Reverse Engineering

Introduction to Reverse Engineering: How to Take a Program Apart

20 Oct 20238 min read

Reverse engineering isn't just about understanding how a program works—it's the art of revealing a system's vulnerabilities and its underlying logic. Most developers only care about how software works at the source-code level, but a true systems engineer has to understand how the compiler optimises that code as well.

Why Should We Learn Assembly?

Compilers perform countless optimisations while translating our high-level code into machine language. Without understanding this layer, it's nearly impossible to develop or analyse secure software. How do the stack pointer (SP) and base pointer (BP) move in memory when a function is called? How are arguments placed into registers (RDI, RSI, RDX…)?

First Steps with Ghidra

Ghidra, open-sourced by the NSA, is a genuinely powerful tool for static analysis. When you load a .exe or .elf file into Ghidra, it doesn't just disassemble the machine code—it also provides a remarkably capable decompiler that outputs something resembling C.

// Example of a simple password-check mechanism decompiled by Ghidra
int check_password(char* input) {
    if (strcmp(input, "super_secret_key") == 0) {
        return 1;
    }
    return 0;
}

If we examine the code above at the assembly level, just before the strcmp call we see a CMP and a JNZ (Jump If Not Zero) instruction. In reverse engineering, manipulating the software often comes down to something as simple as replacing that "JNZ" with a "JZ (Jump If Zero)".

Instead of a Conclusion

Thinking at the system level transforms you from an ordinary programmer into a system architect. Understanding how memory is allocated and how the processor executes instructions is, in my opinion, a skill every software developer should have in their back pocket.

F
Ferivonus
Architecting Systems.
Reverse EngineeringGhidraAssemblyC++