Reverse Engineering Closed Source GNU/Linux Software is Needed For Checking For Spyware and Other Malware in the Binary in Absence of Source Code. First of all, these closed source softwares, softwares with dubious license, softwares with an ill-defined phrase open source should not be used to give the Governmental agencies to run mass surveillance.
Why We Reverse Engineering Closed Source GNU/Linux Software?
Reverse engineering closed source GNU/Linux software is usually marked as illegal by most of the Governments and their malware distributing privately owned companies functioning as agents. Both of them, with obvious reason, try their best to stop running reverse engineering. Free Software will provide the Freedom of using the software plus testing the source code, modifying it etc. So, release of reverse engineered software after patching directly is dangerous from the legal perspective, it is limited to usage for academic purpose or for re-writing a Free Software with similar functions.
It is near impossible to stop personal reverse engineering of the closed source software. Software also includes the firmwares.
Distributing Free Software never decreases the profit – like WordPress is a Free Software and Matt Mullenweg as founder is quite successful. Everyday we use a huge number of softwares which are 100% closed source and either keep a security backdoor open to help NSA like Governmental Agencies or has data collecting functions. It can be 5 lines of innocent looking Javascript. Reverse Engineering demands huge knowledge of various languages, experience, enthusiasm and certain tools.
The philosophy is not to create warez. Warez do not promote the Free Software culture.
Using OpenStack Snapshot as a Tool for Reverse Engineering Closed Source GNU/Linux Software
OpenStack has snapshot feature with Floating IP. Some providers have virtual routers too. Blocking the external network is very important basic step for testing the questionable softwares to be reverse engineering.
---
Usually the closed source software has some restrictive function and some usage tracking future. They can use your instances to spy on you. In real bigger testing, instead of virtual devices, real hardwares are used. This mentioned method can be an example to work for security and gain experience with near zero knowledge.
Nulling the apparent restrictive function and some usage tracking future are the initial steps to find the other malware functions, which are usually very difficult to find.
As none of the Closed Source GNU/Linux Software is neither being used on production instance for any benefit nor they are distributed, the so called Governmental Laws are avoided. For bigger softwares, keeping Free Software communities informed is a better idea.
Decompiling, editing the files and recompiling are the first corrective steps. The deb or rpm installer file almost always remains in the machine/virtual machine. Finding it and fixing it to work is not difficult. Difficult are the next steps. Because Closed Source GNU/Linux Software never supply the source code. The things are binary. It is important to know which language it is written – C, C++, Python etc.
ltrace is very important tool for tracing. We can install it on deb GNU/Linux with :
1 | apt-get install ltrace |
Reverse Engineering Closed Source GNU/Linux Software
Best source for the beginners is http://www.ouah.org/RevEng/(copy paste the url in text editor first). Create a steal directory under /var/log with any name you can remember, like debug. You need to trace the system calls in this way :
1 | ltrace -S closed-source-program |
and keep the logs. Although netstat npa gives an idea of the external communication, closed source softwares are infamous for abusing system files to hide their malware functions.
After fixing the basic issues, practically we need to convert that Binary to Source Code. This is tad hard. That is why, usually the softwares are re-written in Python or other sane Language. C and C++ are favorite languages of the closed source software manufactures. Both makes the steps dirty. Here you’ll get some idea :
1 | http://tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/ |
For DEB, we can use dpkg -x for closed_source.deb named software.
1 2 3 4 | dpkg -x closed_source.deb /tmp/test ls /tmp/test ar -vx closed_source.deb tar -xvzf data.tar.gz |
Do not except a clean C or C++ language, their software engineers might not be enlighten, but are masters to create a confusing “language”. Payment actually never build “proof stuffs”. Human has a pattern of writing codes. Never try anything without basic knowledge.
