Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visual Reverse Engineering

Published byAlexis Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "Visual Reverse Engineering"— Presentation transcript:

1 Visual Reverse Engineering
Willy Vasquez

2 Background Willy Vasquez Rising Senior at MIT
Studying Computer Science and Engineering Research with Shafi Goldwasser Intern at Symantec Mobility Management Group

3 Source Work of Christopher Domas of the Battelle Memorial Institute
Brief overview of his talk at REcon The Future of RE: Dynamic Binary Visualization

4 Reverse Engineering The goal is to answer “what is this and what does it do?”

5 From Art to Science Lots of time to identify patterns
Finding the patterns is an art.

6 Visual RE Taking a computationally difficult task and translating it to a problem our brains naturally do Traversing thousands of lines of hex and making sense of it in 20 seconds

7 Why improve? Steganography Obfuscation Embedded Devices
Unknown formats

8 Why improve? Our current best RE tools are completely dependent on known structure Gates’ Law Software is getting slower more rapidly than hardware becomes faster Amount of Information we need to analyze is growing exponentially

9 Background Ideas Greg Conti Aldo Cortesi US Military Academy Blackhat
Nullcube corte.si Greg Conti: Aldo Cortesi:

10 Conti’s Idea Even in unstructured data there are relationships, especially among local hex bytes Digraphs

11 Conti’s Idea Audio Ascii Image

12 Cortesi’s Work Mapping data to Hilbert curves

13 Building on Concepts Goal: Understanding data independent of format

14 ..cantor.dust.. Named after Georg Cantor
Works off of emphasizing the idea of relationships between binary information

15 3D Digraphs

16 Entropy Explorer 23:00 in the video

17 ..cantor.dust.. classification
Bayesion Method to classify certain types of formats

18 ..cantor.dust.. parsing Current binary parsing
Recursive descent: IDA style that follows patterns and calls in code Linear sweep: objdump and goes through in linear fashion Rely on a structures grammar ..cantor.dust.. Uses probabilistic parsing, which does not rely on grammar

19 ..cantor.dust.. parsing

20 ..cantor.dust.. summary A new way to look at binary information
Can find demo from blackhat presentation: No updates since last summer

21 Sources The full talk and slides located on the recon.cx website:

Download ppt "Visual Reverse Engineering"

Similar presentations

The Future of RE: Dynamic Binary Visualization

The Future of RE: Dynamic Binary Visualization
Chapter 1.0 The Information Age & Digital Computers.

Chapter 1.0 The Information Age & Digital Computers.
Interpreting Data. Asking questions (for science) and defining problems (for engineering) Developing and using models Planning and carrying out investigations.

Interpreting Data. Asking questions (for science) and defining problems (for engineering) Developing and using models Planning and carrying out investigations.
CPSC 325 - Compiler Tutorial 9 Review of Compiler.

CPSC Compiler Tutorial 9 Review of Compiler.
BA271 -- Week 10 Course overview, ideas about the IS field’s future Dave Sullivan.

BA Week 10 Course overview, ideas about the IS field’s future Dave Sullivan.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with Programming Logic & Design First Edition by Tony Gaddis.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with Programming Logic & Design First Edition by Tony Gaddis.
1 Program Understanding Steve Chenoweth CSSE 375, Rose-Hulman Based on Don Bagert’s 2006 Lecture.

1 Program Understanding Steve Chenoweth CSSE 375, Rose-Hulman Based on Don Bagert’s 2006 Lecture.
Representing Information as Bit Patterns

Representing Information as Bit Patterns
CIS105 Chapter 1 Theory Review. Page 2 Hardware and Software are the two major components o any computer system Hardware is the set of physical devices.

CIS105 Chapter 1 Theory Review. Page 2 Hardware and Software are the two major components o any computer system Hardware is the set of physical devices.
Quantum Computation and Error Correction Ali Soleimani.

Quantum Computation and Error Correction Ali Soleimani.
Assistive Technology Tools Alisha Little EDN 303-002 Dr. Ertzberger.

Assistive Technology Tools Alisha Little EDN Dr. Ertzberger.
Chapter 17 Programming Tools The Architecture of Computer Hardware and Systems Software: An Information Technology Approach 3rd Edition, Irv Englander.

Chapter 17 Programming Tools The Architecture of Computer Hardware and Systems Software: An Information Technology Approach 3rd Edition, Irv Englander.
©Brooks/Cole, 2003 Chapter 2 Data Representation.

©Brooks/Cole, 2003 Chapter 2 Data Representation.
Assistive Technology Russell Grayson EDUC 504 Summer 2006.

Assistive Technology Russell Grayson EDUC 504 Summer 2006.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Overview of Computing. Computer Science What is computer science? The systematic study of computing systems and computation. Contains theories for understanding.

Overview of Computing. Computer Science What is computer science? The systematic study of computing systems and computation. Contains theories for understanding.
The CPU CPU stands for “Central Processing Unit”. It’s the brain of the computer and it’s in the Case. The Case can be desktop models that the monitor.

The CPU CPU stands for “Central Processing Unit”. It’s the brain of the computer and it’s in the Case. The Case can be desktop models that the monitor.
W HAT IS H ADOOP ? Hadoop is an open-source software framework for storing and processing big data in a distributed fashion on large clusters of commodity.

W HAT IS H ADOOP ? Hadoop is an open-source software framework for storing and processing big data in a distributed fashion on large clusters of commodity.
1 Computers and Representations Ascii vs. Binary Files Over the last few million years, Earth has experienced numerous ice ages when vast regions of the.

1 Computers and Representations Ascii vs. Binary Files Over the last few million years, Earth has experienced numerous ice ages when vast regions of the.
Why does it matter how data is stored on a computer? Example: Perform each of the following calculations in your head. a = 4/3 b = a – 1 c = 3*b e = 1.

Why does it matter how data is stored on a computer? Example: Perform each of the following calculations in your head. a = 4/3 b = a – 1 c = 3*b e = 1.

Similar presentations

Ads by Google