reassembleable disassembly shuai wang, pei wang, dinghao wu presented by chuong ngo
TRANSCRIPT
![Page 1: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/1.jpg)
Reassembleable Disassembly
Shuai Wang, Pei Wang, Dinghao Wu
Presented by Chuong Ngo
![Page 5: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/5.jpg)
Identifying Bugs, Flaws, and Exploits
Study the specifications/papers detailing the techniques and algorithms.
Penetration test the implementation.
Study the implementation.
Get lucky.
![Page 6: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/6.jpg)
Identifying Bugs, Flaws, and Exploits
Study the specifications/papers detailing the techniques and algorithms.
Penetration test the implementation.
Study the implementation.
Get lucky.
![Page 7: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/7.jpg)
Identifying Bugs, Flaws, and Exploits
Study the specifications/papers detailing the techniques and algorithms.
Penetration test the implementation.
Study the implementation.
Get lucky.
But what if you don’t have the source code?
![Page 8: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/8.jpg)
Back to the Source
![Page 9: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/9.jpg)
Review of Compilation Process
Stripped Binary
![Page 10: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/10.jpg)
Disassemblers
IDA Pro-best commercial
EXE to assembly to C.
Not reassembleable.
MC-Semantics
Object to binary only
Reassembleable
Lower performance
![Page 11: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/11.jpg)
Binary Rewriting Tools
Specific compiler or non-stripped binary.
Re-compiled binary bloat.
Large execution overhead.
Not reassembleable.
![Page 12: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/12.jpg)
Code Relocatability is Key to Reassembility
![Page 13: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/13.jpg)
Problem of Relocatability - Data or Reference?
![Page 14: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/14.jpg)
Problem of Relocatability - Data or Reference?
Disassembler needs to symbolize references
![Page 15: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/15.jpg)
Types of Symbol References
![Page 16: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/16.jpg)
Methodology
Simple filter for c2X.4/8 byte aligned.d2d irrelevant.Find jump tables.
![Page 17: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/17.jpg)
Enter Oroboros
![Page 18: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/18.jpg)
Architecture of Uroboros
![Page 19: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/19.jpg)
Architecture of Uroboros
![Page 20: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/20.jpg)
Architecture of Uroboros
![Page 21: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/21.jpg)
Oroboros Evaluation
![Page 22: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/22.jpg)
Evaluation Corpora
![Page 23: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/23.jpg)
Evaluation Corpora
224 total
A1: Coreutils (103)
A2: Real (7)
A3: SPEC2006 C
![Page 24: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/24.jpg)
32-bit Binary Accuracies
![Page 25: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/25.jpg)
64-bit Binary Accuracies
![Page 26: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/26.jpg)
32-bit Binary Execution Overhead
![Page 27: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/27.jpg)
32-bit Binary Processing Times
![Page 28: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/28.jpg)
Summary
Reassembeable disassembly needed
Symbolization solves code relocatability
Uroboros comprised of Disassembly and Analysis module
Compiler independent
No C++ support
![Page 29: Reassembleable Disassembly Shuai Wang, Pei Wang, Dinghao Wu Presented by Chuong Ngo](https://reader036.vdocuments.mx/reader036/viewer/2022062517/56649ee45503460f94bf33ab/html5/thumbnails/29.jpg)
Questions
Why did the authors choose to report false positives and false negatives?
Was reporting on the first and last 10 programs, arranged alphabetically, a good idea?
What could explain the outliers in the reported processing times and execution overhead?