Methodology for Machine Code Reverse Engineering. Part 2. Static Investigation

The creating results a unified methodology for reverse engineering the machine code of devices are presented. This second part of the articles series is devoted to static research of code in order to restore its metainformation (source code, algorithms, architecture, conceptual model), as well as search for vulnerabilities in it. A scientific publications review on the topic of existing methods and tools for static analysis of machine code is carried out. A detailed description and formalization of the steps of the stage is given, as well as examples of their application in practice. A proposed methodology partial diagram is presented in graphical form, indicating the main and intermediate results obtained.

1. Izrailov K. Methodology for Machine Code Reverse Engineering. Part 1. Preparation of the Research Object. Proceedings of the Telecommun. Univ. 2023;9(5):79–90. DOI:10.31854/1813-324X-2023-9-5-79-90

2. Padaryan V.A., Getman A.I., Solovev M.A., Bakulin M.G., Borzilov A.I., Kaushan V.V. Methods and software tools supporting combined binary code analysis. Proceedings of ISP RAS. 2014;26(1):251–276.

3. Bugerya A.B., Yefimov V.Yu., Kulagin I.I., Padaryan V.A., Solovev M.A., Tikhonov A.Yu. Program complex for detecting undeclared capabilities in the absence of source code. Proceedings of ISP RAS. 2019;31(6):33–64. DOI:10.15514/ISPRAS-2019-31(6)-3

4. Dolgova K.N., Chernov A.V., Derevenets Ye.O. Methods and algorithms for restoring assembly language programs into high-level language programs. Information Security Problems. Computer Systems. 2008;3:54–68.

5. Novikov V.A., Lomako A.G., Yeremeev M.A., Petrenko A.S. Identification and neutralization of undeclared program features. Proceedings of the 2017 Symposium on Cybersecurity of the Digital Economy, CDE'17, 19–20 September 2017, Innopolis, Russia. St. Petersburg: Afina Publ.; 2017. p.284–287.

6. Revnivikh A.V., Velizhanin A.S. Automated Formation Methodology of disassembled listing structure. Cybernetics and Programming. 2019;2:1–16. DOI:10.25136/2306-4196.2019.2.28272

7. Bhardwaj V., Kukreja V., Sharma C., Kansal I., Popali R. Reverse Engineering-A Method for Analyzing Malicious Code Behavior. Proceedings of the International Conference on Advances in Computing, Communication, and Control, ICAC3, 03–04 December 2021, Mumbai, India. IEEE; 2022. p.1–5. DOI:10.1109/ICAC353642.2021.9697150

8. Cherchesov A.E. UEFI boot phases and how to control executable images. Voprosy zashchity informatsii. 2018;2(121):51–53.

9. Zhang D., Zhang Z., Jiang B., Tse T.H. The Impact of Lightweight Disassembler on Malware Detection: An Empirical Study. Proceedings of the 42nd Annual Computer Software and Applications Conference, 23–27 July 2018, Tokyo, Japan. IEEE; 2018. p.620–629. DOI:10.1109/COMPSAC.2018.00094

10. David A.P. Ghidra Software Reverse Engineering for Beginners: Analyze, identify, and avoid malicious code and potential threats in your networks and systems. Packt Publishing Ltd; 2021. 322 p.

11. Buinevich M.V., Izrailov K.E. Automated tool for machine code algorithmization of telecommunication devices. Telekommunikatsii. 2013;6:2–9.

12. Buinevich M.V., Izrailov K.E. Algorithmization method for machine code of telecommunication devices. Telekommunikatsii. 2012;12:2–6.

13. Seliverstova I.A. Development of software for building XML code description. Modern scientific researches and innovations. 2016;2(58):102–104.

14. Mitkin S.B. Automata programming in the Dragon language. Software Engineering. 2019;10(1):3–13. DOI:10.17587/prin.10.3-13

15. Vokhmin A.A., Yevdokimova O.A., Malyavko A.A. Visual-graphical programming system based on the development of algorithm flowcharts. Converting program texts in different programming languages into flowcharts and back again. South-Siberian Scientific Bulletin. 2021;3(37):49–57. DOI:10.25699/SSSB.2021.37.3.013

16. Pakonen A. Obfuscation of function block diagrams. Proceedings of the 28th International Conference on Emerging Technologies and Factory Automation, ETFA, 12–15 September 2023, Sinaia, Romania. IEEE; 2023. p.1–7. DOI:10.1109/ETFA54631.2023.10275363

17. Ipatov P.S. Technologies of interprogram interfaces. Science Time. 2016;9(33):115–118.

18. Buinevich M.V., Ganov G.A., Izrailov K.E. An intelligent method for visualizing program interactions in the interest of operating system information security auditing. Informatization and communication. 2020;4:67–74.

19. Yang J., Cheng C., Shen S., Yang S. Comparison of complex network analysis software: Citespace, SCI2 and Gephi. Proceedings of the 2nd International Conference on Big Data Analysis Beijing, 10–12 March 2017, Beijing, China. IEEE; 2017. p.169–172. DOI:10.1109/ICBDA.2017.8078800

20. Gardazi S.U., Shahid A.A. Survey of software architecture description and usage in software industry of Pakistan. Proceedings of the International Conference on Emerging Technologies, 19–20 October 2009, Islamabad, Pakistan. IEEE; 2009. p.395–402. DOI:10.1109/ICET.2009.5353137

21. Sharma K., Dubey S.K., Gaurav P., Prachi Functionality Assessment of Software System using Fuzzy Approach. Proceedings of the 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), ICRITO, 04–05 June 2020, Noida, India. IEEE; 2020. p.1206–1209. DOI:10.1109/ICRITO48877.2020.9197795

22. Kotenko I., Izrailov K., Buinevich M., Saenko I., Shorey R. Modeling the Development of Energy Network Software, Taking into Account the Detection and Elimination of Vulnerabilities. Energies. 2023:16(13):5111. DOI:10.3390/en16135111

23. Izrailov K.E., Pokusov V.V. Creation of software object-oriented platform for UEFI modules development. Proceedings of the X International Scientific-Technical and Scientific-Methodical Conference on Actual Problems of Infotelecommunications in Science and Education, 24–25 February 2021, St. Petersburg, Russia. St. Petersburg: The Bonch-Bruevich Saint-Petersburg State University of Telecommunications Publ.; 2021. vol.2. p.246–250.

24. Yu S.-Y., Achamyeleh Y.G., Wang C., Kocheturov A., Eisen P., Al Faruque M.A. CFG2VEC: Hierarchical Graph Neural Network for Cross-Architectural Software Reverse Engineering. Proceedings of the 45th International Conference on Software Engineering: Software Engineering in Practice, 14–20 May 2023, Melbourne, Australia. IEEE; 2023. p.281–291. DOI:10.1109/ICSE-SEIP58684.2023.00031

25. Izrailov K.E. The concept of genetic decompilation machine code telecommunication devices. Proceedings of the Telecommun. Univ. 2021;7(4):95‒109. DOI:10.31854/1813-324X-2021-7-4-95-109

26. Izrailov K.E., Umaraliev I.V. Hypothetical method of restoring machine code architecture modules in order to detect high-level vulnerabilities. Proceedings of the XII International Scientific-Technical and Scientific-Methodical Conference on Actual Problems of Infotelecommunications in Science and Education, 28 February – 01 March 2023, St. Petersburg, Russia. St. Petersburg: The Bonch-Bruevich Saint-Petersburg State University of Telecommunications Publ.; 2023. vol.1. p.577–581.

27. Wang R., Shi Y. Research on application of article recommendation algorithm based on Word2Vec and Tfidf. Proceedings of the International Conference on Electrical Engineering, Big Data and Algorithms, 25–27 February 2022, Changchun, China. IEEE; 2022. p.454–457. DOI:10.1109/EEBDA53927.2022.9744824