Next-Generation Debuggers for Reverse Engineering
Developing an Intermediate Representation for the Analysis of Binary Code
Cracking CrackMes
Abstract: Classical debuggers make use of an interface provided by the
operating system in order to access the memory of programs while they
execute. As this model is dominating in the industry and the community,
we show that our novel embedded architecture is more adapted when debuggee
systems are hostile and protected at the operating system level.
This alternative modelization is also more performant as the debugger
executes from inside the debuggee program and can read the memory
of the host process directly. We give detailed information about how
to keep memory unintrusiveness using a new technique called allocation
proxying.We reveal how we developed the organization of our multiarchitecture
framework and its multiple modules so that they allow for graphbased
binary code analysis, ad-hoc typing, compositional fingerprinting,
program instrumentation, real-time tracing, multithread debugging and
general hooking of systems. We reveal the reflective essence of our framework
by embedding its internal structures in our own reverse engineering
language, thus recalling concepts of aspect oriented programming.
Comments: I'm a co-author at this paper, together with a number of other members from the ERESI team. We wrote that to submit to Black Hat Europe 2007, where we did an homonymous presentation, given by Julien Vanegue, Thomas Garnier and myself. The rest of the authors, who were not present at the conference, are Sebastian Roy, Rafal Lesniak and Rafael Villordo.
Year: 2007
Relevant Cross-References:
Abstract: The field of Program Analysis is vast and complex. Even though it has many decades of study and advances now, some of the biggest and most pursued problems remain open for resolution. In particular, a quick search through the literature on the intersection between the disciplines of static analysis of binary programs and automated bug-finding reveals that there is a big window of opportunity open to scientists willing to engage in this exciting research field.
This work attempts to perform a survey on the state-of-the-art of the subjects touching the questions on static program analysis, binary analysis and automated bug-finding. Once properly contextualized, this document will introduce the ERESI framework, an open-source project on top of which all of this work’s implementation is based. Finally, the reader will find a detailed report of the work done to transform Intel IA-32 machine code into the ERESI LIR (Low-level Intermediate Representation), an important step to extend the analysis features of the framework in question.
Comments: This was my thesis for my B.Sc. degree. It was also my first concrete take on any kind of program analysis, reporting some of the work I've done with ERESI. It's a work I'm quite proud of, especially considering the time frame I had to do it.
Year: 2007
Relevant Cross-References:
Abstract: This article goes step-by-step through the problem of beating a 'crackme' challenge. By using different tools and discussing techniques in depth, the author teaches the beginner and intermediate reader a few tricks to get him/her started with reverse-engineering. The example used in the text is made available in the zip package.
Comments: I wrote this while working as a Security Researcher for Scanit ME, in Dubai. It's an entry-level text that will be of most use to novice reverse engineers. It's a walkthrough on beating a crackme that was used in the Capture-The-Flag contest from a previous edition of the Hack In The Box conference. Not having taken on a crackme challenge for a while, I guess this one served me as a good warm-up, for I then broke all of the crackmes of the CTF from HITB Dubai 2008, effectively winning the competition shortly after having written this article.
Year: 2008
Relevant Cross-References: