Triaging Crashes with Backward Taint Analysis for ARM Architecture

Presented at Black Hat Europe 2015, Unknown date/time (Unknown duration).

We have developed a set of tools for analyzing crashes that occur on Linux OS and ARM architecture to determine exploitability with taint analysis for practical use. For the analysis, Dynamic Binary Instrumentation (DBI) is required to extract context information of each instruction at runtime. Unfortunately, most existing DBI tools have been developed for x86 architecture. Therefore, we have developed a dedicated tool called ARM-Tracer based on ptrace system call. ARM-Tracer can dynamically trace a specific thread in the multi-threaded environment and generate a trace log until the target gets crashed. Then, the trace log is analyzed by another tool that we have developed to perform the backward taint analysis on Desktop for efficiency. The tool is named ARM-Analyzer, a stand-alone GUI application developed in C# language, which lets us know whether the crash is affected by the input data. For this, we analyzed ARM instructions to identify taint objects of each instruction. During this talk, we will demonstrate our tools by applying them to an Android application for the crash analysis. We will also release our tools at Black Hat.


Presenters:

  • Dongwoo Kim - Chungnam National University
    Dongwoo Kim is a PhD student at Chungnam National University in the Republic of Korea. He is majoring in Computer Communications and Security. His main research areas are system hacking, mobile hacking, and digital forensics.
  • Sangwho Kim - Chungnam National University
    Sangwho Kim is working on his masters at Chungnam National University in the Republic of Korea. He is majoring in Computer Communications and Security. His main research areas are system hacking, mobile hacking, and vulnerability analysis.

Links:

Similar Presentations: