Miasm: Reverse Engineering Framework

Presented at Black Hat USA 2018, Aug. 8, 2018, 11:15 a.m. (50 minutes).

Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). Since then, it has been continuously improved through a daily use. The framework is made of several parts, including an assembler/disassembler for several architectures (x86, aarch64, arm, etc.), an human readable intermediate language describing their instructions' semantic, or sandboxing capabilities of Windows/Linux environment. On top of these foundations, higher level analysis are provided to address more complex tasks, such as variable backtracking and dynamic symbolic execution.

In this talk, we will introduce some of these features. The journey will start with the basics of the framework, go through symbolic emulation and function divination (Sibyl), and end with various components useful for malware analysis.

We will also talk about some of the new features which will be released for Black Hat. For example, the freshly implemented SSA transformation will be illustrated by applications in code simplification. Then, we will demonstrate how this feature, jointly with new operators description, enables more accurate code analyses. Finally, we will highlight what a better environment simulations and a wider support of recent instructions provides.

Miasm being a practical tool, each topic will be covered with real life use-cases.


Presenters:

  • Fabrice Desclaux - Research engineer, CEA
    Fabrice Desclaux works at the CEA in the SSI lab as a research engineer. He is the creator of Miasm, a reverse engineering framework (https://github.com/cea-sec/miasm). He is also the author of rr0d, the Rasta Ring 0 Debugger, an OS independent ring 0 debugger. He also worked at EADS, where he did some reverse engineering analysis on Skype (REcon 2006).
  • Camille Mougey - Research Engineer, CEA
    Camille Mougey is a security researchers working at CEA. He is one the main Miasm's developers. He is also the creator and main developer of Sibyl ([https://github.com/cea-sec/sibyl]). He enjoys reverse engineering, math and looking under the hood at algorithms to understand how to tweak them. He used to work on DRM obfuscation using auxiliary attacks (REcon 2014).

Links:

Similar Presentations: