CAPEC-167: White Box Reverse Engineering

Description

An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution.

Extended Description

Since these functions are usually intended as emergency features to return an application to a stable configuration if the current configuration degrades functionality, they may not be as strongly secured as other configuration options. The resetting of values is dangerous as it may enable undesired functionality, disable services, or modify access controls. At the very least this is a nuisance attack since the administrator will need to re-apply their configuration. At worst, this attack can open avenues for powerful attacks against the application, and, if it isn't obvious that the configuration has been reset, these vulnerabilities may be present a long time before they are notices.

Severity :

Medium

Possibility :

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-37: Retrieve Embedded Sensitive Data Retrieve Embedded Sensitive Data CAPEC-188: Reverse Engineering Reverse Engineering CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality Reverse Engineer an Executable to Expose Assumed Hidden Functionality CAPEC-191: Read Sensitive Constants Within an Executable Read Sensitive Constants Within an Executable CAPEC-204: Lifting Sensitive Data Embedded in Cache Lifting Sensitive Data Embedded in Cache

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Direct access to the object or software.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

Reverse engineering of software requires varying tools and methods that enable the decompiling of executable or other compiled objects.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-1323: Improper Management of Sensitive Trace Data

Visit http://capec.mitre.org/ for more details.