Reverse engineering of black-box binaries with symbolic and concolic execution techniques

Presented at REcon 2022, June 3, 2022, 11:30 a.m. (30 minutes).

Big control-flow graphs are scary! Imagine opening a target and IDA tells you that the graph is too big to be displayed on screen. A great tool to circumvent this issue is symbolic execution, a technique where you can match binary state with the corresponding input that caused its execution.

You can use symbolic and concolic execution to find constraints in crackme solving, for deobfuscation purposes and even advanced fuzzing of complex binaries.

In this workshop we will take a crackme challenge and learn how to speed up our reverse engineering process via smt solving and symbolic execution. We will get some hands-on experience using the angr framework and learn how to identify and fix common issues that you're dealing with when using it. After this workshop big control-flow graphs won't be as daunting anymore, you will know when and how to apply symbolic execution, gain an edge in ctf solving and have some hands-on experience using the angr framework.

Presenters:

• Jannis Kirschner
  Jannis is a Swiss Vulnerability Researcher and CTF player. With a passion for reverse engineering and exploit development, he loves to analyze cutting edge technology, finding flaws in highly secured systems and complex applications. With his research team suid.ch he discovered critical flaws in highly sensitive systems like electronic voting systems or wifi routers. Jannis regularly participates in national and international cybersecurity competitions and shares his knowledge at conferences and events all over the world.

Links:

• https://cfp.recon.cx/2022/talk/UJYPAS/

Similar Presentations:

• BSides Austin 2016 / WORKSHOP: Symbolic Execution: No need to be angr-y
• ToorCon San Diego 20 (2018) / Symbolic Computing, Moving On Up.
• Black Hat Europe 2016 / Code Deobfuscation: Intertwining Dynamic, Static and Symbolic Approaches