8 March 2023

Reverse Engineering Code in Cybersecurity

We talked recently about reverse engineering code during a penetration test. Specifically, about ChatGPT. In terms of capacity for the job, it is incredibly efficient at reverse engineering code. Though it struggles with the size of the code, the effects of code compilation pose no issue to the machine-learning tool. Given how common and important reverse engineering code is, our security team wanted to ensure that the information on reverse engineering would be readily available. So, stick around while we discuss what reverse engineering code is, why we do it, and how it is done!  

What is Reverse Engineering Code?

In a simple definition, reverse engineering code is taking the compiled code from a program, game, or executable, and putting it back into readable language. There are two types of programming languages. Low-level languages, like C++, compile directly into assembly code. And high-level languages, like Java or C#, which compile into intermediary languages. From there, when they are run, they compile into assembly through a virtualisation process. An interpreter effectively reads out the intermediary language and passes it on. This might be done for cross-platform games because these languages don’t communicate directly with the CPU (because different CPUs have different assembly codes).  

Why Do We Reverse Engineer Code?

The definition is simple, the real question is why do we reverse engineer code? Why do we have to for securing games and programs? And, of course, there’s plenty of reasons why someone might reverse engineer code. But we’ll focus just on the reasons we have at Cyrex. At the base level, we want to get into your game. We need to understand how your game works, so that we can tamper with it and identify vulnerabilities or bottlenecks. But we can’t do that without the code! Sure, we can play your game or use your application, but that is only telling us front-end surface details. It would be common for us to reverse engineer your code to intercept messaging between the client and the server. We’ve discussed Man in the Middle technology and the importance of that interception before. The details and communication in that layer is often integral to security.

Usually, when we get to this code, it’s obfuscated, compressed, and encrypted. To get past that, to start our hacking, we need to understand what’s being hidden. That information is in the code binary, hence, reverse engineering! Deserialize, decompress, and decrypt the code so that we can start reading network traffic and key operations. In white-box testing, we typically don’t need to do this as we have access to the source code. And in projects based on the Unreal Engine networking library, which we support, we don’t have as much reverse engineering work to do. In that case, we’d only have to work on any custom code. Now, hackers reverse engineer a lot as well. As malicious actors, they are looking to modify and change the game client. Their end goal is to change the game’s operation to give them advantage. Reverse engineering allows them to discover functions and, from there, warp them to their design.  

How is Reverse Engineering Code Done?

Assembly code is large and devoid of any details that might help us understand it. So, we use programs to assist in the process. These programs can understand assembly code, identifying functions in the binary and look for patterns. They try to enhance the binary for us and it speeds up the process immensely. One we use is IDA or Interactive Disassembler. Once you have your chosen program, we decide on static or dynamic analysis. Static is something we like to avoid, which involves going through the assembly code and simply trying to understand and unravel it. Dynamic analysis hooks up as a debugger to the program and our security engineers follow every action the CPU executes and how those actions affect the memory.

In our ethical hacking, one process we are always looking for is the encryption key. This key would allow us to intercept traffic and become the man in the middle. In this process, we’re looking for strings in the binary that include the right keywords. Such as discovering an encryption error, which narrows down the search for our team. Game binaries are huge and this process is all about time efficiency!

If you’re looking for a time and cost-efficient industry leader in game security and game stability, look no further than Cyrex. Get in touch today and enjoy the benefits of the gold-standard in cybersecurity.