The Conversion

Thomas Ptacek | December 28th, 2005 | Filed Under: Reversing

Because this needed a name: the phenomenon of taking part of a closed application and turning it directly into source code.

You’ve won a Conversion when, after slogging through 10 megabytes of assembly code, you discover that, say, the RIP routing code is straight NetBSD routed(8). You match a version of routed from 1997 to the IDA disassembly; then you test routed(8) instead of the binary.

Another Conversion: you found the management console embedded in a binary as a Java JAR. Because jad does such an excellent job, Java apps are almost Conversions by default.

It doesn’t just happen in binary rev-eng work. For example: a web app pen-test where you find out that the tool that generates custom images can be used to read any file on the server. 10 minutes of Python, you’ve downloaded all the ASP files, total Conversion. In two senses of the word: you’ve converted the app into source code, and the pen-test into a code audit. Also you get the secret debug passwords.

It happens a lot. It’s such a happy thing that it’s silly that we don’t have a good word for it. I’m happy to help.

3 Comments so far

  • Roland Dobbins

    December 28th, 2005 1:44 am

    What about ‘reconstitution’?

  • Chris Walsh

    December 28th, 2005 12:23 pm

    Interesting to examine this “conversion” neologism as a manner of acquiring 0wnership.

    Wikipedia says:

    “In law, conversion is a tort that deals with the wrongful interference with goods. Conversion involves dealing with a chattel in a manner repugnant to a person’s immediate right of possession. The gist of the action is a denial of the plaintiff’s dominion over the goods.

    The plaintiff must been in actual possession or have an immediate right to possession at the time of the wrong. Absolute ownership is not required.”

    Maybe I’m nuts, but I see some humor in this.

  • tqbf

    December 28th, 2005 3:08 pm

    “Reconstitution” misses the spirit of the event. IDA Pro “reconstitutes” source from binaries, in the same way as water reconstitutes powdered milk.

    A Conversion is much clearer: you get the actual source code, not an interpretation of it. I had to stop and think about whether jad output qualified; a C source code Conversion gives you defined constants and variables names.

    Maybe there’s a such thing as a “one-point Conversion” and a “two-point Conversion”. The myriad of C decompilation projects would fit into the first bucket.

    The point of calling this out is that Conversion is a goal of binary rev-eng; probably the best initial goal, at that.

    • Leave a reply