Most electrical (computing based) products are a combination of lots of pieces of software. Reverse engineering is really a deep dive into how something works. For example, in any website that lets you register an email address, what happens if you do “stupid” things – type in a very long and broken email? Paste an emoji? For email addresses, most sites may expect a maximum of 128 characters in length. So what happens when you exceed that limit? And whilst the javascript may limit the length, what happens if you bypass the browser and do things directly over http?

What about an iphone? You connect a device via a cable, and it sends a code to indicate the type of device. So, what happens if you fake the device id, and see how the iphone reacts?

Eventually, you may crash the device with unexpected inputs – thats one goal of reverse engineering – the crash indicates an unexpected payload. But that crash may allow more damaging attacks, such as buffer overflow or remote code execution.

Ultimately, you may make the device or software do more than the vendor expects or allows.