-1

I have come across a lot of guides and blogs about reverse engineering where they use labs to teach various techniques and methods to break binaries. My question is what actual use cases does reverse engineering have in the real world, as I don't think the labs you learn about would actual be emulating a real world attack?

Abhinav Vasisth
  • 1
  • 1
  • 2
    This looks like a "what is reverse engineering" question. You saw labs, but you don't understand *why* they are doing the labs. Have you looked up the "why" of the question? https://www.google.com/search?q=hacking+reverse+engineering – schroeder Feb 15 '22 at 09:39

1 Answers1

1

Based on the phrasing of your question, I suspect you might be conflating reverse engineering with exploit development.

Reverse engineering, in the context of software, is taking some implementation of a program and figuring out what it actually does, and how it does it. This is distinct from understanding what it is intended to do, which is often what you'd find in manuals and documentation. This usually involves disassembling the program, identifying which sections of code are responsible for the program's high-level functions, and determining the details of the implementation in sufficient clarity for whatever your goal is.

Exploit development is the practice of taking some behaviour of a program and manipulating it in a way that causes it to have unintended side-effects, such as executing arbitrary code. Exploit development is not the same as reverse engineering, but you almost always have to perform reverse engineering in order to understand the program's behaviour in sufficient detail to exploit it.

Typical exploit development lab exercises, such as simple stack buffer overflows, tend to focus on a class of exploit development commonly referred to as binary exploitation. These are things like stack overflows, heap corruption, etc. that focus on memory safety vulnerabilities. While binary exploitation is still very relevant, the simple examples (e.g. stack buffer overflows) tend not be be representative of the kind of practical work involved in exploit development, and binary exploitation is only a small part of the landscape.

The vast majority of vulnerabilities arise from applications higher level behaviour, for example a file upload feature failing to check for characters in the filename that might lead to path traversal. Finding and exploiting these vulnerabilities requires reverse engineering.

Polynomial
  • 132,208
  • 43
  • 298
  • 379