|
From: Yan <ya...@ya...> - 2015-08-11 10:15:28
|
Hi guys, About two years ago, I sent along a link to a project called PyVEX (now here: https://github.com/angr/pyvex), which exposed libVEX in Python for static binary analysis, and talked to some of you about it at FOSDEM 2014. Since then, we (the Computer Security Lab at UC Santa Barbara) have been hard at work building a full-fledged binary analysis framework around VEX. We've used it in a few academic works (for example, to detect backdoors in firmware [1] [2]) and to qualify for the DARPA Cyber Grand Challenge [3]. Last Saturday, at Defcon, we open sourced the whole thing! Here it is: http://angr.io. angr is mostly targeted at static analysis and concolic execution, using VEX as the binary translation layer. For now, we're still hacking up our own branch of VEX to make things work well statically, but it's still on our todo list (manpower is an issue) to propose and implement a nice refactor of VEX so that it's as nice to use statically as it is dynamically. I wanted to let you guys know, in case anyone is interested in playing around with it and using it. We'd love to hear what you think of it and always appreciate issues and pull requests. Thank you for building such a useful library! - Yan [1] http://www.internetsociety.org/doc/firmalice-automatic-detection-authentication-bypass-vulnerabilities-binary-firmware [2] https://www.blackhat.com/us-15/briefings.html#using-static-binary-analysis-to-find-vulnerabilities-and-backdoors-in-firmware [3] http://www.independent.com/news/2015/jul/14/ucsb-hackers-win-750000/ |