Various usages of reverse engineering exist, some of which are perfectly legitimate, such as solving compatibility problems, understanding a mechanism, or evaluating security, but some practices are not and can be very damaging to the activity of a company investing in R&D and innovation.
Reverse engineering is the analysis of a technical product to identify how it has been designed and how it works. The reverse engineering process is an analysis of the design features of a software, and it can be performed for many reasons, not all of them legal.
To name a few:
– Meet educational purposes to learn how a product or a service has been designed.
– If the product documentation is not available, to understand the functionality and purpose of legacy software,
– Document existing systems if the documentation has not been delivered or has been lost,
– Understand how malicious programs behave and prevent new attacks,
– Detect malicious codes and patterns used by these applications,
– Allow product interoperability by studying the interfaces and internal behavior,
– Understand the features and capabilities of competitive solutions,
– Detect patent violations,
– Create a counterfeit existing software and eventually realize copies,
– Crack and bypass license checks and security code to use the software without authorization,
– Detect vulnerabilities and eventually exploit them via a virus.
Regardless of the object being reverse engineered, the reverse engineering process counts three main steps:
1- Information retrieval
Software reverse engineering may require analyzing source code and design documents (if available) for review. It may also involve the use of tools, such as:
– A hexadecimal dumper displays the binary code of a program in hexadecimal format, which allows identification of the features of a program to see how they work and detect where sensitive information is,
– A disassembler reads the binary code and displays each executable instruction in a programming language
– A debugger executes the code and give the possibility to stop the execution of the code in specific points and read the values of registers and variables.
2- Modelization
The information collected during the first phase is summarized in a conceptual model, usually a data flow diagram or a structure diagram. This model can then be used to better understand the structure of the code and identify areas of interest.
3- Testing
Various scenarios are tested to verify hypotheses and to extract portions of data and code. In this phase, static and dynamic analyzers and modelizers could be used.
Thanks to this process a reverser can exploit the understanding of the code logic for his usage.
If international regulations agree to protect software under patent or copyright law, the regulation does not extend to the reverse engineering. While the European directive considers that there is a right to reverse engineer for interoperability issues, U.S. law applies the doctrine of “fair use”, which allows courts to assess on a case-by-case basis whether the use of a program is fair or not.
In practice, filing for a patent or copyrights means proving ownership of the software. While regulations allow for patenting software processes, it is not possible to patent a piece of code. Thus, if the code of an innovation is stolen, it is extremely difficult to protect it under intellectual property law.
The purpose of intellectual property regulation is to encourage and protect innovation. Indeed, innovation enables companies to stay ahead of their competitors, contribute to the economic vitality of a region and advance technological knowledge. But when it comes to software innovation, code theft is very difficult to be detected, and the consequences can be very serious.
Ransomware or malware attacks are just the tip of the iceberg. Beneath the surface, there are less publicized attacks that are more difficult to counter and sometimes involve spectacular amounts of money. These very profitable attacks use reverse engineering to steal or copy the code of an innovation and divert the profits This can go on, whether the company is aware of the theft or not, as this type of theft is very difficult to prove.
Code theft can have various consequences for innovative software companies:
– A negative impact on the company’s brand image which may no longer be perceived as innovative or as reliable if customers data have been stolen along with the code,
– In companies where innovation is the revenue driver, code theft represents a significant financial loss and can mean the end of the road,
– Repeated innovation theft and lack of protection can discourage some companies from investing in development, which will stop their growth, until they decline and disappear.
It is therefore essential for business sustainability to protect intellectual property from theft and reverse engineering.
There are 2 ways to protect software intellectual property: through intellectual property laws, with the limits we have already mentioned, and with a technological solution.
A patent or copyright proves authorship of an innovation, which allows the owner company to assert its rights and prevent others from using it for a set period. However, the law does not protect the code itself, but only the way specific processes are carried out in the software.
To make things worse, if the law does not prevent theft, it also makes legal proceedings very complicated. It typically takes three years and offer no guarantee of success. By the time the procedure is over, the damage is done, and the company will at best have lost considerable time, at worst lost all its revenues.
Moreover, legal protection can be applied only if the fraud is detected and if no technological protections have been implemented, once the digital innovation loss is detected it could be too late.
Since the best way to protect software innovations is to ensure that the code cannot be stolen, cybersecurity experts have developed software solutions to technically protect innovations from theft and to detect any tentative of software modification.
There are several techniques to protect your source code, among which obfuscation is one of the most effective. This technique blurs the code to make it very difficult, if not impossible, to analyze, and therefore unusable in case of theft. One of the main advantages of obfuscation is that while it protects the software from theft, it does not prevent cooperation with partners. Used in conjunction with other cybersecurity protections, obfuscation thus offers adequate protection for business innovations and sustainability.
Moreover, other techniques as Runtime App Self Protections (RASP), permit to protect the application against dynamic analysis and to detect if an attacker is trying to counterfeit or modify the applications.
QShield is a cybersecurity solution developed to protect software applications using obfuscation, white-box cryptography and digital vault techniques. With QShield, your code, data and encryption keys are safe. To learn more, request a demo!
Webinar replay :
How to protect code and data confidentiality and integrity during the entire device lifecycle