internal working of the software application. There are many anti-analysis techniques used, but the most common ones are encryption, compression and code obfuscation through permutation. There are advantages and disadvantages of each technique, however, all provide a common objective—make it difficult and confusing so that the hacker is wasting time and resources.
- Integrity Validation: Identify which part(s) of the application have been modified. One of the most common integrity validation techniques implemented is via code checksum. The checksum calculation can range from simple to intricate checksum/hash algorithms. It is critical to ensure the integrity of the software has not been tampered.
- Detection of Debuggers: Identify whether or not the software process is being debugged, or if a debugger is running in the system. Debugger detection techniques range from the very simple (and obvious) checks to more complex checks that deal with native APIs and kernel objects. There are many techniques but the most common techniques are:
- Utilizing kernel objects to detect if debugger is attached to the process
- Using debugger interrupts and exceptions to invalidate flags normally handled by debuggers and not by the software
- Using timing checks to determine the time spent between several instructions, and if the time spent took longer compared to a normal run, it probably means that the process is being executed under a debugger
Implementing an anti-reverse engineering strategy which includes all of the above will provide maximum protection to slow down the reverse engineering, but of course, nothing will stop a skilled, informed and determined reverse engineer or hacker.
To help software producers minimize piracy risk and maximize revenue, Flexera Software’s enhanced tamper-resistant application capability provides additional security layers to fortify and protect the software applications and thereby reduce revenue leakage.