ripr - Run Slices of Binary Code from Python

Presented at ShmooCon XIII (2017), Jan. 15, 2017, 10 a.m. (60 minutes).

Ripr takes a user selected slice of binary code and creates a Python script with identical functionality. This cuts down, or eliminates, time spent reimplementing functionality from a target binary such as custom cryptographic algorithms, key-generation routines, obfuscated code, et cetera. This allows a reverse engineer to spend more time focusing on the big picture, and less time on bug-prone re-implementations. Further, ripr generates its code in a natural way, allowing for convenient interaction with existing code.

Currently, ripr is implemented as a Binary-Ninja plugin and utilizes the Unicorn Engine to actually emulate binary code. This talk will discuss how ripr works at a technical level and describe the static-analysis methodologies ripr uses to package code. It will follow with several live demos and a discussion of the tool's limitations. The code will be open sourced at the end of the talk.


Presenters:

  • Patrick Biernat
    Patrick Biernat is a recent graduate of Rensselaer Polytechnic Institute (RPI) and member of RPISEC. He plays CTFs whenever he can and tends to focus on either tearing up binaries or poking holes in crypto.

Similar Presentations: