📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> rakish's Blog

Created: Thursday, March 27 2008 15:38.13 CDT  
Printer Friendly ...
Researches - Binary Analysis in Progress
Author: rakish # Views: 2824

Hi, i'm new here and in RCE world!

Since i have started my little experience i found a great project at UC Berkley.That project is BitBlaze, i guess that someone here already saw it.

"The BitBlaze project aims to design and develop a powerful binary analysis platform and employ the platform in order to (1) analyze and develop novel COTS protection and diagnostic mechanisms and (2) analyze, understand, and develop defenses against malicious code. The BitBlaze project also strives to open new application areas of binary analysis, which provides sound and effective solutions to applications beyond software security and malicious code defense, such as protocol reverse engineering and fingerprint generation."
http://bitblaze.cs.berkeley.edu

In my experience i have found some automated tools but just inside heuristic analysis in anti-malwares.

What do you guys think about it become reality?
Already exist some automated frameworks at this "level" of analysis?

Note: English is not my native language.


Blog Comments
MohammadHosein Posted: Thursday, March 27 2008 15:53.19 CDT
what is "novel" about it ?

MFox Posted: Thursday, March 27 2008 17:50.20 CDT
ERESI project !?
http://www.eresi-project.org/

RolfRolles Posted: Thursday, March 27 2008 18:20.46 CDT
When I first went professional, I thought that academia (with the exception of cryptography and program analysis) was missing the point when it came to computer security, and so I mostly ignored it (modulo some interesting results from time to time) in favor of what the hard-core sector of the industry was producing (e.g. what you see at the major conferences).  I was wrong; BitBlaze is proof.

About BitBlaze, the first and (IMO) most accessible publication in the BitBlaze series was 2005's TaintCheck, a system built on top of Valgrind/DynamoRIO (using so-called dynamic taint analysis) to automatically detect exploitation conditions at run-time, and furthermore generate an IDS signature from whatever triggered the vulnerability (not as easy).  The dynamic binary instrumentation framework evolved into TEMU, an instrumented version of QEMU, which allows for system-wide analysis.  The project also includes static and mixed static/dynamic components, linked below.

Some spin-off papers for those interested:

* Renovo is an automatic unpacker which is powerful yet simple in concept;
* Panorama is a tool that detects malicious browser-helper objects;
* Polyglot is a tool that produces WireShark protocol definitions based on dynamic binary analysis.

If I had to take a stab at what was "novel" about the BitBlaze project, I'd say it's a combination of innovative ideas, keen insight into security issues on the binary level, sophisticated technologies only accessible to those with advanced degrees, and most importantly its track record.  But this is all just my opinion; read the papers and form your own.  

If you want to see some related projects, check out LibFlayer and Argos, both of which come with source.

sovietskicpu Posted: Thursday, March 27 2008 19:38.37 CDT
Hi Rolf ;)

RabidCicada Posted: Friday, March 28 2008 10:10.56 CDT
I'd also note the wording where it states that they intend to use the platform to develop novel protections....not that the platform itself is novel.

rakish Posted: Friday, March 28 2008 12:58.46 CDT
be careful that is a malformed expression that exploited your minds, use some taint analysis to detect the behavior, maybe nothing has occur!
maybe its a rootkit to control you later ...

jk is so far more easy you control me =p

hey guys, thanks for reply, i'll keep my eyes on this project, about the ERESI seems to be a nice framework too

well i'm just newbie, i have so much things to learn ...

RolfRolles Posted: Monday, March 31 2008 03:03.49 CDT
Here's something else interesting from the BitBlaze crowd (at least, three-fourths of the authors are members of that project), some more evidence that academia has surpassed the industry:  a paper entitled "Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications".



Add New Comment
Comment:









There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit