In Society 5.0, which is called the ultra-smart society (human-centered society), which is the concept of the future society advocated by Japan, various "knowledge" and "information" can be obtained by connecting all people and things via the IoT (Internet of Things). Will be shared.And in order to realize this image of future society, it is important to effectively utilize "data", which is said to be the source of value creation.
At the same time as promoting the utilization of data, the handling of the data itself is complicated and requires caution and countermeasures.For example, there is an inseparable relationship between cyber attacks and the Internet, such as personal information being extracted and leaked without being noticed, or a company server going down due to an external attack and disrupting business operations.Regarding the handling of data, it will be important to raise awareness of compliance as an individual or company and to take measures against the risk of cyber attacks.
So, this time, I've summarized "reverse engineering," which is useful for security measures, development and research, and hints from existing services.
|
■What is reverse engineering?Reverse engineering is to clarify technical information (data) such as manufacturing method and operation by analyzing and clarifying the structure and mechanism of software and hardware products.Especially in the field of software, it refers to analyzing the source code to analyze what the program looks like. |
table of contents
1. Software and reverse engineering
Reverse engineering is useful for security measures such as analysis of attack codes such as computer viruses and malware, as well as technology acquisition, development and design.
1-1. Document management, etc.
Static analysis with reverse engineering tools allows you to create design-level documents from source code.Even software that does not have specifications can create program specifications from source code by using this technology.
Software is updated frequently, which can make updating documents cumbersome.It is also useful for design and code integrity checks, documentation updates, and more.
Introduced hereGitHubIs software that is highly effective in security, compliance, and deployment management in corporate development.Recently, specifications are increasingly managed on GitHub.You can perform various operations such as creating and editing files.
1-2. Malware analysis / security
Malware analysis generally has three steps: "surface analysis", "dynamic analysis", and "static analysis", and reverse engineering technology is used for "static analysis".
Decompiles and decompiles malware files (binary programs) and decompiles the source code.Tools for disassembling include Ghidra, IDA Pro, Binary Ninja, and JEB.These reverse engineering tools are introduced below.
1-2-1.Ghidra (open source)
Ghidra is a software reverse engineering SRE (Site Reliability Engineering) framework created and maintained by the National Security Agency (NSA). A tool that has been used within the organization for over 10 years to support the NSA's cybersecurity missions and was released free of charge in March 2019.The source code was also released in April of the same year (GitHub).
A suite of high-end software analysis tools for multiple platforms (Windows, macOS, Linux, etc.).It includes disassembly, assembly, decompilation, graphing, scripting, and a wealth of other features to help you better understand potential network and system vulnerabilities, as well as analyze malicious code. You can connect.You can also develop your own Ghidra plugin components and scripts using Java and Python.
* Because it is open source, no warranty or support is available.
Cyber Information Sharing Initiative (J-CSIP) Operational Status (IPA)
-Introduction of the open source analysis tool "Ghidra 1"-
https://www.ipa.go.jp/files/000076715.pdf
|
* What is SRE?, Abbreviation for Site Reliability Engineering, which originated from Google in the United States and is a methodology for the management and operation of IT systems.In Japan it is called "site reliability engineering". |
1-2-2. IDA Pro and IDA Decompiler
Hex-Rays disassembler and debugger tool, most famous for static analysis in malware analysis IDA Pro(Commercial). It supports many types of processors including x86 and ARM, and supports various platforms such as Windows, Linux, and MacOS X.
IDA can decipher the mangled symbols of the C ++ compiler, which is one of the most popular programming languages (Microsoft, Borland, Watcom, Visual Age, GNU).
Also, by using the decompiler "IDA Decompiler" and "IDA Pro" to convert the source code (hexadecimal code) into pseudo code close to C language, the processing speed can be increased by 16 times or more. You can expect it.
1-2-3.Binary Ninja
Vector 35Binary NinjaIs a reverse engineering tool (binary editor) that can quickly adapt to different architectures, platforms, and compilers with powerful multithreaded analysis built on its own Pivot Language (BNIL).
Binary Ninja includes C ++ 11 using its own cross-platform library on Mac OS X, Linux, and WindowsMiYou can demangle (decode) the symbols of both the modulator software GNU3 and the compiler MSVC.
1-2-4.JEBs
JEBIs a reverse engineering tool that can be run manually or as part of an analysis pipeline, such as disassembling, decompiling, code and document files. It can be used for Android app analysis, malware analysis, embed code auditing, and more.
The JEB blog publishes a wide variety of analysis and verification results.For example, "Category: MalwareDescribes reverse engineering of Golang executables, which have become popular with malware developers over the last few years due to their simplicity as a language and their ability to develop multi-platforms. ..
Also, in the decompilation comparison, "Ghidra 9 and JEB 4 (Beta)"Key comparison pointsIs posted.
* See also this article (About malware)
1-3. Obfuscation Tools-Protection from Reverse Engineering
In 1-2., We introduced a tool for analyzing malware attack code (source code), but here we introduce a tool for "obfuscation" that makes it impossible to easily analyze the source code. To do.
For python scriptsPyArmor Is an obfuscation tool to protect against reverse engineering code decryption.
Bytecodes are obfuscated as soon as each code object completes execution, ensuring high security. You can also set the expiration date for the obfuscated script and bind it to the HDD serial number / network card MAC address / IP address.
Python scripts obfuscated by PyArmor can be run like regular Python scripts.
2. Hardware and reverse engineering
Like software, reverse engineering technology is a "design clue" in that it allows you to analyze the products of other companies for the development of technology and learn the technology from them.Utilizing the obtained information for product improvement, refurbishment, or fusion will not only lead to technical acquisition but also shorten the lead time for development and design.
Not long ago, Samsung in South Korea is famous for incorporating reverse engineering technology into the background of its rapid growth.It is said that it was introduced to acquire new technology and increase market share, but it can be said that it matched the era of rapid growth of IT services in the 90's.
Other than the acquisition of technology, in order to make products that are compatible with other companies'products, to verify and correct the consistency between product operation and specifications, and whether the company's patents have been stolen by other companies' products. This technology is used for research purposes.
Reverse engineering technology is also used to manufacture repair parts for discontinued products.Generally, the storage period of maintenance parts is fixed, but the usage period of the user is not limited to that.Occasionally, when an old part is needed, 3D scanning can be used to reproduce and produce the part to provide a replacement.Reproduction and comparison of parts by reverse engineering is also useful for cost reduction and when considering alternatives.
The method of utilizing technical information (data) unraveled from hardware in this way leads not only to the acquisition of technology but also to the creation of new services.
* Please note that there is a risk of conflicting with patent law and copyright depending on the target of reverse engineering technology utilization and public information.
2-1. About the law
Legal issues related to reverse engineering are being considered and have been eased by law revisions. Under the "Revised Copyright Law (Article 2019-30)" that came into effect in 4, reverse engineering (the act of using the copyrighted work of the program for the purpose of investigating and analyzing the program) does not constitute copyright infringement. Became clear.Not only software, but also hardware, such as when the firmware is open to the public.
About the law to partially revise the copyright law (Law No. 30 of 30)
https://www.bunka.go.jp/seisaku/chosakuken/hokaisei/h30_hokaisei/
3. Genome analysis and reverse engineering
This chapter is about reverse engineering the "genome", which is a little different from software and hardware.
The genome is all the genetic information represented in the character string (base sequence) of the substance "DNA", which is the main body of a gene.Analysis of genetic information such as this genome explores the origin and evolution of life in living organisms, compares the differences in life, analyzes the causative virus to generate vaccines, and leads to the elucidation of diseases, etc. It is applied in a wide range of fields such as engineering.
From the point of view of "elucidating the mechanism", this genome analysis is also regarded as the reverse engineering of humans (life).
Researchers at the University of Illinois at Chicago found heatmap data (numbers by area)DataWe report on a computational method that reverse engineers a very detailed chromosomal model using strength and weakness).Through this study, we discovered new information about the intimate spatial relationships that chromatin folding creates between genes.The survey results are published in Nature Communications.
Reverse engineering 3D chromosome models for individual cells
https://today.uic.edu/reverse-engineering-3d-chromosome-models-from-individual-cellsHigh-resolution single-cell 3D-models of chromatin ensembles during Drosophila embryogenesis
https://www.nature.com/articles/s41467-020-20490-9
3-1. Human genome analysis cost 90 million yen in the 1s, now 100 million yen!
With the development of next-generation sequencing technology, genome analysis is now experiencing rapid growth in various fields such as big data analysis and database construction.Especially in the last few years, with the support of "100 years of life", interest in healthcare has increased, and the demand for genetic test kits that anyone can check health at a reasonable price is increasing.
Demand for PCR test kits has increased even for new coronavirus infections, but there are various contents of genetic test kits, such as understanding the risk of one's illness, diet and exercise that suits oneself.The market for genetic test kits is expected to exceed the valuation of US $ 2030 billion by 27, and there is a possibility that there will be more opportunities to utilize genomic data for health maintenance.Genome analysis (genome reverse engineering) may have made it possible to do this.
DNA Test Kits Market to Exceed Valuation of US $ 2.7 Bn by 2030: Transparency Market Research
https://www.transparencymarketresearch.com/dna-test-kits-market.html
Please also refer to this article.
Summary
This time, "" which is indispensable for realizing the future society image (Society 5.0)I took up reverse engineering from the perspective of "utilizing data."Data is raw, but the time it takes to collect data is decreasing year by year due to improvements in computer performance.The big data obtained can bring about unprecedented results as well as the quality of analysis and analysis, but on the contrary, the huge amount of data can lead to management complexity and complexity.
There is a possibility that even if only one number is different, it will greatly affect safety and reliability.Keeping in mind that it is sensitive and delicate, I would like to take measures to reduce the risk so that I can make the best use of the data.
We will continue to handle products from all over the world that are useful for research and development.Please feel free to contact us for any requests or inquiries such as "I want this software sold by this manufacturer" or "I am having trouble with the analysis speed not increasing".
