# Decompile to find security vulnerabilities Decompiling software code to find security vulnerabilities is a common security research method, but it must be pointed out that it is illegal to use these vulnerabilities for system intrusion without authorization. The following are some legal security research scenarios where vulnerabilities may be discovered through decompilation： ## Research on the security of decompilation under legal circumstances 1. **Vulnerability bounty program**: The company expressly authorizes security researchers to test its software 2. **Open source software audit**: Analyze the security of open source projects and report vulnerabilities to maintainers 3. **Own system security assessment**: The organization conducts a security audit of its own system 4. **Authorized penetration testing**: Conduct a security assessment of the customer's system within a clearly defined scope ## Common types of vulnerabilities that can be discovered by decompiling 1. **Hard-coded credentials**: The password or API key left by the developer in the code 2. **Unverified input processing**: Code that may cause buffer overflow or injection attacks 3. **Insecure encryption implementation**: Use outdated or incorrectly implemented encryption algorithms 4. **Logical defect of local permission elevation**: A logical error in the program that allows access elevation Please note that unauthorized penetration testing of the system or using vulnerabilities to access it is illegal and may lead to serious legal consequences. Security research should follow the principle of responsible vulnerability disclosure and be conducted with authorization.