Is reverse engineering a saleable skill?

Question

Wanting to make (for purely personal use) CLI tools out of commonly used apps, I got into discovering undocumented APIs a couple years ago and it's been a lot of fun.Recently, I got into decompiling android apps and hunting through source code to find how their security works and mimicking it on my end.The pay-off is so little (e.g. instacart automated delivery, jimmy johns cli ordering etc.), but I'm absolutely in love with the process.My day job is an odd mixture of managing operations and logistics at our warehouses and writing code (python/django), so I have limited exposure to software companies.There was a recent thread on unofficial APIs, so I ask --Is this a skill that saleable in any way? Are there roles for this kind of thing?

cjbprime · Accepted Answer

"Malware analysis" is a subfield you're likely becoming qualified for, but it's a relatively small field, especially compared to your Django skilset.Joining a CTF team (e.g. the team I play on! OpenToAll) would be a good way to build on the skills and meet some professional reversers to network with.

jetti · Answer

I'm surprised that bug bounties haven't been mentioned yet. Sites like HackerOne and BugCrowd allow you to use (and improve) your skills while also potentially making some money while doing it. While HackerOne has a lot of web bounties there are a few mobile and desktop application bounties as well.

WheelsAtLarge · Answer

Yes, but you need a reputation to get paid.
Ifixit is a company that is built around reverse engineering consumer electronics. I also read about a company that completely breaks down cars to determine the cost of manufacturing. And we see it all the time with "Security specialists" who do their best to find security faults by partially reverse engineering apps and such.
The early IBM clones were built by reverse-engineering the first machines from IBM.
To get a reputation, I would start a blog, break down and explain whatever you find interesting. Keep in mind that it will take a lot of work to get started but if you love it, it might be lots of fun. It's important to focus and be consistent.

TheAdamAndChe · Answer

Yes, but if you aren't formally trained in this, you have to build a reputation in order to get a good job.
I did really neat things as a kid, but because I didn't broadcast it or document it, it doesn't seem to matter much to employers.
Start a blog & track your progress. Discuss your hobby with other people that like it. Try to help others.

non-entity · Answer

There a definitely RE and software roles than involve RE roles out there, but I imagine you have to be pretty good at it. Thebreverse engineering subreddit has job threads. Not sure how a hobbyist could break in, givenbthat most side projects probably toe the legal side of things outside of CTF challenges and such

piracy1 · Answer

Find 0Days. Sell them.Edit: Also, you can try to find info leaks from public companies. For instance, back when Fitbit only sold one device for one price. Roughly one user profile meant one sale. The profile page was just /profile/[Base58 Encoded Number] and the number was a sequential ID. I was able to predict their earnings pretty well for a quarter or two but then they started selling more devices and the correlation was made more uncertian. If you find something like that. A tangible signal, it's on inherent worth to *funds.

dpeck · Answer

Look into the security side of things.I did some research a few years ago doing the same sort of thing with jruby and android APKs and it is a lot of fun but the main applications of it are going to be in security, competitive analysis, and occasionally hacking things for one-off integrations.Be able to tell a story or two about doing it. If you can go 5 minutes deep on a couple of subjects and be at least a little entertaining while you do it, you'll get some job offers.

rasz · Answer

>managing operations and logistics>Is reverse engineering a saleable skill?Do you really want a pay cut?