Free Anti-Reverse-Engineering Essay Example

Technology

Introduction
The computer applications world is exponentially increasing in size. Together with genuine applications that help human progress, there is considerable incidence of malware in the Internet. Producers of malware invariably take steps to ensure that their creations are not easily cracked and defeated. For this purpose, they use techniques of anti-reverse engineering. anti-disassembly and anti-debugging.
Anti-Reverse-Engineering
Anti reverse engineering is a framework incorporated in software, likely to be malware, which ensures that it becomes very difficult for others to analyze the software. Similarly, authentic corporate firms may desire to incorporate anti-reverse engineering in their software to ensure that outsiders do not gain access to their software by reverse engineering.

There are many techniques to slow down analysis and break reverse engineer tools: -

PE Header Modifications
Many fields of the PE Header can be modified in order to disturb analyzing tools and thus the reverse engineer.
Anti OilyDbg
This technique involves modifying the LoaderFlags and NumberOfRvaAndSize. Using this technique, software would pretend that the binary is not a good image and would eventually run the application without breaking its entry point.

Anti Soft ICE

This technique involves modifying the NumberOfRvaAndSize field in order to reboot any computer running a recent version of Soft ICE. This allows one binary to crash any computer running Soft ICE without any code execution.

Obfuscating Breakpoints

Anti reverse engineers could obfuscate breakpoints like memory breakpoints, INT 3 and hardware breakpoints. Bait files could be used to observe how the anti reverse engineering code is applied. Once the anti reverse engineering code runs on a bait file, the file could be analyzed to observe the changes. This could give a clue about the type of anti reverse engineering employed (Brulez, 2006).
Anti reverse engineering can be beaten with hacking skills. Reverse engineers would try to access breakpoints. Debugging is an option to beat anti reverse engineering.

Anti-Disassembly

Anti-disassembly uses specially crafted code or data in a program to cause disassembly tools to produce an incorrect program listing. Malware authors craft this technique with a separate tool in the build and deployment process or by creating interweaves in the malware’s source code. The primary method for anti-disassemblers is to take advantage of the logic of the disassembler’s choices and assumptions. More advanced techniques involve taking advantage of information that the disassembler typically doesn’t have access to, as well as generating code that is impossible to disassemble completely with conventional assembly listings (USTC, n.d.).
Altering the logic used in disassemblers can beat anti-disassemblers. If the choices of a disassembler are dynamic and cannot be predicted, the anti disassembler would fail.

Anti-Debugging

Anti debugging is a technique to prevent debuggers from working and finding out errors introduced in software. Anti debugging could be done by overwriting the Interrupt Vector of Interrupts 1 (Debug Single Step) and Interrupt 3 (Debug Break Point). Skipping the instructions can defeat this anti debugging attempt.
Placing an INT 3 in a long loop can cause the debugger to stop at the INT 3 in a long loop. NOP’ing out of the INT 3 can defeat this measure (Sepultura, n.d.).

Conclusion

The advances in the field of anti-reverse-engineering, anti-disassembly and anti-debugging are happening at an exponential pace. It is necessary for software engineers and hackers to remain in step with developments to constantly evolve countermeasures.

References

Brulez, N. (2006). Crimeware anti-reverse engineering uncovered. Retrieved March 01, 2015 from http://securitylabs.websense.com/content/Assets/apwg_crimeware_antireverse.pdf
Seputlura. (n.d.). Anti-debugger techniques. Retrieved March 01, 2015, from http://www.textfiles.com/virus/adebgtut.txt