Sophia's talk on using advanced features of the Binary Ninja API for vulnerability analysis is next up #youkillityoueatit
-
-
Why not BAP? Flags are explicit, poor readability, OCaml. Why not VEX? Reg names are abstracted, single assignment, 1000 instructions.
-
Why not REIL? Only 17 insts. LLVM IR? Hard to lift to, expects types, made for compiling not binary analysis. ps seehttps://github.com/trailofbits/mcsema …
-
Rusty is explaining the finer points of the Binja processing pipeline and how it turns out an easily readable IL.
-
Sophia up now to show what you can do with the Binja tools. Check the API at http://api.binary.ninja/search.html
-
Sophia's 1st example: find where a program writes data to the stack. Easy to write, all python. Finds candidate stack smashes.
-
2nd example: Find all uninitialized variables in a program. Takes advantage of SSA form feature in Binja. Script is trivially small.
-
3rd example: Use Binja analyses to take practical advantage of symbolic execution. Usually too slow, but can target analysis with Binja.
-
3: Goal here is to find type confusion bugs with sign analysis. Ran the tool on PHP and it can find CVE-2016-6289. https://blog.fortinet.com/2016/08/10/analysis-of-php-s-cve-2016-6289-and-cve-2016-6297 …
-
4th example: find use-after-free with Binja. Reimplement earlier project from
@trailofbits in simpler form:https://blog.trailofbits.com/2016/03/09/the-problem-with-dynamic-program-analysis/ … -
5th example: devirtualize C++, make code readable again! https://blog.trailofbits.com/2017/02/13/devirtualizing-c-with-binary-ninja/ …
-
Sophia suggests checking out the
@trailofbits Binja script repo for more code and ideas:https://github.com/trailofbits/binjascripts … -
How fast is Binja? Ran sign analysis on JavaScriptCore, can load Chrome Debug build, etc. Binja is all 64-bit code. "RAM is made to be used"
-
Can you look at dynamic content? No, but take a memory snapshot and load that for analysis.
-
I've been informed Sophia D'Antoine has joined Twitter! Follow her at
@Calaquendi44 for more updates on program analysis and VR.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.