Can you add or remove functionality?

Yes. If only compiled binaries exist, we can patch them to add features, change behavior or remove modules. Examples include enabling disabled features, adding new protocols or interfaces, adjusting hardware dependencies and removing faulty components.

What happens if the analysis is not feasible?

If the project is technically or legally impossible, you pay nothing. The initial assessment is free and we will inform you transparently if the analysis cannot be performed.

Can you prepare documentation for audits or legal purposes?

Yes. We can prepare technical documentation suitable for audits, certifications or legal assessments, including risk analyses, technical statements, security evaluations and reports on software quality or code integrity.

Software Reverse Engineering - Analysis of Software, Firmware and Malware

At 0xda7a, we specialize in reverse engineering (RE) services for software, malware, embedded firmware and proprietary applications - regardless of platform, operating system or hardware.
Whether your organization is facing malware threats, needs to understand older or proprietary software, or wants to evaluate the security of third-party applications: we provide precise technical analysis and tailored solutions.
Our work offers deep insights into internal logic, uncovers vulnerabilities and provides the technical foundation to maintain, secure and further develop software even without access to the original source code.

What is Software Reverse Engineering?#

Forward Engineering
A developer writes the source code of a program, documents its functionality, and compiles it into machine-readable binary code. Everything is transparent because structure, logic, and behavior are visible in the source code.

Reverse Engineering
Reverse engineering is the opposite situation: you only have the compiled program - pure binary code such as program.exe, without source code or documentation. The goal is to reconstruct how the software works internally, understand its components, and identify how the logic and data flow are structured.

Reverse engineering (RE) is the process of analyzing software or firmware to understand its structure, functionality and internal logic - regardless of whether source code is available.
This is particularly relevant for older applications, proprietary systems, poorly documented firmware or malware.

Reverse engineering includes, among other things:

static analysis
dynamic debugging
control-flow reconstruction
protocol and interface analysis
binary analysis

These methods make it possible to identify vulnerabilities, extend functionality, understand interfaces and keep systems usable in the long term.

Our Reverse Engineering Services#

We offer a comprehensive range of reverse engineering (RE) services to help organizations understand, maintain, modify or secure software without source code. Our services include:

Extracting information from software without source code
Many organizations rely on proprietary or legacy software for critical processes, but without access to the original source code it becomes difficult to fix issues, modify functionality or develop the software securely.
We fully analyze applications, document internal behavior and provide the foundation for maintenance, hardening and modernization.
Modifying software without source code (patching)
When only compiled binaries exist, we can extend functions, change behavior or adapt existing functional blocks. This includes adding new features, removing problematic modules or modifying interfaces and workflows by adjusting the binary code.
Security audits and vulnerability identification
Reverse engineering is a core component of comprehensive security assessments. We identify vulnerabilities, hidden features, backdoors, misconfigurations and potential exploit vectors before attackers can use them.
Firmware and embedded system analysis
Embedded systems often rely on proprietary or poorly documented firmware. We analyze firmware for all common and historical platforms such as STM32, ESP32, 8051, PIC, Renesas and many others.
We identify vulnerabilities, behaviors, hardcoded data, proprietary protocols and optimization opportunities - and modify the firmware directly if required.
Malware analysis and incident response (IR)
We dissect and analyze malware samples completely - including behavior, attack vectors, persistence mechanisms, encryption routines and internal logic.
In incidents, we identify infection paths, damage, Indicators of Compromise (IOC), Indicators of Attack (IOA) and recovery options and provide actionable measures to contain and harden affected systems.
Security audits for third-party software
Organizations often use external applications without knowing how they work internally or what risks they pose. We reverse engineer third-party software, identify vulnerabilities, misconfigurations or intentionally hidden functions and assess the risks for your environment.
Interoperability and interface reconstruction
We reconstruct proprietary protocols, file formats, Application Programming Interfaces (API) or device interfaces to ensure compatibility with modern systems - ideal for legacy environments or discontinued hardware.

Use Cases for Reverse Engineering#

Our reverse engineering services solve real technical challenges, such as:

Reviving and modernizing legacy software
Without source code, many older systems can hardly be maintained or extended. We document internal logic and enable updates, extensions or migrations.
Modifying unsupported applications
When vendors discontinue support, we help extend functionality or fix issues - even in historical software or firmware.
Security audits for third-party software
We uncover vulnerabilities, misconfigurations and hidden features to minimize risks.
Malware Incident Response (IR)
We analyze malicious code in technical detail, extract Indicators of Compromise (IOC), assess damage and assist with recovery and hardening.

Case Studies#

Extending the functionality of an industrial device
A company needed new features for specialized hardware from a manufacturer who had stopped providing updates. Through firmware reverse engineering, we implemented the required functionality and made the existing hardware fully usable again.
Vulnerability analysis in a financial application
We identified multiple critical vulnerabilities in a sensitive financial application. Working closely with the development team, we resolved the issues and significantly improved the application's security posture.
Malware analysis for a healthcare provider
A ransomware variant threatened the operations of a medical organization. We analyzed the malicious code, identified the encryption techniques and helped develop an effective recovery strategy.
Reverse engineering of a legacy control system
An industrial control system ran on outdated software without source code. Through reverse engineering, we reconstructed its functionality and enabled a migration to modern hardware - without interrupting production.

Process#

Confidentiality
All data is treated confidentially and deleted after completion. A Non-Disclosure Agreement (NDA) can be provided.
Sending data and defining the goal
You send us software, firmware or malware samples and describe your objectives.
Free initial assessment (approx. 30 minutes)
We evaluate the samples free of charge and provide feasibility, effort estimation and cost projections.
Your decision
You decide whether to proceed.
Full analysis
We perform a thorough analysis and provide a structured report with technical insights, risks, recommendations and/or a modified version of the sample.
Time adjustments
Additional effort is only billed with prior approval. If the task requires less time, costs are reduced accordingly.

Pricing Table#

Duration	Price	Details
Initial assessment (approx. 30 minutes)	Free	First feasibility check
First hour	250€	Base fee
Additional hours	200€ per hour	Regular analysis time
Additional effort	150€ per hour	Only after approval

All prices exclude VAT.

Frequently Asked Questions#

Is reverse engineering even legal?

In short: Yes, under certain conditions. And no, you don’t have to sit in a dark basement wearing sunglasses to do it.

In Germany (and the European Union), the most relevant legal foundations come from copyright law:

§ 69a UrhG - Protection of computer programs
Software is protected by copyright.
However, this protection is not absolute - legally permitted uses remain permitted even if a license claims otherwise.

§ 69d UrhG - Observing, studying, testing and decompiling
This section explicitly allows reverse engineering:

You may load, display, run, store, transmit or study a program to understand how it works.
This includes reverse engineering as long as the goal is to understand ideas, principles and functionality.
You may decompile software if it is necessary for interoperability - e.g., to maintain older systems or recreate interfaces.

Reverse engineering is therefore explicitly allowed in Germany when:

You have a lawful license to use the program
Your goal is to understand how the program works
You need to ensure interoperability (§ 69e UrhG)
The vendor no longer provides support and technical analysis is necessary
No 1:1 clones or commercial replicas are produced

In the United States, reverse engineering is also allowed in many cases, particularly when:

Interoperability must be achieved
Research or security analysis is required
The analysis falls under Fair Use

In other words: reverse engineering is legal far more often than most people assume - especially in security research, malware analysis, troubleshooting, legacy system maintenance or when source code is missing.

We are happy to advise you if you’re unsure whether your scenario falls under permitted exceptions.

What data do I need to provide?

We only need the relevant binary files, firmware or malware samples and a short description of your objective: What do you want us to find out, validate or modify?

If available, additional information helps:

Known features or expected behavior
Version numbers or software origin
System environment (e.g., Windows version, microcontroller type)

No worries: the less information you have, the more interesting the analysis becomes for us.

How long does reverse engineering take?

It depends on the project goals, the platform involved and whether the software uses protection mechanisms that make the process harder.

This is why we offer a free 30-minute triage - so we can provide a realistic estimate of feasibility, complexity and cost.

Do you work with obfuscated or protected software?

Yes - that’s basically our daily routine. Whether it's packers, code obfuscation, anti-debugging, virtualization or custom loaders: We analyze even heavily protected software or malware and can often bypass, remove or reconstruct protection mechanisms.

Naturally: the stronger the protection, the higher the required effort. That’s exactly why we offer a free initial assessment.

Can you add features or remove existing ones?

Yes. If you only have the compiled binaries, we can patch them to add desired functionality, change behavior or remove functional blocks.

Examples:

Enabling disabled features
Adding new protocols or interfaces
Adjusting hardware dependencies
Removing faulty or unwanted modules

As long as it’s technically possible, we can implement it.

What happens if the analysis turns out to be impossible?

Then you pay nothing. The initial assessment is free, and if we determine that the project is technically or legally not feasible, we tell you transparently.

No hidden fees, no “consulting charges”.

How do you ensure confidentiality?

All data is used solely for the agreed purpose.
After completion, all files you provided are irreversibly deleted (no “trash bin” magic).

If desired, we will sign a Non-Disclosure Agreement (NDA).

Can reverse engineering damage my software?

No - we never modify your original files.
All analysis is performed on isolated copies in a secure laboratory environment.

The only “risk” is that we might discover some well-hidden surprises left by previous developers.

What information do we receive after the analysis?

Scope varies per project, but typically includes:

A clear and understandable summary of results
Technical details on software or malware behavior
Identified vulnerabilities, risks and attack surfaces
Indicators of Compromise (IOC) and Indicators of Attack (IOA)
Optional recommendations for patches, migration or hardening

On request, we can also prepare a management-friendly or auditor-friendly version.

Do you analyze industrial software or specialized hardware?

Yes. From industrial controllers to proprietary protocols and older or poorly documented microcontroller families such as 8051, STM32, PIC or Renesas - we analyze even decades-old and under-documented systems.

Can you create proof of concepts or implementations of reconstructed protocols?

Yes. After analyzing a proprietary protocol, data format or internal interface, we can create functional proof-of-concepts (PoC) or full implementations - in Rust, C or Python.

Typical results include:

Parsers and encoders for proprietary data formats
Implementations of communication protocols (serial, binary or network-based)
Proof-of-concepts demonstrating features, attack scenarios or weaknesses
Tools for analysis, automation or interoperability
Libraries or utilities for integration into existing systems

These PoCs can be used for migration, hardening, feature development or documentation - and provide immediately applicable results.

What file formats or systems can you analyze?

We work platform- and format-independently. This includes:

Binaries for all major operating systems (Windows, Linux, macOS)
Firmware images from microcontrollers and embedded systems
File formats like Executable and Linkable Format (ELF), Portable Executable (PE) and Mach Object File Format (Mach-O)
Virtual machines, disk images or containers
Proprietary formats requiring reconstruction

If a format is particularly exotic, we usually find a way in.

Can you reconstruct proprietary protocols or file formats?

Yes - this is a common scenario. We analyze communication flows, binary structures and data patterns to produce fully documented specifications.

Typical results include:

Understandable documentation of protocol structure
Detailed message formats and field definitions
Reconstructed state machines and workflow diagrams
Recommendations for compatibility or implementation

This enables you to implement your own clients, migrate systems or ensure interoperability.

How do you handle firmware that is undocumented or encrypted?

For undocumented or encrypted firmware, we work in stages:

Extraction via hardware interfaces (e.g., Joint Test Action Group (JTAG), Serial Wire Debug (SWD), Universal Asynchronous Receiver and Transmitter (UART))
Structural analysis and segmentation of the firmware
Reverse engineering of machine and functional code
Identification of protocols, hardware accesses and configuration data
Patching or reconstruction of functions if needed

Even older or unknown microcontrollers can be analyzed.

Can you provide documentation or reports for audits or legal purposes?

Yes. We prepare technical analysis in a form suitable for audits, certifications or legal evaluations.

This includes:

Clear technical documentation
Risk assessments and technical statements
Evaluation of security measures
Reports on software quality or code integrity

We do not replace legal counsel but provide the technical basis for it.

How large can the files be that we send?

File size generally does not matter. We can process very large images, virtual machines or firmware containers.

If transfer becomes difficult due to size, we offer alternative upload or transfer methods.

Do you offer long-term support or maintenance?

Yes. Especially for proprietary or undocumented software, long-term support is often essential.

Our long-term services include:

Regular security assessments
Support during migration or modernization
Patches or functional adjustments
Monitoring vulnerabilities in dependencies

This helps avoid dependency on inactive or non-existent vendors.

Interested?