Software Reverse Engineering
Attack Pattern ID: 189 (Meta Attack Pattern Completeness: Complete)Typical Severity: LowStatus: Draft
+ Description


An attacker discovers the structure, function, and composition of a type of computer software by using a variety of analysis techniques to effectively determine how the software functions and operates, or if vulnerabilities or security weakness are present within the implementation. Reverse engineering methods, as applied to software, can utilize a wide number approaches and techniques.

Methodologies for software reverse engineering fall into two broad categories, 'white box' and 'black box.' White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution. 'Black Box' methods involve interacting with the software indirectly, in the absence of the ability to measure, instrument, or analyze an executable object directly. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.

+ Resources Required

Reverse engineering of software requires varying tools and methods depending upon whether an executable or other compiled object is present directly for analysis by tools capable of decompiling or monitoring its execution within an operating environment, as in the case of white box methods. Black box methods require at minimum the ability to interact with the functional boundaries where the software communicates with a larger processing environment, such as inter-process communication on a host operating system, or via networking protocols.

+ Related Weaknesses
CWE-IDWeakness NameWeakness Relationship Type
798Use of Hard-coded CredentialsTargeted
259Use of Hard-coded PasswordSecondary
+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern188Reverse Engineering 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern190Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content 
Mechanism of Attack1000
PeerOfAttack PatternAttack Pattern192Protocol Reverse Engineering 
Mechanism of Attack1000