Recon2012 - PREVIEW

Recon 2012

Aaron Portnoy
Brandon Edwards
Day Day 3 - 2012-06-16
Room Grand Salon
Start time 15:30
Duration 00:30
ID 250


IDA Pro presents the reverse engineer with a vast array of tools and capabilities, but after using it for our daily tasks for quite some time, we’ve realized there are some forms of functionality for situations the authors did not build into the tool. This presentation is intended to motivate the audience to think outside the confines of the current capabilities IDA provides. We will present ideas for solutions to help overcome many tedious tasks and common pitfalls faced by reverse engineers. Starting with demonstrating how to extract data from IDA to create an out-of-band database, we will then proceed to show the immediate efficiency improvements this allows. We will show how to store and subsequently query arbitrary metadata, new techniques for navigating code (complete with UI enhancements), an improved marking system, and the ability to collaborate with others by transferring marshaled objects from one IDA instance to another. Additionally, we will demonstrate both intra- and inter-function path finding capability based off of our custom query language and external graph database. The benefits these capabilities bestow will become apparent when we show how you can tie in an external debugger to perform arbitrary analysis (hit tracing, taint analysis, and so on) to complement your static reverse engineering efforts.