Home 0P3N Blog Application Analysis and Reverse Engineering
Ready to Start Your Career?
Create Free Account
By: jsec1
October 27, 2015

Application Analysis and Reverse Engineering

By: jsec1
October 27, 2015
By: jsec1
October 27, 2015
Application Analysis and Reverse Engineering - CybraryBasicsFirst, I'll begin with the basics. Most applications consist of a Graphical User Interface or GUI, Middle-ware and or integrated logic and a database. These are the key components to being able to understand any application and how it functions. These components also can be combined on either a single workstation/server or split up in to two groups.The first group would be the thick client where the GUI and middle-ware are located on the workstation and the database located on the server side (this is a very basic explanation). The second group would be the thin client configuration, where the GUI resides on the workstation and middle-ware/database can exist on one or many servers. AnalysisTo understand the middle-ware, you must figure out the GUI and Database structure. Most of the time, the GUI will give you a very good idea of what the tables and rows in the database will consist of. The link the GUI makes with the server will give you the IP of the middle-ware/database server. If that link is web-based, a reverse lookup of the URL used to access the GUI will direct you to the correct IP. If the link is Thick client-based, there will usually be a config.ini file that will give you a lot of useful information.Sometimes, there will be multiple config.ini files based on running middle-ware (a.k.a Modules). You may also do a net-stat at the command line. Close the application we're engineering and run net-stat - then re-launch the application. After re-launch of application, open a new command prompt and run net-stat again. Compare the before and after results and you have your data links in question. During the analysis stages, you'll need to think about gaining access to the database.If you don't know the credentials to access the database, they can be found in a place most people don't look: backup scripts, backup.bat, backup.cmd or backup software. I usually go to the Task Manager on the servers to find scheduled backups. The properties of the task will lead you to the script. The script usually will have the login credentials to access the database being backed up. Middle-WareThe middle-ware is where the data conversion and routing takes place. Middle-ware is a very large subject and cannot be explained in one paragraph. There are many types of middle-ware that consist of Modules, Message bus, conversion tools and other types of logic. Once you understand what the different types of middle-ware do, you'll then be able to easily map out a data-flow diagram to research for a more secure application as a whole.Data manipulation that happens at this level usually is not encrypted and is easily grabbed from the working directory. Another very good tool for analyzing middle-ware is the tail software or command line. Using tail to monitor log files will give you a wealth of information about the type of data that is being manipulated and where the data routes to. 
This was a very quick overview of a few techniques I use to resolve a lot of issues when thrown into a non - familiar application analysis project. I may continue this if enough requests are received. Please feel free to message me with any questions and I will answer them accordingly.- Thank you -

Do you like to write about your infosec knowledge, skills, opinions, or exploits?

Blog Icon

Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry