Pedram Amini - PaiMei and the Five Finger Exploding Palm RE Techniques

There are a slew of languages, tools, interfaces and file formats for various reverse engineering tasks. Making tools play nice together and deciding how to develop new tools is a cumbersome process. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei was created for personal use and after much debate it was decided to release the majority of the toolkit to the public. This presentation will introduce PaiMei, discuss the architecture and design, demonstrate various uses and benefits and provide a foundation for attendees to build their own RE toys on top of the framework. Time permitting, some interesting case studies will be shared with the audience.

PaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more.

Bio

Pedram Amini currently leads the security research and product security assessment team at TippingPoint, a division of 3Com. Previous to TippingPoint, he was the assistant director and one of the founding members of iDEFENSE Labs. Despite the fancy titles he spends much of his time in the shoes of a reverse engineer- developing automation tools, plug-ins and scripts for software like IDA Pro and OllyDbg.

In conjunction with his passion for the field, he launched OpenRCE.org, a community website dedicated to the art and science of reverse engineering. He has previously presented at DefCon, RECon, ToorCon and Black Hat. Pedram holds a computer science degree from Tulane University.
http://www.openrce.org