Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dynamic binary analysis using angr siddharth muralee


Published on

Dynamic binary analysis using angr siddharth muralee

More info :

Published in: Technology
  • Be the first to comment

Dynamic binary analysis using angr siddharth muralee

  1. 1. DYNAMIC BINARY ANALYSIS USING ANGR Presented by : Siddharth M Cysinfo Meetup - July ‘17 1
  2. 2. About me ●Siddharth M ( @tr3x) ●2nd Year BTech CSE student at Amrita University ●Member of team bi0s ●Focusing on Reverse Engineering 2
  3. 3. www.ctftime.org3
  4. 4. Outline ●What is Binary Analysis ? ●Introduction to Angr ●Various uses of Angr ●Symbolic Execution ●Using Angr to perform SE ●Hooking ●Using Angr to perform Hooking 4
  5. 5. “ Process of analysing an executable to gain a better idea of its working is called Binary analysis 5
  6. 6. Why do we need to Automate it? ●Save a lot of time and effort ●Avoid human error ●Cost - effective ●Boring ●All factors accounted for 6
  7. 7. Angr ●Shellphish’s entry for DARPA’s CGC - came 3rd ●Python based framework ●Open Source ●Can detect and exploit vulnerabilities Installation instructions at www.angr.io7
  8. 8. Various uses of Angr ●Control Flow Graph recovery ●Symbolic Execution ●ROP chain generation ●Binary Hardening ●Exploit Generation 8
  9. 9. Symbolic Execution Analysing a program to determine the input/inputs to be given to make each part of the program to execute. 9
  10. 10. 10
  11. 11. Angr and Symbolic Execution ● Symbolic variables ● Finds paths that are important ● Makes constrains related to the variable ● Solves those constraints using z3 11
  12. 12. Demo Challenge : unbreakable-enterprise Google CTF 2016 12
  13. 13. Hooking Hooking is a technique used while reverse engineering where certain instructions/calls are replaced with custom made functions and calls. 13
  14. 14. Hooking is used for ●Faster Reverse Engineering ●Tracing function calls ●Parameter checking ●Logging 14
  15. 15. Demo 2 15
  16. 16. Summary ●Angr uses symbolic variables and constraints to find out more about executable. ●Angr can hook functions ●Paths , Path groups ●States - entry state , blank state ●explore - find, avoid ●se - solver engine ● Claripy ●Library functions 16