Version alpha

lecture: Sum Total of ISA Knowledge

Analyzing Your Binary Analysis Tools

Event large

Hardware debug support or correct emulation often isn't available for embedded targets you'd like to reverse. This leaves static analysis. There are various recent tools that can augment manual RE labor by lifting the architecture to some IR, then running solvers or emulators on it. Their support of niche architectures tends to be incomplete.

Fortunately, the same program analysis techniques those tools implement can be run on the tools themselves. We're going to measure the architecture support of some popular emulators and lifters through black-box fuzzing, binary symbolic execution, and variations in between. From these measurements we'll generate verification conditions that must hold for the code under analysis by the tools to have any hope of correct results. We'll then selectively apply existing dynamic analysis tools to various portions of low-level firmware, with some assurance that the outputs are meaningful.


Day: 2018-06-17
Start time: 15:00
Duration: 00:30
Room: Grand salon
Track: Firmware Reverse Engineering



Concurrent Events