Penetration Testing and Reverse Engineering

In today's connected world, cybersecurity is more important than ever. Protecting systems, networks, and data from cyber threats is a top priority for organizations. Two key practices that help identify vulnerabilities and improve security are Penetration Testing and Reverse Engineering. While both aim to enhance software security, they use different methods and techniques.

This article gives a clear overview of penetration testing and reverse engineering, explaining their purposes, methods, and the differences between them. We will also discuss how developers can use these techniques to improve the security of their applications.

What is Penetration Testing?

Penetration Testing has been evolving throughout the year with a robust increase in highly sophisticated attacks. Every organization is now aware of the damage caused by cyber-attacks. Private and Government organizations are now conducting scheduled penetration tests every three months or less than that. The attacks are increasing day by day and now almost every device is vulnerable to an unpatched zero-day vulnerability. Attacks like Meltdown and Spectre have gone so deep that it exploit a vulnerability at the processor level. Likeways, the firmware is also one of the important attack vectors. This paper discusses multiple methods for reverse engineering a router firmware and the process of backdooring it.

What is Firmware?

Firmware is used to control a piece of hardware through software. Firmware comes pre-installed in devices like Routers, Smartphones, Computers, and other IoT devices. Firmware's are hardware-specific. Not only do they differ from other manufacturer’s devices, but they also do differ from devices with the same manufacturer. Firmwares typically act as an operating environment in highly complex devices. On the other hand, in less complex devices, they act as an Operating system and are responsible for complete hardware control. Firmwares are held in ROM; non-volatile memory. In routers mostly, the firmware file system is based on the Linux operating system. Firmwares can be replaced but cannot be deleted by the user

What is Reverse Engineering?

Reverse Engineering is the process of decompiling a product to expose its internal architecture and learn how it was built. Router firmware is mostly in binary format since they are hardware-specific and cannot be read. Therefore, they are reverse engineered to decompress the file system present in it. After decompressing the file system, the files inside the file system are visible. The file is then analyzed by a security researcher for discovering security flaws in the code. Or the files in the file system can be manipulated and a backdoor can be added into the file system that allows the attacker to control the router as well as the network and other devices connected to the network.

Reverse engineering allows the researchers to understand the file system, the flow of code and functionalities of the firmware. There are multiple methods available for reverse engineering a router firmware. Recently, the National Security Agency (NSA) had released its reverse engineering tool - Ghidra. Linux has several inbuilt utilities allowing users to decompress the firmware file system without the use of any third-party tools.

Reverse Engineering Tools

Here are the Reverse Engineering Tools:

• Binwalk - is an inbuilt Linux utility that allows us to carve and analyze binary files.
• Unsquashfs - is a tool to decompress or extract the squashfs file system.
• Hexdump - allows the users to view the hexadecimal view of the specific input data with ability to extract file contents into multiple formats like decimal, octal, and ASCII.
• Objdump - displays information about the object files and used to disassemble executable files.
• Strings - extracts the strings embedded inside the binary files and other executable files
• GDB - the GNU Debugger helps in decompiling executables and binary files that are written in embedded C, C++, etc.
• Radare2 - is a framework built for reverse engineering and analyzing binaries.
• Ghidra - consists of a set of reverse engineering tools and licensed open source by NSA.
• IDA - is commercial software that allows debugging and decompiling the source code from executables.
• Firmware mod kit - allows decompression of various firmware in embedded devices. It supports various file systems and versions such as SquashFS 2.0, 3.0 and 4.0.

Steps of Software Reverse Engineering

1. Collection Information: This step focuses on collecting all possible information (i.e., source design documents, etc.) about the software. 
2. Examining the Information: The information collected in step-1 is studied so as to get familiar with the system. 
3. Extracting the Structure: This step concerns identifying program structure in the form of a structure chart where each node corresponds to some routine. 
4. Recording the Functionality: During this step processing details of each module of the structure, charts are recorded using structured language like decision table, etc. 
5. Recording Data Flow: From the information extracted in step-3 and step-4, a set of data flow diagrams is derived to show the flow of data among the processes. 
6. Recording Control Flow: The high-level control structure of the software is recorded. 
7. Review Extracted Design: The design document extracted is reviewed several times to ensure consistency and correctness. It also ensures that the design represents the program. 
8. Generate Documentation: Finally, in this step, the complete documentation including SRS, design document, history, overview, etc. is recorded for future use. 

Conclusion

Penetration Testing and Reverse Engineering are both vital for software security. Penetration testing copy real cyberattacks to find system weaknesses, while reverse engineering helps analyze software code to uncover hidden flaws. Using both methods together, developers, security experts, and ethical hackers can identify and fix vulnerabilities early, improving the security and reliability of software. Understanding these techniques allows developers to make smart decisions when adding security features, ensuring their applications are strong and protected from potential threats.