7 tools that have influenced the reversing community

labsdetectify

TL;DR: Reverse engineering has been used by the military, big companies and many more. It is the act of taking something (computer, device, weapon, software) and “stripping” it to learn or analyze its inner working in detail. Compaq, one of IBM’s major competitors, did this in the early 1980s, using the reverse engineering process to dissect the IBM PC and build their own product. In this blog post, we list 7 tools for reverse engineering on the Microsoft Windows platform that have influenced the reversing community the most.

 

The tools highlighted are DRM (Digital Rights Management) tools, made for copyright protection in the videogame industry. DRMs are particularly interesting because major strides in copy protection are being made by companies who have game developers as their clients. Game development is increasingly focused on online gaming as many recently released games require an online connection to access multiplayer features or even to start playing.

 

Denuvo anti-tamper

 

Background:

Developed by Sony DADC, Denuvo is the spiritual successor to the widely used SecuROM copy protection. The initial release was in 2014 and it wasn’t long before piracy groups were able to bypass the protection. However, the Denuvo developers patched the loopholes that the early iterations had and the protection remains uncracked to this day.

 

Why:

Several of the biggest game developers have expressed their concerns on releasing games for the Microsoft Windows platform due to high piracy levels. The Denuvo DRM has been used in several AAA-games and has shown that it is able to handle piracy. Could this perhaps be the answer to game developers concerns?

 

Pros

  • Offers excellent protection against piracy

 

Cons

  • Price

 

Valve Steamworks

 

Background:

Developed by Valve Corporation, Steam is a platform for games and other software. Released in 2003, the service really took off with the release of Half-Life 2 in 2004.

 

Why:

As gamers have noticed, the days of using a CD or DVD to install and play games are over. With platforms such as Valve’s Steamworks, more games are being bought digitally. A major reason for games being available as digital purchases only is piracy – when games are shipped on discs there was always a risk of leakage. When a game is only available as a digital copy, game developers are in full control as they can set a date the game can be played, which effectively eliminates all leaks.

 

Pros:

  • Offers good protection against piracy
  • Big user base
  • Cross-platform

 

Cons:

  • Requires online connection for installing and activating paid products
  • No physical copy
  • Linked to a personal account, no resell value

 

Always-Online

 

Background:

This form of protection is solely dependent on the game type and the route that the developers take, as some games are developed with online play in mind and others are not.

 

Why:

Some copy protections have given legitimate buyers a headache – in some cases these users were unable to play the game because the copy protection was so intrusive. Publishers then decided not to ship the game with protection, but instead sync game data with a server and make the game unplayable in case of connection loss.

 

Pros:

  • In some cases, a better user experience
  • Offers excellent protection against piracy

 

Cons:

  • No offline mode, unusable without internet connection

 

Tools used for reversing

 

x64dbg

 

Background:

Developed actively by several groups of people who thought that the existing tools for x64 debugging were lackluster. Released in 2013.

 

Why:

With the increased popularity of the x64 platform, the need to be able to debug and reverse x64 binaries grew. Popular software is not usable because it either lacks support or is outdated, hence the need for new tools arises. x64dbg tries to solve this problem and supports the same plugins as several other popular tools and the developers even released an SDK to help with plugin development. x64dbg is built on the same principles that OllyDbg and WinDbg was.

 

Pros:

  • Open source
  • X64-oriented

 

Cons:

  • Early stages of development

 

IDA Pro

 

Background:

Released in the mid 1990’s, this is a holy grail compared to other tools. Developed actively by Ilfak Guilfanov, who is the main developer at Hex-Rays, IDA Pro is one of the best, if not the best disassembler available on the market. It is a debugger and a disassembler that is so popular and advanced there are many papers focusing on specific areas of the capabilities available to the user.

 

Why:

Used by some of the biggest companies, the amount of things that can be reversed when using this software is unparalleled. ESET Labs, for example, use IDA Pro when they reverse engineer malware for their AV software. The software is really mature, it is considered very stable and has no major flaw. It is the tool that many want be, but few actually are. Hex-Ray also offers an SDK to paying customers that they can use to develop extensions using the Python language. They also offer an older version for free, however, newer features are missing in that version.

 

Pros:

  • Support for a massive amount of platforms
  • Great support from the developers and their forums
  • Great documentation available

 

Cons:

  • Price (IDA Starter Licenses start at 589 USD, whereas prices for IDA Professional Licenses start at 1129 USD)
  • Steep learning curve

 

 

OllyDbg

 

Background:

Released around 2000 by Oleh Yuschuk, OllyDbg is primarily a 32-bit debugger, but the author is working on 64-bit support. Released as freeware in a time when competitors products were really expensive, it quickly gained users. The author saw this and decided to release a plugin development kit, which sparked the development of plugins. To this date, there are various scripts and plugins available to manage and automate the reversing process. Some plugins even go as far as to completely remove the copy protection they were designed for.

 

Why:

Often described by reversers as the door to the world of reversing. This very popular tool has seen its share of forks, being very simple to use along with good features made OllyDbg rise to the top. At the time of release its only competitors were SoftICE and IDA Pro, both considered vastly harder to use.

 

Pros:

  • Freeware
  • Tutorials, plugins, extensions

 

Cons:

  • Slow or stale development
  • Struggles with .NET
  • No x64 support

 

 

Radare2

 

Background:

Released 2006, it is similar to IDA Pro in that it supports a lot of platforms. This tool has a thriving community.

 

Why:

Radare2 is similar to IDA Pro, but the big difference is that Radare2 is open source while IDA Pro is proprietary. Radare2 is built around the same principle as IDA Pro, delivering great support and documentation as well supporting tons of different platforms, from Linux ELIF to ARM. It is even possible to run Radare2 from mobile devices such as the iPhone or devices running Google’s Android. R2, as it is known in the community, is considered to be a real competitor and is talked about in various expos where the focus is on reverse engineering.

 

 

Pros:

  • Open source
  • Cross-platform
  • Support for a massive amount of platforms

 

Cons:

  • Steep learning curve

 

 


reverseng9Poya Aslani

Reverser & Malware-Analyzer

Twitter: @poyaaslani