Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bug hunting through_reverse_engineering

286 views

Published on

A brief introduction into fuzzing and software reverse engineering

Published in: Software
  • Be the first to comment

Bug hunting through_reverse_engineering

  1. 1. Bug Hunting Through Reverse Engineering d.monkey @ echo.or.id
  2. 2. Reverse Engineering
  3. 3. Reverse Engineering
  4. 4. Reverse Engineering -ETOOBIG
  5. 5. Software Hardware Computer
  6. 6. Software Hardware Computer Application Operating System Firmware HW
  7. 7. Software Hardware Computer Application Operating System Firmware HW
  8. 8. Application Computer Virtual Machines Native Application
  9. 9. Virtual Machines Computer Applications Native Application
  10. 10. Virtual Machines Applications Native Application Bytecode ISA Opcode
  11. 11. Virtual Machines Application based Virtual Machines Java Applications Python PHP Javascript
  12. 12. Native Applications Native Applications C / C++ Golang Rust Ocaml
  13. 13. Native Applications Native Applications C / C++ Golang Rust Ocaml
  14. 14. Native Apps C / C++ Source Code Compiler Native Apps
  15. 15. The Reason • Development With No Access To Source Code • Bypass Restrictions • Malware Analysis • Bug Hunting & Exploit Development • Self-Satistification of curiosity.
  16. 16. Another Reason
  17. 17. Another Reason
  18. 18. The Reason • Development With No Access To Source Code • Bypass Restrictions • Malware Analysis • Bug Hunting & Exploit Development • Self-Satistification of curiosity.
  19. 19. Exploit Development Fuzzing Analyze Exploitations
  20. 20. Fuzzing Generate Testcase Feed Input to Program Crash Repeat
  21. 21. Reversing and Fuzzing • RE is hard if the target is too complex. • RE is hard if such obfuscations implemented in the target • Fuzzing sometimes it just works, but without RE it’s just a plain bugs with no prior knownledge to exploit.
  22. 22. Reversing Nightmare • Software Obfuscations • Packer / Self Modifying Code • Code Flattening, Subtitutions, Dead Code Insertions, Etc. • Self Virtual Machines
  23. 23. Reversing Nightmare
  24. 24. Reversing Nightmare
  25. 25. Reversing Nightmare
  26. 26. Reversing Nightmare
  27. 27. Reversing Nightmare • Software Obfuscations • Packer / Self Modifying Code • Code Flattening, Subtitutions, Dead Code Insertions, Etc. • Self Virtual Machines
  28. 28. Bug Classes • Memory Corruptions • Race Conditions • Weak Cryptographic • Implementation / Architectural Flaw
  29. 29. Reverse Engineering Native Apps • Static Analysis • Dynamic Analysis
  30. 30. Static Analysis Native Apps Disassemble Analyze
  31. 31. Static Analysis • Pros • Good for analyzing a small apps / specific functions • Best to find implementation flaw a bad features • Cons • If the apps is to big it’s hard to find bugs • Hard to analyze if such obfuscations applied
  32. 32. Tool for Static Analysis
  33. 33. Dynamic Analysis Native Apps Emulate / Debugger Analyze
  34. 34. Dynamic Analysis • Pros • Good for analyzing obfuscated apps. • Good for analyzing complex apps. • Cons • Need to run apps so for some big apps is quite computations heavy.
  35. 35. Native Apps C / C++ Source Code Compiler Native Apps
  36. 36. LLVM
  37. 37. Native Apps C / C++ Source Code Compiler Native Apps Backend Frontend PASS
  38. 38. LLVM
  39. 39. LLVM IR
  40. 40. Fuzzing
  41. 41. Fuzzing with LibFuzzer C / C++ Source Code Compiler Native Apps Backend Frontend LibFuzzer LLVM PASS
  42. 42. Fuzzing with LibFuzzer Native Apps Compiler Native Apps Backend Frontend LibFuzzer Disassembler Bitcode Translations
  43. 43. DEMO

×