visual reverse engineering

Download Visual Reverse Engineering

Post on 15-Feb-2016




0 download

Embed Size (px)


Visual Reverse Engineering. Willy Vasquez. Background. Willy Vasquez Rising Senior at MIT Studying Computer Science and Engineering Research with Shafi Goldwasser Intern at Symantec Mobility Management Group. Source. Work of Christopher Domas of the Battelle Memorial Institute - PowerPoint PPT Presentation


Visual Reverse Engineering

Visual Reverse EngineeringWilly VasquezBackgroundWilly VasquezRising Senior at MITStudying Computer Science and EngineeringResearch with Shafi GoldwasserIntern at Symantec Mobility Management Group

SourceWork of Christopher Domas of the Battelle Memorial InstituteBrief overview of his talk at REcon The Future of RE: Dynamic Binary Visualization

Reverse EngineeringThe goal is to answer what is this and what does it do? 4From Art to ScienceLots of time to identify patternsFinding the patterns is an art. RETaking a computationally difficult task and translating it to a problem our brains naturally doTraversing thousands of lines of hex and making sense of it in 20 seconds 6Why improve?SteganographyObfuscationEmbedded DevicesUnknown formatsWhy improve?Our current best RE tools are completely dependent on known structureGates LawSoftware is getting slower more rapidly than hardware becomes fasterAmount of Information we need to analyze is growing exponentiallyBackground IdeasGreg ContiUS Military AcademyBlackhatAldo CortesiNullcubecorte.siGreg Conti: Aldo Cortesi: www.corte.si9Contis IdeaEven in unstructured data there are relationships, especially among local hex bytesDigraphs

Contis Idea

AsciiAudioImageCortesis WorkMapping data to Hilbert curves

12Building on ConceptsGoal: Understanding data independent of format..cantor.dust..Named after Georg CantorWorks off of emphasizing the idea of relationships between binary information Digraphs

Entropy Explorer

23:00 in the video16..cantor.dust.. classificationBayesion Method to classify certain types of formats

..cantor.dust.. parsingCurrent binary parsingRecursive descent: IDA style that follows patterns and calls in codeLinear sweep: objdump and goes through in linear fashionRely on a structures grammar..cantor.dust.. Uses probabilistic parsing, which does not rely on grammar..cantor.dust.. parsing

..cantor.dust.. summaryA new way to look at binary informationCan find demo from blackhat presentation: No updates since last summer

SourcesThe full talk and slides located on the website:


View more >