A Code Pirate's Cutlass: Recovering Software Architecture from Embedded Binaries

Presented at REcon 2018, June 17, 2018, 11 a.m. (30 minutes)

Large binaries produce giant call graphs and dividing up functionality in an automated way is difficult. This talk introduces the CodeCut problem: given the call graph of a large binary, segment the graph to recover the original object file boundaries. It also introduces local function affinity (LFA), a measurement representing the directionality of a function's relationship to nearby functions. It applies LFA to solve the CodeCut problem. It shows some useful applications, including automated module-to-module call graphs (extracting software architecture), and automated section naming based on common strings. Finally we'll discuss success metrics for CodeCut solutions.


Presenters:

  • evm
    evm has been staring at code for over a decade. A recovering Windows internals guy, he now spends most of his time in embedded systems. At JHU/APL he helped start an RE working group, and a hacker magazine. He enjoys teaching the young'ns how to snatch the error code from the trap frame.

Links:

Similar Presentations: