Affiliation:
1. Saint-Petersburg Federal Research Center of the Russian Academy of Sciences
Abstract
The creating results a unified methodology for reverse engineering the machine code of devices are presented. This second part of the articles series is devoted to static research of code in order to restore its metainformation (source code, algorithms, architecture, conceptual model), as well as search for vulnerabilities in it. A scientific publications review on the topic of existing methods and tools for static analysis of machine code is carried out. A detailed description and formalization of the steps of the stage is given, as well as examples of their application in practice. A proposed methodology partial diagram is presented in graphical form, indicating the main and intermediate results obtained.
Publisher
Bonch-Bruevich State University of Telecommunications
Reference27 articles.
1. Izrailov K. Methodology for Machine Code Reverse Engineering. Part 1. Preparation of the Research Object. Proceedings of the Telecommun. Univ. 2023;9(5):79–90. DOI:10.31854/1813-324X-2023-9-5-79-90
2. Padaryan V.A., Getman A.I., Solovev M.A., Bakulin M.G., Borzilov A.I., Kaushan V.V. Methods and software tools supporting combined binary code analysis. Proceedings of ISP RAS. 2014;26(1):251–276.
3. Bugerya A.B., Yefimov V.Yu., Kulagin I.I., Padaryan V.A., Solovev M.A., Tikhonov A.Yu. Program complex for detecting undeclared capabilities in the absence of source code. Proceedings of ISP RAS. 2019;31(6):33–64. DOI:10.15514/ISPRAS-2019-31(6)-3
4. Dolgova K.N., Chernov A.V., Derevenets Ye.O. Methods and algorithms for restoring assembly language programs into high-level language programs. Information Security Problems. Computer Systems. 2008;3:54–68.
5. Novikov V.A., Lomako A.G., Yeremeev M.A., Petrenko A.S. Identification and neutralization of undeclared program features. Proceedings of the 2017 Symposium on Cybersecurity of the Digital Economy, CDE'17, 19–20 September 2017, Innopolis, Russia. St. Petersburg: Afina Publ.; 2017. p.284–287.