Keystone Engine: Next Generation Assembler Framework

Presented at Black Hat USA 2016, Aug. 4, 2016, 9 a.m. (25 minutes)

Assembler is an application that compiles a string of assembly code and returns instruction encodings. An assembler framework allows us to build new tools, and is a fundamental component in the Reverse Engineering (RE) toolset. However, a good assembler framework is sorely missed since the ice age! Indeed, there is no single multi-architecture, multi-platform and open source framework available and the whole RE community are badly suffering from this lingering issue. We have decided to step up again to solve this challenge once and for all. We built Keystone, an assembler engine with unparalleled features: - Multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, & X86 (include 16/32/64bit). - Clean/simple/lightweight/intuitive architecture-neutral API. - Implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go & Rust available. - Native support for Windows & *nix (with Mac OSX, Linux, *BSD & Solaris confirmed). - Thread-safe by design. - Open source. This talk is going to introduce some existing assembler frameworks, then goes into details of their design/implementation and explains their current issues. Next, we will present the architecture of Keystone and the challenges of designing and implementing it. The audience will understand the advantages of our engine and see why the future is assured, so that Keystone will keep getting better, stronger and become the ultimate assembler engine of choice for the security community. Keystone aims to lay the ground for innovative works and open up new opportunities for future of security research and development. To conclude the talk, some new advanced RE tools built on top of Keystone will be introduced to demonstrate its power. Keystone has a homepage at http://www.keystone-engine.org. Full source code of our engine will be released at Black Hat USA 2016.

Presenters:

• Nguyen Anh Quynh - Independent
  As a computer security researcher, Nguyen Anh Quynh is a regular speaker at various industrial conferences such as Blackhat USA/Europe/Asia, DEFCON, Syscan, HackInTheBox, Hack.lu, Deepsec, XCon, Confidence, Hitcon, Tetcon, etc. Being a PhD holder in Computer Science, he also presented his researches in venues such as Usenix, IEEE, ACM, LNCS, etc. As a passionate coder, Dr. Nguyen is the founder and maintainer of open source frameworks Capstone, Unicorn & Keystone. Find the website for Keystone at www.keystone-engine.org

Links:

• https://www.blackhat.com/us-16/briefings.html#keystone-engine-next-generation-assembler-framework
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2016/Keystone Engine - Next Generation Assembler Framework.mp4
• https://www.youtube.com/watch?v=-vzoz_KJTps
• https://www.blackhat.com/docs/us-16/materials/us-16-Quynh-Keystone-Engine-Next-Generation-Assembler-Framework.pdf

Similar Presentations:

• Black Hat USA 2014 / Capstone: Next Generation Disassembly Framework
• Black Hat USA 2015 / Unicorn: Next Generation CPU Emulator Framework
• REcon 2016 / Keystone: the last missing framework of Reverse Engineering