• Journal of the Korea Society of Computer and Information
• /
• v.1 no.1
• /
• pp.105-128
• /
• 1996

The maintenance cost accounts for over a half of all software costs. Maintenance tools can be used to reduce It. All other maintenance techniques. reverse engineering Is a process of analyzing source code to extract design information and to create representation of it In another form or at the higher level of abstraction. In this thesis. we propose a method to extract the call relationships among programs. the logic structure In program and the data flow of programs iron COBOL source Programs using reverse engineering. We also present a method to generate the structure chart of programs and modules. The structure chart generated from source code provides very important information to understand programs In details. The structure chart modified will be more helpful the maintainer to understand programs when he analyzes them later or others analyze them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1339-1350
• /
• 2019

Ransomware is a malicious software which requires money to decrypt files that were encrypted. As the number of ransomware grows, the encryption process in ransomware has been more sophisticated and the strength of security has been more stronger. As a result, analysis of ransomware becomes more difficult and the number of decryptable ransomware is getting smaller. So, research on encryption process and decryption method of ransomware is necessary. In this paper, we show encryption processes of 5 ransomwares which were revealed in 2019, and analyze whether or not those ransomwares are decryptable.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.7
• /
• pp.1805-1816
• /
• 1999

This paper presents the Module Class Dependency Graph for expressing the dependency relations between classes effectively. The object-oriented language is developed independently at design time, and consists of relationship between classes. Therefore we need to consider these characteristics of independence, and to express effectively the relation of classes which is existed in class hierarchy. In the System Dependence Graph and Class Dependence Graph, the relationship of classes is not expressed. To express the class relationship, we propose the Module Class Dependence Graph, and we verify the effectiveness of this method applying to object constructor, inheritance relationship and dynamic binding. Also, we presents the expressing method of parameter to identify the member data of classes. Using this Module Class Dependency Graph, we can analyze the relationship of module class correctly at design time. This method can be applied to reverse engineering, testing, visualization and other various fields to analyze system.

• Composites Research
• /
• v.32 no.4
• /
• pp.177-184
• /
• 2019

If what the mechanical properties according to a layer have was found out by analyzing the already fabricated composite, it could be possible to develop the composite of the better performance than the existing products. In this study, we tried to calculate the mechanical properties of the inner prepreg lamina by applying the reverse design technique to the composite structure made by laminating prepregs. When the physical quantities obtained by the simple tensile test are used alone and the physical quantities obtained by the tensile test and the mode analysis are used at the same time, the results of this study show that the accuracy of the latter is higher Finally, the maximum error of $E_1$ predicted was 0.09% and the maximum error of predicted $E_2$ was 7%.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.1-8
• /
• 2020

The similarity detection to plagiarism or duplication of computer programs requires a different type of analysis methods and tools according to the programming language used in the implementation and the sort of code to be analyzed. In recent years, the similarity appraisal for the object code in the embedded system, which requires a considerable resource along with a more complicated procedure and advanced skill compared to the source code, is increasing. In this study, we described a method for analyzing the similarity of functional units in the assembly language through the conversion of object code using the reverse engineering approach, such as the reverse assembly technique to the object code. The instruction and operand table for comparing the similarity is generated by using the syntax analysis of the code in assembly language, and a tool for detecting the similarity is designed.

• Journal of Internet of Things and Convergence
• /
• v.9 no.1
• /
• pp.1-7
• /
• 2023

Cases in which personal terminals or servers are infected by ransomware are rapidly increasing. Ransomware uses a self-developed encryption module or combines existing symmetric key/public key encryption modules to illegally encrypt files stored in the victim system using a key known only to the attacker. Therefore, in order to decrypt it, it is necessary to know the value of the key used, and since the process of finding the decryption key takes a lot of time, financial costs are eventually paid. At this time, most of the ransomware malware is included in a hidden form in binary files, so when the program is executed, the user is infected with the malicious code without even knowing it. Therefore, in order to respond to ransomware attacks in the form of binary files, it is necessary to identify the encryption module used. Therefore, in this study, we developed a mechanism that can detect and identify by reverse analyzing the encryption module applied to the malicious code hidden in the binary file.

• Journal of the Computational Structural Engineering Institute of Korea
• /
• v.37 no.5
• /
• pp.309-316
• /
• 2024

In this paper, additive manufacturing (AM)-structural coupled analysis was proposed to accurately predict the mechanical behavior of 3D printed short-fiber reinforced composite structures. Tensile specimens were printed using a composite 3D printer (Mark Two, Markforged), and tensile tests were conducted on specimens manufactured with various nozzle paths. In addition, a reverse engineering scheme was applied to the experimental data to reasonably derive local anisotropic material properties according to the nozzle paths. Consequently, AM-structural coupled analysis was performed using the enhanced finite element model with mapped local materials properties, and the mechanical behavior of the 3D printed short-fiber reinforced composite was accurately described. To demonstrate the effectiveness of the proposed AM-structural coupled analysis model, the computational results obtained were compared with experimental results.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

• Journal of KIISE
• /
• v.41 no.11
• /
• pp.935-942
• /
• 2014

Today, it is very important issue to high quality of software issue on huge scale of code and time-to-market. In the industrial fields still developers focuses on Code based development. Therefore we try to consider two points of views 1) improving the general developer the bad development habit, and 2) maintenance without design, documentation and code visualization. To solve these problems, we need to make the code visualization of code. In this paper, we suggest how to visualize the inner structure of code, and also how to proceed improvement of quality with constructing the Tool-Chain for visualizing Java code's inner structure. For our practical case, we applied Object Code with NIPA's SW Visualization, and then reduced code complexity through quantitatively analyzing and visualizing code based on setting the basic module unit, the class of object oriented code.

• Journal of KIISE:Software and Applications
• /
• v.32 no.8
• /
• pp.730-741
• /
• 2005

Layered Architecture is a kind of nodule decomposition techniques, which decomposes a program by generality This paper proposes a ]aver based method for recovering layered architecture from object-oriented program and checking conformance against architectural document. To specify the rules for layered style in object-oriented program, we define a partially ordered set on modules by module use relationship and module layer relationship by module override relationship. The meaning of module layer relationship is explained with an example from design patterns. Steps to recover layered architecture from program are described and a metamodel for the recovery is proposed. Architecture recovery is performed on source codes from open-source software project, and the implication of parts that do not conform to its architectural document is discussed. As a result of checking, it is pointed out that, although the parts are considered allowable exceptions of layered architecture, their modifications should be controlled carefully.