Reverse Reverse Engineering Engineering

v/s v/s Secure Coding.Secure Coding.

What is Secure Coding?What is Secure Coding?

Is Secure Coding simply avoiding certain Is Secure Coding simply avoiding certain already discovered vulnerable functions? already discovered vulnerable functions?

What about Tons of Commercial What about Tons of Commercial applications that are released everyday?applications that are released everyday?

Software Crackers (Reverse Engineers) Software Crackers (Reverse Engineers) causing Millions of Dollars of loss causing Millions of Dollars of loss Globally due to Software Piracy.Globally due to Software Piracy.

Are you Programmers taking your Job Are you Programmers taking your Job seriously? seriously?

Cryptography?...Hmm…Cryptography?...Hmm…

Cryptography in Application Registration Cryptography in Application Registration routines don’t make sense.routines don’t make sense.

Cryptographic Algorithm adds to the Cryptographic Algorithm adds to the applications’ size & is Processor intense.applications’ size & is Processor intense.

Cryptographic Algorithm in Registration Cryptographic Algorithm in Registration routines can be either completely ripped routines can be either completely ripped off or totally bypassed and they pose no off or totally bypassed and they pose no challenge to a Cracker.challenge to a Cracker.

Packers & Protectors?Packers & Protectors?

What are Packers?What are Packers? What are Protectors?What are Protectors? Packers make Sense but Protectors Packers make Sense but Protectors

don’t !don’t ! Packers == very easy to defeat.Packers == very easy to defeat. Protectors == who cares to defeat ?Protectors == who cares to defeat ? Virtual Machines?.... Not again!Virtual Machines?.... Not again!

.Net & Java == Not Cool?.Net & Java == Not Cool?

Decompilation & not Disassembling.Decompilation & not Disassembling. .Net is M$’s take on Java..Net is M$’s take on Java. .class files & .net executables rely .class files & .net executables rely

heavily on Runtime Environment heavily on Runtime Environment Components.Components.

Damn easy to break code and Damn Damn easy to break code and Damn tough to prevent us from Tampering tough to prevent us from Tampering with your App.with your App.

Mobile Devices…. Yeah!Mobile Devices…. Yeah!

Sony Ericsson’s “.Sest” Feature Sony Ericsson’s “.Sest” Feature talked about for the first time ever!talked about for the first time ever!

J2me applications built for Mobile J2me applications built for Mobile Devices should be “Freewares”.Devices should be “Freewares”.

J2me Trojans can be very easy to J2me Trojans can be very easy to code.code.

Don’t even want to talk about Sony Don’t even want to talk about Sony Ericsson & Siemens’ “Phone Ericsson & Siemens’ “Phone Modding”.Modding”.

Can I Tackle R.E ?Can I Tackle R.E ?

Technically Speaking? No you Can’t!Technically Speaking? No you Can’t! Logically ? Bore us to Death!Logically ? Bore us to Death! How?How? a] Use spaghetti Code.a] Use spaghetti Code. b] Jump all over the Place.b] Jump all over the Place. c] Learn Polymorphism.c] Learn Polymorphism. d] Learn to use your “Imagination” as d] Learn to use your “Imagination” as

a tool.a tool. e] Think like a Reverse Engineer! e] Think like a Reverse Engineer!

““Thinking Before Writing, Thinking Before Writing, saves the time spent in saves the time spent in

Editing.” –Pirated.Editing.” –Pirated.

Thank You.Thank You.

Atul Alex Cherian,Atul Alex Cherian,

www.OrchidSeven.comwww.OrchidSeven.com..

Ph:9860056788.Ph:9860056788.

Atul.alex@orchidseven.comAtul.alex@orchidseven.com