Reverse Engineering
What is Reverse Engineering?
Reverse EngineeringThe process of disassembling and analyzing compiled software, firmware, or hardware to recover its design, behavior, and inner workings.
In a security context, reverse engineering recovers the logic of binaries when source code is unavailable: malware samples, suspected backdoors, vulnerable libraries, proprietary protocols, or embedded firmware. Analysts use disassemblers and decompilers (IDA Pro, Ghidra, Binary Ninja, radare2), debuggers (x64dbg, WinDbg, GDB), and dynamic instrumentation frameworks (Frida, Pin, QEMU) to map control flow, identify cryptographic routines, recover algorithms, and extract IoCs. The discipline is central to vulnerability research, malware analysis, anti-cheat work, exploit development, and DRM analysis. Reverse engineering is generally lawful for security research, but jurisdictions and end-user agreements impose limits that practitioners must respect.
● Examples
- 01
Decompiling a stripped Linux ELF in Ghidra to identify a hard-coded backdoor account.
- 02
Using Frida to hook a mobile banking app and inspect its certificate-pinning logic.
● Frequently asked questions
What is Reverse Engineering?
The process of disassembling and analyzing compiled software, firmware, or hardware to recover its design, behavior, and inner workings. It belongs to the Forensics & IR category of cybersecurity.
What does Reverse Engineering mean?
The process of disassembling and analyzing compiled software, firmware, or hardware to recover its design, behavior, and inner workings.
How do you defend against Reverse Engineering?
Defences for Reverse Engineering typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Reverse Engineering?
Common alternative names include: Binary reverse engineering, RE.