1 / 21

Visual Reverse Engineering

Visual Reverse Engineering. Willy Vasquez. Background. Willy Vasquez Rising Senior at MIT Studying Computer Science and Engineering Research with Shafi Goldwasser Intern at Symantec Mobility Management Group. Source. Work of Christopher Domas of the Battelle Memorial Institute

nikki
Download Presentation

Visual Reverse Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Visual Reverse Engineering Willy Vasquez

  2. Background • Willy Vasquez • Rising Senior at MIT • Studying Computer Science and Engineering • Research with Shafi Goldwasser • Intern at Symantec Mobility Management Group

  3. Source • Work of Christopher Domas of the Battelle Memorial Institute • Brief overview of his talk at REcon • The Future of RE: Dynamic Binary Visualization

  4. Reverse Engineering • The goal is to answer “what is this and what does it do?”

  5. From Art to Science • Lots of time to identify patterns • Finding the patterns is an art.

  6. Visual RE • Taking a computationally difficult task and translating it to a problem our brains naturally do • Traversing thousands of lines of hex and making sense of it in 20 seconds

  7. Why improve? • Steganography • Obfuscation • Embedded Devices • Unknown formats

  8. Why improve? • Our current best RE tools are completely dependent on known structure • Gates’ Law • Software is getting slower more rapidly than hardware becomes faster • Amount of Information we need to analyze is growing exponentially

  9. Background Ideas • Greg Conti • US Military Academy • Blackhat • Aldo Cortesi • Nullcube • corte.si

  10. Conti’s Idea • Even in unstructured data there are relationships, especially among local hex bytes • Digraphs

  11. Conti’s Idea Audio Ascii Image

  12. Cortesi’s Work • Mapping data to Hilbert curves

  13. Building on Concepts • Goal: Understanding data independent of format

  14. ..cantor.dust.. • Named after Georg Cantor • Works off of emphasizing the idea of relationships between binary information

  15. 3D Digraphs

  16. Entropy Explorer

  17. ..cantor.dust.. classification • Bayesion Method to classify certain types of formats

  18. ..cantor.dust.. parsing • Current binary parsing • Recursive descent: IDA style that follows patterns and calls in code • Linear sweep: objdump and goes through in linear fashion • Rely on a structures grammar • ..cantor.dust.. Uses probabilistic parsing, which does not rely on grammar

  19. ..cantor.dust.. parsing

  20. ..cantor.dust.. summary • A new way to look at binary information • Can find demo from blackhat presentation: https://media.blackhat.com/bh-us-12/Arsenal/Domas/_cantor.dust_.7z.zip • No updates since last summer

  21. Sources • The full talk and slides located on the recon.cx website: • http://recon.cx/2013/schedule/events/20.html

More Related