Download presentation
1
Visual Reverse Engineering
Willy Vasquez
2
Background Willy Vasquez Rising Senior at MIT
Studying Computer Science and Engineering Research with Shafi Goldwasser Intern at Symantec Mobility Management Group
3
Source Work of Christopher Domas of the Battelle Memorial Institute
Brief overview of his talk at REcon The Future of RE: Dynamic Binary Visualization
4
Reverse Engineering The goal is to answer “what is this and what does it do?”
5
From Art to Science Lots of time to identify patterns
Finding the patterns is an art.
6
Visual RE Taking a computationally difficult task and translating it to a problem our brains naturally do Traversing thousands of lines of hex and making sense of it in 20 seconds
7
Why improve? Steganography Obfuscation Embedded Devices
Unknown formats
8
Why improve? Our current best RE tools are completely dependent on known structure Gates’ Law Software is getting slower more rapidly than hardware becomes faster Amount of Information we need to analyze is growing exponentially
9
Background Ideas Greg Conti Aldo Cortesi US Military Academy Blackhat
Nullcube corte.si Greg Conti: Aldo Cortesi:
10
Conti’s Idea Even in unstructured data there are relationships, especially among local hex bytes Digraphs
11
Conti’s Idea Audio Ascii Image
12
Cortesi’s Work Mapping data to Hilbert curves
13
Building on Concepts Goal: Understanding data independent of format
14
..cantor.dust.. Named after Georg Cantor
Works off of emphasizing the idea of relationships between binary information
15
3D Digraphs
16
Entropy Explorer 23:00 in the video
17
..cantor.dust.. classification
Bayesion Method to classify certain types of formats
18
..cantor.dust.. parsing Current binary parsing
Recursive descent: IDA style that follows patterns and calls in code Linear sweep: objdump and goes through in linear fashion Rely on a structures grammar ..cantor.dust.. Uses probabilistic parsing, which does not rely on grammar
19
..cantor.dust.. parsing
20
..cantor.dust.. summary A new way to look at binary information
Can find demo from blackhat presentation: No updates since last summer
21
Sources The full talk and slides located on the recon.cx website:
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.