Reverse Engineering
The process of analysing software, firmware or a protocol to understand its operation without access to the source code.
What is Reverse Engineering?
Reverse engineering is the process of analysing a finished product - software, firmware, device or communication protocol - to understand its internal operation without access to design documentation or source code. In cybersecurity, it is used both in defence (malware analysis) and offence (vulnerability research).
The main software reverse engineering techniques are: disassembly (converting machine code to assembly language), decompilation (attempting to reconstruct high-level code), debugging (tracing programme execution step by step) and dynamic analysis (observing programme behaviour during execution).
In the OT security context, reverse engineering has additional applications: analysing PLC firmware, researching undocumented communication protocols (e.g. proprietary Modbus implementations) and discovering vulnerabilities in ICS devices for which the manufacturer does not provide source code.
Why does it matter?
Reverse engineering is a fundamental tool in the security researcher’s arsenal. It enables malware analysis, zero-day vulnerability discovery in closed-source software, firmware security verification for IoT and ICS devices, and assessment of cryptographic mechanism implementations. Without reverse engineering, the analysis of many threats and vulnerabilities would be impossible.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.