While we all know what fun reverse engineering of code can be, I am wondering what legitimate industries, besides the anti-X industry, reverse engineer code? While this may sometimes be needed in many technical roles, I am speaking more of jobs where this is a primary responsibility. I suspect there are very few jobs where reverse engineering is a necessary skill, or few that would be admitted to, but don't know that for certain. Yes, it is of course always a complementary skill!
0
Add a comment
|
6 Answers
Community wiki: feel free to edit
As a main skill
- malware analysis
- digital forensics and Incident response
- security assessment, pen testing
- is this website/software/cpu really secure? which one is the most secure?
exploit development
- si vis pacem, para bellum
plagiarism detection (if a company sues another one because they claim they stole their source code)
- emulation
- adapting older games to newer medias
- such as DotEmu, Good old games
- adapting older hardware to newer
- emulate older protection dongles for no longer supported softwares
- adapting older games to newer medias
- source code recovery
- because backup may fails
- business logic recovery / process recovery (regarding Legacy Systems)
- because documenting all the quirks, workarounds and clever solutions adequately is hard
As a side skill
- understanding what a program is about
- because too often, one doesn't have the time to document how an internal tool works
Here's a few that you may not usually think about:
- Car tuning shops. A lot of modern car tuning is basically firmware hacking.
- Compiler development. When you're making a toolchain that produces code that other people will rely on, it's good to have an outside tool for sanity check.
- General software development. While debuggers are usually enough, sometimes you need to RE your own program to realize what's going on. Or look inside a library you're using when docs are incomplete, wrong, or just plain missing.
- Checking out what your competitors are doing (both software and hardware).
answered Apr 14, 2013 at 21:21
-
1as for the first point I can tell you that there is a difference between the people packing that experience under their belts and the ones selling/offering it.– 0xC0000022L ♦Commented Apr 15, 2013 at 0:08
-
2+1 for the comment about RE as a part of the software development process. I can't tell you how many times IDA has saved my ass during development, where I have some linker error that is driving me insane, and I just open the offending objects in the disassembler and all becomes clear. Similarly for things that I would swear are "compiler errors" which turn out to be my fault. And that experience also helps me debug my software much better. Commented Apr 15, 2013 at 4:47
-
1Good points! Especially about reverse engineering competitor's products. I remember having to reverse other packers when PECompact was in development over a decade ago, as I couldn't figure out how in the world they packed so tight. I found the answer by reversing: BCJ2 (x86 jmp/call offset optimization). At the time, it was quite a revelation!– dyastaCommented Apr 15, 2013 at 6:55
-
+1 for firmware hacking, and firmware development. In fact I found myself doing trivial RE when developing small robotics or other hardware/software projects..And lots of companies, while do not explicitly list reverse engineering as a requirement for a developer position, it's a skill if not present makes you just a very 'technical writer' and not an actual software developer.– gandolfCommented Aug 17, 2013 at 4:13
No one seems to have mentioned compatibility yet. I know this isn't the biggest thing reversing is used for, but making software that is compatible with proprietary file formats or protocols is very important, fairly common, and explicitly protected by law in some countries.
Often, a developer can use reversing as a "complementary skill", but in many cases it would make sense for this to be someone's job. For example, when using clean-room techniques, or if the file format or protocol is excessively complex.
Probably a niche but my RE skills often help to get (CR)Applications to work in virtual environments such as Citrix XenApp/XenDesktop.
I write a lot about these experiences on my blog.
self promo warning: here are a few recent examples:
Probably the security industry is the biggest user of reverse engineering. Malware analysis, analyzing binaries for potential security vulns, and analysis of patches to write security product signatures.
It's rampant in the microprocessor industry; here are a few sources you might find interesting:
