Reverse Engineer OS?

xxxcastenada · Post by **xxxcastenada** » Thu Jan 03, 2008 1:54 am

In the past I have heard stories of anonymous people disassembling commonly used binaries in Windows & Other proprietary OS and re-writing in ASM to make os components "run faster", "crash less", "provide more "stability" & "security". I never figured out whether these stories were true or just braggadocio, so I was wondering if someone might not mind shedding a bit of light on this.

I think the DMCA might have changed recently, though I am not 100% certain on this.

How likely is something like this to have happened, how hard would it be to disassemble and reverse engineer say explorer.exe or svchost.exe and improve on these files to yield better OS performance?

Pyrofan1 · Post by **Pyrofan1** » Thu Jan 03, 2008 1:59 am

all you would need to do is disassemble them with a disassembler, change whatever and assemble them. but that would be pretty had as you would need to wade through thousands of lines of assembly and you would also need to do this to some of the dlls as that's where a lot of the functions would be.

Solar · Post by **Solar** » Thu Jan 03, 2008 5:30 am

If you know exactly what you're looking for - e.g. the JPEG decoding or the SSL encryption parts - a good reverse engineer would have little problems locating them in the .exe.

If that part is actually broken, or very poorly implemented, it is possible to get a bug fixed or some performance tweaked.

However, unless it's you doing the tweaking, or someone you trust implicitly, the resulting binary might just as well be a rootkit / virus for all you know.

Bottom line, it's possible, but I'd guess about 90% of such "hacked" executables are not safe to use.

Dex · Post by **Dex** » Thu Jan 03, 2008 5:07 pm

I would say its possable, but the number of coder who could do this is getting small each year.
It is much harder, than some people would lead you to believe, it takes a long time and many year of work to get to a stage where its possable.
Only true HACKER can do it.

AndrewAPrice · Post by **AndrewAPrice** » Thu Jan 03, 2008 7:11 pm

This topic has caught my interest. Does anyone mind sharing any links to people who've done it? I can't find anything on Google.

Solar · Post by **Solar** » Fri Jan 04, 2008 2:06 am

Dex wrote:Only true HACKER can do it.

Unfortunately, in my experience professionals beat hackers in this discipline hands-down. Not that some pros aren't hackers in their spare time, but it takes a very structured and non-hackish approach to actually achieve results.

Dex · Post by **Dex** » Fri Jan 04, 2008 3:40 pm

Solar wrote:
Dex wrote:Only true HACKER can do it.
Unfortunately, in my experience professionals beat hackers in this discipline hands-down. Not that some pros aren't hackers in their spare time, but it takes a very structured and non-hackish approach to actually achieve results.

But when i say "HACKER", i was meaning in the old sense.
Not in the media type

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

3. A person capable of appreciating hack value.

4. A person who is good at programming quickly.

5. An expert at a particular program, or one who frequently does work using it or on it; as in 'a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.)

6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

lukem95 · Post by **lukem95** » Fri Jan 04, 2008 6:21 pm

arent there already REers working on linux drivers? i believe this is how they implement closed source drivers, or formats such as .doc

Brynet-Inc · Post by **Brynet-Inc** » Fri Jan 04, 2008 9:48 pm

Reverse engineering is legal in the US, and is legal in Canada..

American reverse engineers typically have to follow the "Clean room" approach though.. Canadians do not.

Basically, a person or group of people, have to reverse engineer the format/protocol and then document what they found.

Another group can then use that documentation and create their own implementation..

AFAIK, The reverse engineer(s) can't contribute in the actual development process though..

Sounds complex eh?

thegreatseph · Post by **thegreatseph** » Fri Jan 04, 2008 10:28 pm

This isn't really uncommon at all, Almost all software cracks are done in this method. Granted cracking isn't really as hard as many times just changing a conditional jump to an unconditional one is enough to make a program allow access, or just jumping around or removing the check procedure completely, but the principle is the same ...

Cracking is rather common, I figure for the amount of illegal software out there there must be thousands of programmers who do this.

What I fail to understand though, is why would you want to go thorough all of the trouble just to fix the flaws in an existing product. I have done a fair amount of disassembling, and aside form isolating a particular procedure and either rewriting it or cutting it out, it just seems too much work to be practical. for example if you download the source to Windows NT or the partial source to windows 2k (both are around on the net) you will see just how much code is going into a big commercial product it just isn't practical to do anything to it without a huge team of programmers.

xxxcastenada · Post by **xxxcastenada** » Sat Jan 05, 2008 3:36 pm

Brynet-Inc wrote:Reverse engineering is legal in the US, and is legal in Canada..

American reverse engineers typically have to follow the "Clean room" approach though.. Canadians do not.

Basically, a person or group of people, have to reverse engineer the format/protocol and then document what they found.

Another group can then use that documentation and create their own implementation..

AFAIK, The reverse engineer(s) can't contribute in the actual development process though..

Sounds complex eh?

I think the laws could change soon because of concern over ip(intellectual property) piracy and the hand that re'ing protocols like that used by dvd's etc, takes in it.

I think in the past under the DMCA(digital millennium copyright act) re'ing is only legal for 3 things(correct me if im in error as I havent gone over this in awhile):
1. reverse engineering for co-operation of differing systems
2. test security
3. improving the thing that's being re'ed in some way.

But, because of the recent concern over ip, hollywood writers on strike, the riaa losing $ from many of its artists leaving their record labels and venturing out into the independent music scene.. the DMCA may amended, if it hasnt already. I think there was a law back in 2007 that changed parts of it, but I don't remember exactly.

xxxcastenada · Post by **xxxcastenada** » Sat Jan 05, 2008 3:45 pm

thegreatseph wrote:What I fail to understand though, is why would you want to go thorough all of the trouble just to fix the flaws in an existing product. I have done a fair amount of disassembling, and aside form isolating a particular procedure and either rewriting it or cutting it out, it just seems too much work to be practical. for example if you download the source to Windows NT or the partial source to windows 2k (both are around on the net) you will see just how much code is going into a big commercial product it just isn't practical to do anything to it without a huge team of programmers.

When I think about writing an OS from scratch that has all the features I would like, it seems like a lot of work. To have it support the same binaries as win, linux, or mac operating systems to run major applications like photoshop and to have an implementation of direct x or open gl / hardware support to be able to play games, etc, and get the full functionality one would want out of a top rate os isn't necessarily the easiet thing from what I gather?

I guess... maybe a backwards approach would be to take an os that has the application & hardware support and re-write it to have the features / performance you would like wouldn't be a bad idea if it wasn't too difficult?

Besides, I'm certain there would be some note-worthy TheDailyWTF.com material propagating in those uncharted, windows, op codes...

xxxcastenada · Post by **xxxcastenada** » Sat Jan 05, 2008 3:49 pm

lukem_95 wrote:arent there already REers working on linux drivers? i believe this is how they implement closed source drivers, or formats such as .doc

I think the OpenBSD developers have reverse engineered a lot of the undocumented drivers out there("blobs" I think they call them).

I don't know how they do it. The few times I've bothered to disassemble an exe, I think I've had 1 megabyte exe files blossom into 20 megabyte files of .asm code. I was kind of thinking a gigabyte sized OS would be an utter nightmare to handle on an asm level, but I just thought I'd ask the experts, y'know. ; x

Brynet-Inc · Post by **Brynet-Inc** » Sat Jan 05, 2008 6:20 pm

Yes, OpenBSD developers reverse engineer hardware if they're unable to obtain vendor documentation.

Some disassembling is probably required.. but that's only part of the process..

PCI/USB Bus analyzers would help them figure out how a device works as well.. documenting what happens when the proprietary binary blob does something.. etc