VDT is one of the projects I’m most proud of, partly because it seems to keep inspiring other people’s work 7 years later (and counting!). It is a dynamic dataflow analyzer designed to aid software vulnerability analysts. It traces across a reproduceable crashing execution while dumping a lot of this trace information into a file. It then runs a backwards DF analysis on that file, trying to correlate the faulting data with the user-input as it was present in the process address space. What it means is that with very little effort, VDT can tell you something like “the input that crashed this program is those 2 bytes at offset 0x1234 of your malicious file”. I presented VDT in details in SOURCE Barcelona 2009, so I highly suggest that the interested visitor checks the presentation out. This presentation is titled “Triaging Bugs with Dynamic Dataflow Analysis” and basically covers the rationale behind the Visual Data Tracer and its implementation. I also did a demo during the presentation, but it was done part off-line (showing on slides) and part live. Without showing the live part the demo is pretty meaningless but I decided to upload the demo slides too, anyway, in case anyone is that curious.
An article written by Rodrigo “BSDaemon” Branco about VDT was later published on Phrack #67, explaining VDT further, and serves as additional reference as well as a point of download for the code. At Black Hat Europe 2015, Dongwoo Kim and Sangwho Kim ported much of the VDT concepts to ARM, when presenting Triaging Crashes with Backward Taint Analysis for ARM Architecture. More recently, at BlackHat Las Vegas 2016, Rodrigo and Rohit Mothe took VDT to a new level when presenting DPTrace.
The H2HC/uCon Presentation
In 2008, at H2HC 5th Edition, and in 2009 at uCon I did this presentation called “Practical (Introduction to) Reverse Engineering”. I first presented this at H2HC following a suggestion by the conference organization after having read an article I had published months earlier. In the paper, titled “Cracking CrackMes”, I talked a little bit about using basic reverse engineering techniques to defeat ‘crackme’ challenges. I had written this as part of my work as a security researcher for Scanit ME and it probably got some attention when, just a couple of months after publishing it, I won the Capture The Flag contest at the Hack in The Box conference in Dubai, 2008. The organizers at H2HC suggested that I transposed that content to a presentation, showing the techniques live. I did that and extended the concept a little bit. I tried to cover some of the tools used by reverse engineers and also tried to do something for the more advanced spectators, which resulted in LEP being conceived. LEP is a dynamic datafllow analyzer, that started as a simple concept and evolved to become the Visual Data Tracer.