Dynamic binary analysis using angr siddharth muralee
- 1. DYNAMIC BINARY ANALYSIS USING ANGR Presented by : Siddharth M Cysinfo Meetup - July 17 1
- 2. About me Siddharth M ( @tr3x) 2nd Year BTech CSE student at Amrita University Member of team bi0s Focusing on Reverse Engineering 2
- 4. Outline What is Binary Analysis ? Introduction to Angr Various uses of Angr Symbolic Execution Using Angr to perform SE Hooking Using Angr to perform Hooking 4
- 5. Process of analysing an executable to gain a better idea of its working is called Binary analysis 5
- 6. Why do we need to Automate it? Save a lot of time and effort Avoid human error Cost - effective Boring All factors accounted for 6
- 7. Angr Shellphishs entry for DARPAs CGC - came 3rd Python based framework Open Source Can detect and exploit vulnerabilities Installation instructions at angr.io www.angr.io7
- 8. Various uses of Angr Control Flow Graph recovery Symbolic Execution ROP chain generation Binary Hardening Exploit Generation 8
- 9. Symbolic Execution Analysing a program to determine the input/inputs to be given to make each part of the program to execute. 9
- 11. Angr and Symbolic Execution Symbolic variables Finds paths that are important Makes constrains related to the variable Solves those constraints using z3 11
- 12. Demo Challenge : unbreakable-enterprise Google CTF 2016 12
- 13. Hooking Hooking is a technique used while reverse engineering where certain instructions/calls are replaced with custom made functions and calls. 13
- 14. Hooking is used for Faster Reverse Engineering Tracing function calls Parameter checking Logging 14
- 15. Demo 2 15
- 16. Summary Angr uses symbolic variables and constraints to find out more about executable. Angr can hook functions Paths , Path groups States - entry state , blank state explore - find, avoid se - solver engine Claripy Library functions 16