We focus here on those tools and techniques that are most helpful in revealing
flaws in software. This chapter discusses ???static,??? also called passive, reverse engineering
techniques in which you will attempt to discover vulnerabilities simply by
examining source or compiled code in order to discover potential flaws. In following
chapters, we will discuss more active means of locating software problems and how to
determine whether those problems can be exploited.
Ethical Reverse Engineering
Where does reverse engineering fit in for the ethical hacker? Reverse engineering is often
viewed as the craft of the cracker who uses her skills to remove copy protection from
software or media. As a result, you might be hesitant to undertake any reverse engineering
effort. The Digital Millennium Copyright Act (DMCA) is often brought up whenever
reverse engineering of software is discussed. In fact, reverse engineering is addressed
specifically in the anti-circumvention provisions of the DMCA (section 1201(f)). We
will not debate the merits of the DMCA here, but will note that there continue to be
instances in which it is wielded to prevent publication of security-related information
obtained through the reverse engineering process (see the following ???References??? section).
Pages:
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500