1. InfoconDB
  2. ShmooCon
  3. ShmooCon 2023
  4. It Must Be Nice to Have Washington on Your Side: Unlinking Binaries on the DARPA Assured Micropatching Program

It Must Be Nice to Have Washington on Your Side: Unlinking Binaries on the DARPA Assured Micropatching Program

Presented at ShmooCon 2023, Jan. 22, 2023, 11 a.m. (60 minutes)

A whole lifetime ago at Shmoocon 2019, evm presented his work on CodeCut, helping a reverse engineer organize a firmware binary by finding object file boundaries. Since then, this work has been funded under the DARPA Assured Micropatching (AMP) program in order to build a fully-featured version for Ghidra and expand into some new functionality. Assured Micropatching is all about bringing patching practices to legacy firmware binaries. We’ll discuss the newly released open-source Ghidra version, as well as some new features we’ve developed, including a GNN-based segmenting approach, recompilable C, and “unlinking” where we output an object file in combined ELF/DWARF format.


Presenters:

  • Jonah Schimpf
    evm (@evm_sec), Amanda Lee, Jonah Schimpf, and Joshua Bailey work in the Asymmetric Operations & Force Projection Sectors at Johns Hopkins University Applied Physics Laboratory. Their groups specialize in reverse engineering, vulnerability analysis, embedded development and binary patching for a variety of embedded systems and traditional computing systems.
  • Amanda Lee
    evm (@evm_sec), Amanda Lee, Jonah Schimpf, and Joshua Bailey work in the Asymmetric Operations & Force Projection Sectors at Johns Hopkins University Applied Physics Laboratory. Their groups specialize in reverse engineering, vulnerability analysis, embedded development and binary patching for a variety of embedded systems and traditional computing systems.
  • Robert Barr
    evm (@evm_sec), Amanda Lee, Jonah Schimpf, and Joshua Bailey work in the Asymmetric Operations & Force Projection Sectors at Johns Hopkins University Applied Physics Laboratory. Their groups specialize in reverse engineering, vulnerability analysis, embedded development and binary patching for a variety of embedded systems and traditional computing systems.
  • Joshua Bailey
    evm (@evm_sec), Amanda Lee, Jonah Schimpf, and Joshua Bailey work in the Asymmetric Operations & Force Projection Sectors at Johns Hopkins University Applied Physics Laboratory. Their groups specialize in reverse engineering, vulnerability analysis, embedded development and binary patching for a variety of embedded systems and traditional computing systems.
  • evm
    evm (@evm_sec), Amanda Lee, Jonah Schimpf, and Joshua Bailey work in the Asymmetric Operations & Force Projection Sectors at Johns Hopkins University Applied Physics Laboratory. Their groups specialize in reverse engineering, vulnerability analysis, embedded development and binary patching for a variety of embedded systems and traditional computing systems.

Similar Presentations: