Pete Finnigan's Oracle Security Weblog

I have always been interested by dissassembly, reverse engineering, decompilation and other related feats not because I want to break and steal software as this seems to be the perception of what these things do or can be used for by anyone who hears of these techniques. I am interested because they are hard to do, impossible even, i am interested because of teh techniques not because of the end uses some people put these techniques to. That said there is a burgening reverse engineering community out there not just in software but also in engineering where the uses are

I like technical challenges, internals details and hard to do techniques. I guess it broadens the mind. I have always said that to know how to secure an Oracle database you must think like a hacker, know hacker techniques but also know other things, not just security, such as programming, all the database features, security techniques and more, just be curious.

Back to decompilation. Decompilation generally falls into two categories, the first where source code retrieval is needed and the second where the goal is to undertand parts of the program or the whole in a high level language such as C but where complete original source code recovery is not needed. Its generally understood that for binary decompilation complete source recovery is impossible because the compiler removes information as it does its work, two examples are the loss of variable names and the optimizer can alter the original function of the code.

For some languages complete decompilation and source code recovery is possible, the PL/SQL language for instance at least to 9i via the wrapped file it is possible to completely recover the source code as this was one of the intended design features of DIANA. Java is the same, even the Sun compilr includes a decompiler in its suite and free tools such as Jad are available.

For binary decompilation its much harder, for a start the original high level language may not be know, it could be C, C++, Delphi, compiled VB, even Assembler or combinations of these languages and many more. There have been a few reasonably successful tools written over the years, including DCC, REC and more recently the open source Boomerang.

The most interesting aspect is the idea to decompile to understandable C or C++ irrespective of the original source language and also ignoring the fact that variable names have been lost. Combining these ideals with a tool like IDA Pro makes for a very powerful reverse engineering tool. I was very interested to see that Ilfak Guilfanov, famous for writing IDA Pro has been working on a decompiler plugin for IDA that is in closed beta at the moment but will be released as a seperate product in the future. An entry in his blog titled "Decompilation gets real" gives a good taster as does an example on the documentation (limited) - in a page titled http://www.hexblog.com/hexrays/manual/primer.html - (broken link) Hex-Rays Decompiler - Quick primer shows a much longer better example of how it will work. Lets hope Datarescue make it available soon!