4. Outline
âWhat is Binary Analysis ?
âIntroduction to Angr
âVarious uses of Angr
âSymbolic Execution
âUsing Angr to perform SE
âHooking
âUsing Angr to perform Hooking
4
5. â Process of analysing an
executable to gain a better
idea of its working is called
Binary analysis
5
6. Why do we need to Automate it?
âSave a lot of time and effort
âAvoid human error
âCost - effective
âBoring
âAll factors accounted for
6
7. Angr
âShellphishâs entry for DARPAâs CGC - came 3rd
âPython based framework
âOpen Source
âCan detect and exploit vulnerabilities
Installation instructions at angr.io
www.angr.io7
8. Various uses of Angr
âControl Flow Graph recovery
âSymbolic Execution
âROP chain generation
âBinary Hardening
âExploit Generation
8
9. Symbolic Execution
Analysing a program to determine the input/inputs
to be given to make each part of the program to
execute.
9
11. Angr and Symbolic Execution
â Symbolic variables
â Finds paths that are important
â Makes constrains related to the variable
â Solves those constraints using z3
11
13. Hooking
Hooking is a technique used while reverse
engineering where certain instructions/calls are
replaced with custom made functions and calls.
13
14. Hooking is used for
âFaster Reverse Engineering
âTracing function calls
âParameter checking
âLogging
14
16. Summary
âAngr uses symbolic variables and constraints to
find out more about executable.
âAngr can hook functions
âPaths , Path groups
âStates - entry state , blank state
âexplore - find, avoid
âse - solver engine
â Claripy
âLibrary functions
16