A New Direction for Software Reverse Engineering and Binary Code Retrofitting

Abstract

A major obstacle in binary code based retrofitting is the immaturity of the reverse engineering tools. Currentapproaches, mostly bi""nary code patching based, to retrofitting legacy software systems have a number of drawbacksincluding performance overhead and secu""rity issues and therefore are generally inadequate. To the best of ourknowledge, there are no binary reverse engineering tools that"" can disassemble a binary executable into assemblycode which can be reassembled back in a fully automated manner, even with simple"" ~Hello, World!~ programs,especially when the binaries are commercial-off-the-shelf (COTS) software, namely they contain very littl""e symbol andrelocation information. The traditional tools do not focus on reassembleability or recompilability, but instead focus o"nrecovering more information for analysis (and manual transformation). The recovered assembly or high level code ismostly for the program analysis and understanding purpose.The fact that the reverse engineered code cannot be reassembled or recompiled back to executables has severelyrestricted the application of reverse engineering techniques in legacy software retrofitting. The analysis a"ndtransformation tools and ecosystems are disconnected and fragmented. Connecting the dots between the tools,infrastructures, and" ecosystems will have great impact on software analysis and retrofitting. I believe recompilability isthe main barrier that has led" to this fragmented ecosystem.To fill in the gap, I propose a radically different approach. We will consider the recompilability as"" the first and topmostgoal, without any compromise, and put other goals as secondary or best effort (relatively, compare to the fir"st goal).This is in sharp contrast to the traditional reverse engineering approaches which do not focus on recompilability. Ourpre"liminary study on Reassembleable Disassembling, as demonstrated by our prototype Uroboros, achieves the goal ofreassembleability. W""e will develop further, with the similar design goal to preserve the ~recompilability~ while lifting thecode to higher level langua"ges or intermediate representations.The proposed reverse engineering technology can help augment legacy software systems with moder"n securitymechanisms. Upon the completion of the proposed project, we will be able to deliver a set of new capabilitiesincluding:"" (1) an infrastructure that is suitable for retrofitting legacy software without the need for source code, (2) a toolthat can lift"" binary code to higher level languages or intermediate representations, and (3) a connected ecosystem thatis able to leverage the e"xisting analysis and transformation tools. This will allow us to address a problem space thatwas previously intractable.

Document Details

Document Type

DoD Grant Award

Publication Date

Sep 29, 2017

Source ID

N000141712894

Entities

Tags