Dynamic binary analysis using angr siddharth muralee

Dynamic binary analysis using angr siddharth muralee

• 1.
  DYNAMIC BINARY ANALYSIS USING ANGR Presentedby : Siddharth M Cysinfo Meetup - July ‘17 1
• 2.
  About me ●Siddharth M( @tr3x) ●2nd Year BTech CSE student at Amrita University ●Member of team bi0s ●Focusing on Reverse Engineering 2
• 3.
  www.ctftime.org3
• 4.
  Outline ●What is BinaryAnalysis ? ●Introduction to Angr ●Various uses of Angr ●Symbolic Execution ●Using Angr to perform SE ●Hooking ●Using Angr to perform Hooking 4
• 5.
  “ Process ofanalysing an executable to gain a better idea of its working is called Binary analysis 5
• 6.
  Why do weneed to Automate it? ●Save a lot of time and effort ●Avoid human error ●Cost - effective ●Boring ●All factors accounted for 6
• 7.
  Angr ●Shellphish’s entry forDARPA’s CGC - came 3rd ●Python based framework ●Open Source ●Can detect and exploit vulnerabilities Installation instructions at angr.io www.angr.io7
• 8.
  Various uses ofAngr ●Control Flow Graph recovery ●Symbolic Execution ●ROP chain generation ●Binary Hardening ●Exploit Generation 8
• 9.
  Symbolic Execution Analysing aprogram to determine the input/inputs to be given to make each part of the program to execute. 9
• 10.
  www.shellstorm.org 10
• 11.
  Angr and SymbolicExecution ● Symbolic variables ● Finds paths that are important ● Makes constrains related to the variable ● Solves those constraints using z3 11
• 12.
  Demo Challenge : unbreakable-enterprise GoogleCTF 2016 12
• 13.
  Hooking Hooking is atechnique used while reverse engineering where certain instructions/calls are replaced with custom made functions and calls. 13
• 14.
  Hooking is usedfor ●Faster Reverse Engineering ●Tracing function calls ●Parameter checking ●Logging 14
• 15.
  Demo 2 15
• 16.
  Summary ●Angr uses symbolicvariables and constraints to find out more about executable. ●Angr can hook functions ●Paths , Path groups ●States - entry state , blank state ●explore - find, avoid ●se - solver engine ● Claripy ●Library functions 16