BARF : Binary Analysis and Reverse engineering Framework

BARF.

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated.

The BARF project includes BARF and related tools and packages. So far the project is composed of the following items:

• BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
• PyAsmJIT : A JIT for the Intel x86_64 and ARM architecture.
• Tools built upon BARF:
• BARFgadgets : Lets you search, classifiy and verify ROP gadgets inside a binary program.
• BARFcfg : Lets you recover the control-flow graph of the functions of a binary program.
• BARFcg : Lets you recover the call graph of the functions of a binary program.

For more information, see:

• BARF: A multiplatform open source Binary Analysis and Reverse engineering Framework (Whitepaper) [en]
• BARFing Gadgets (ekoparty2014 presentation)

Downloads Master.zip | Demo Install

Quickstart

This is a very simple example which shows how to open a binary file and print each instruction with its translation to the intermediate language (REIL).

from barf import BARF

# Open binary file.
barf = BARF("examples/bin/x86/branch1")

# Print assembly instruction.
for addr, asm_instr, reil_instrs in barf.translate():
    print("0x{addr:08x} {instr}".format(addr=addr, instr=asm_instr))

    # Print REIL translation.
    for reil_instr in reil_instrs:
        print("{indent:11s} {instr}".format(indent="", instr=reil_instr))

We can also recover the CFG and save it to a .dot file.

# Recover CFG.
cfg = barf.recover_cfg()

# Save CFG to a .dot file.
cfg.save("branch1_cfg")

We can check restrictions on code using a SMT solver. For instance, suppose you have the following code:

 80483ed:       55                      push   ebp
 80483ee:       89 e5                   mov    ebp,esp
 80483f0:       83 ec 10                sub    esp,0x10
 80483f3:       8b 45 f8                mov    eax,DWORD PTR [ebp-0x8]
 80483f6:       8b 55 f4                mov    edx,DWORD PTR [ebp-0xc]
 80483f9:       01 d0                   add    eax,edx
 80483fb:       83 c0 05                add    eax,0x5
 80483fe:       89 45 fc                mov    DWORD PTR [ebp-0x4],eax
 8048401:       8b 45 fc                mov    eax,DWORD PTR [ebp-0x4]
 8048404:       c9                      leave
 8048405:       c3                      ret

And you want to know what values you have to assign to memory locations ebp-0x4, ebp-0x8 and ebp-0xc in order to obtain a specific value in eax register after executing the code.

First, we add the instructions to the analyzer component.

from barf import BARF

# Open ELF file
barf = BARF("examples/bin/x86/constraint1")

# Add instructions to analyze.
for addr, asm_instr, reil_instrs in barf.translate(0x80483ed, 0x8048401):
    for reil_instr in reil_instrs:
        barf.code_analyzer.add_instruction(reil_instr)

Then, we generate expressions for each variable of interest

# Get smt expression for eax and ebp registers
eap = barf.code_analyzer.get_register_expr("eax")
ebp = barf.code_analyzer.get_register_expr("ebp")

# Get smt expressions for memory locations (each one of 4 bytes)
a = barf.code_analyzer.get_memory_expr(ebp-0x8, 4)
b = barf.code_analyzer.get_memory_expr(ebp-0xc, 4)
c = barf.code_analyzer.get_memory_expr(ebp-0x4, 4)

And add the desired restrictions on them.

# Set range for variables
barf.code_analyzer.set_preconditions([a >= 2, a <= 100])
barf.code_analyzer.set_preconditions([b >= 2, b <= 100])

# Set desired value for the result
barf.code_analyzer.set_postcondition(c == 13)

Finally, we check is the restrictions we establish can be resolved.

# Check satisfiability.
if barf.code_analyzer.check() == 'sat':
    print("SAT!")

    # Get concrete value for expressions.
    eax_val = barf.code_analyzer.get_expr_value(eax)
    a_val = barf.code_analyzer.get_expr_value(a)
    b_val = barf.code_analyzer.get_expr_value(b)
    c_val = barf.code_analyzer.get_expr_value(c)

    # Print values.
    print("eax : 0x{0:%08x} ({0})".format(eax_val))
    print("ebp : 0x{0:%08x} ({0})".format(ebp_val))
    print("  a : 0x{0:%08x} ({0})".format(a_val))
    print("  b : 0x{0:%08x} ({0})".format(b_val))
    print("  c : 0x{0:%08x} ({0})".format(c_val))
else:
    print("UNSAT!")

You can see these and more examples in the examples directory.

Read More

WebFundamentals - Best practices for modern web development

Web Fundamentals on DevSite

new WebFundamentals! An effort to showcase best practices and tools for modern Web Development.

WebFundamentals

What's changed?

• We're now using the DevSite infrastructure
• New style guide
• New widgets allow inline JavaScript, common links, related guide and more
• Jekyll has been eliminated, instead pages are rendered at request time
• Front-matter has been eliminated from the markdown, but files now require a simple set of tags

What stays the same?

• GitHub is still our source of truth for content,
• We want your contributions, either PRs, issues, whatever!
• The latest is staged at https://web-central.appspot.com/web/

Cloning the repo

If you have a high-bandwidth connection, I recommend starting with a fresh clone of the repo.

https://github.com/j00tesiD/WebFundamentals.git

Getting set up

The new DevSite infrastructure simplifies the dependencies a lot. Ensure you have a recent version of Node and the AppEngine SDK for Python already installed.

Run npm install (needed for the build process)

Build the auto-generated files

Some files (contributors includes, some pages for updates, showcases, etc) are automatically generated. The first time you clone the repo and run npm install, this is done for you. However, when you add a case study, update, etc., you'll need to re-build those files using:

npm run build

Update the code labs

To update the Code Labs, you'll need the claat tool, and access to the original Doc files. This will likely only work for Googlers.

• Download the claat tool and place it in your tools directory.
• Run tools/update-codelabs.sh
• Check the latest changes into GitHub

Start the development server

Run npm start

Test your changes before submitting a PR

Please run your changes through npm test before submitting a PR. The test looks for things that may cause issues with DevSite and tries to keep our content consistent. It's part of the deployment process, so PRs will fail if there are any errors! To run:
npm test

Read More

Fundamentals of ASP.Net programming vs. PHP programming

It's actually a vast unwanted debate between PHP and ASP.NET, the battle continues between the supporters of these two programming languages, with no clear conclusion coming out. Both of these programming languages can be used to develop the same type of projects, the difference is just cost, platform independency, security etc.

Hyper-text-pre-processor (PHP) and Active-server-pages (ASP).

Hyper-text-pre-processor (PHP) and Active-server-pages (ASP) are the two standard programming languages for website application development and more significantly when it comes to produce database-driven websites to interrelating hugely with databases. PHP is an open-source programming language which is derived from lots of different languages. On the other hand ASP is such kind of programming languages which preferring Microsoft product mostly.

Both programming languages PHP and ASP are used to develop dynamic database oriented websites. Active Server Pages (ASP) is normally from Microsoft and is used only with Internet Information Server (IIS) that runs on Microsoft Servers also. But on the other hand you can say PHP is platform independent programming languages and can connect with several kinds of databases.

There are a lot of differences between ASP and PHP.

Expenditure

To run ASP.net programs first need to install IIS on a Windows server platform, this is not a free package. PHP programs can run on Linux, which is free package. Even the database connectivity is expensive for ASP, because it require MS-SQL product of Microsoft that needs to be acquired. Same time on the other hand PHP generally uses MySQL for database connectivity, which is freely accessible.

The Simplicity in Coding

PHP codes itself are very light in weight, a contract programmer who begins his career into PHP, does not felt any pressure to look the source code to understand. Whereas In ASP codes are not so easy to quick understand.

Database Compatibility

PHP generally being extremely flexible as it uses MySQL for database connectivity, which is freely accessible. Same time on the other hand Database compatibility is expensive for ASP, because it require MS-SQL product of Microsoft that needs to be acquired.

General Run Time

If we evaluate the running speed of PHP and ASP then PHP should gets the upper hand. Normally it is viewed that PHP code runs quicker than ASP code. Due to COM based architecture, ASP uses server space to run while PHP code runs on its own inbuilt memory space.

Background Language Support

ASP has a similar like Visual Basic type of syntax that also linked to Microsoft products as well. On the other hand PHP codes are based on generally C++ language and the syntax, which is used in PHP, is quite similar to C/C++ syntax. C/C++ is still considered by maximum software programmer is the finest programming language and people who love C++ language would certainly feel more relaxed with the PHP syntax.

Running Platform Connectivity

PHP codes can run on different platforms like UNIX, Solaris, Linux, and Windows whereas ASP codes are mostly linked with Windows platforms. Though, ASP programs can run on a Linux platform with the help of ASP-Apache installed on the server.

Further Tools Cost

Several tools used in PHP are mostly free of cost in the market and as PHP is open source a lot of codes can be available in open source forums and blogs. PHP has inbuilt attributes like ftp, encryption methods, even email also from a web page but in ASP such attributes are not obtainable and for this reason only some more features are required which are not free that increase the total cost as well.

Larger Applications Support

PHP is just as protected as ASP from coding level. The main difference is only for private data like “social security numbers”; “PIN numbers” etc. ASP is more practicable option. Organizations like government firms normally don’t have much stipulated commercial budgets and looking for required security, they really helpful ASP.net.

At the end, we can make a conclusion that both programming languages have their advantages and disadvantages specific to user requirement. It can be said that both the programming languages have their own significance depending upon the user's requirements and budgets. It is viewed that in any discussion board, ASP.net is similarly capable but many of them suggesting PHP for small business owners those who have a fixed budget and does not required superb security support. PHP cannot provide e-commerce application developmentFeature Articles, only for them ASP.net will be the best choice.

Read More