Binary Evaluation

It means the inspection, interpretation and finally the evaluation of software modules being present in pure binary form, i.e. as binary or hexadecimal numbers. Our Binary Evaluation skills provide our clients with valuable information about the ability to maintain the integrity and functionality of their software products in hostile environments.

  • Quality of resistance against Reverse Engineering,
  • Quality of protective measures like anti-debugging,
  • Quality of resistance against tampering with the product,
  • Quality of code-obfuscation of the software,
  • Quality of logical obfuscation of the algorithms,
  • Quality of the protection by a hard-lock (dongle).

Each of these goals establishes a challenge of its own. Our experience in Software Reverse Engineering covers all of them. Despite this expertise we never searched for publicity, protecting the interests of our clients. We have continuously been contracted for a number of years as security consultants by organisations enjoying a high reputation as top experts in their field.

Bottom-Up

Binary Evaluation works "Bottom-Up", starting with the most detailed level of an unordered set of hexadecimal numbers, and ending - ideally - with a complete view on the system level. In a narrower sense, Binary Evaluation deals with one or more software modules with the intent to completely investigate their meaning.

Stepping Up the Pyramid

(or how to become a proficient reverser in five minutes)
  • Lowest: As a first step, you might be interested in the processor platform where that piece of binary is intended to work. Sometimes this is obvious, sometimes it's not.
  • One Higher: Take a part of the binary 'gibberish' and try to find some order in it. In case you think you found an interesting code part, try to reverse it. For more complicated items, you might try to re-code it in assembly-like "C" code.
  • Step Up: Take your artifact from the last step and try to simplify it. Do it in your brain, on a sheet of paper or by re-coding it further. This might already give you some insight into the logical meaning.
  • Step Up Further: Try to get the complete logical meaning of your piece of code. Comment everything you found in your tool of choice.
  • Build the Network: Iterate through the last steps and find the relevant cross-references. Step by step, a logical network will build up. Now you might already see no longer only trees, but also parts of the forest.
  • Climb Higher: Try to understand the hierarchy of the system.
  • Debug: If possible, run the original binary in a debugger. Beware of unwanted "side-effects". Use a sandbox. Run your re-coded parts in a debugger as well. Compare the results.
  • Sort Out: Separate the wheat from the chaff. Don't get yourself lost in un-interesting mazes. Use your experience. Get a feeling about the interesting parts.
  • Know your tools: Use the power of your tools. Use graphical possibilities. Use scripting. Don't blame your tools in case of crashes.
  • Never lose patience: Accept the rules of the game. Be aware that in a well-protected software all kinds of funny stuff have been inserted with the sole purpose to demotivate and frustrate you.
  • Last but not least: Stay on the legal side. However, don't be deterred by nonsense legalese.

Try it Yourself

Test your skills as a Software Reverser with our quiz. It might give you some unexpected insights into Binary Software.

Tools

These basic and essential tools showed to be useful for us. Of course, there are many more, many of them available for free.

Hexadecimal Editor


We like to use the binary editor built into Visual Studio. It has the very useful feature of being able to handle files of arbitrary size.

Disassembler


Using IdaPro as the disassembler does not need any further comment. It is THE tool for every serious reverser.

Debugger


IdaPro's Debugger integrates seamlessly with its disassembler. It's fully scriptable for automation.

Soldering Iron


There are situations when software tools are no longer sufficient. The investigation of the flash memory of an embedded controller is an example.