Binary Code Reverse Engineering and Retrofitting

Overview

Binary code analysis and retrofitting are imperative in the scenarios where source code is not available. For example, much of legacy code is still in use today in government and financial sector, as the software life cycles can span several decades. A major obstacle in binary code based retrofitting is the immaturity of the reverse engineering tools. Current approaches, mostly binary code patching based, to retrofitting legacy software systems have a number of drawbacks including performance overhead and security issues and therefore are generally inadequate. To the best of our knowledge, there are no binary reverse engineering tools that can disassemble a binary executable into assembly code which can be reassembled back in a fully automated manner, even with simple "Hello, World!" programs, especially when the binaries are commercial-off-the-shelf (COTS) software; they contain very little symbol and relocation information. The traditional tools do not focus on reassembleability or recompilability, but instead focus on recovering more information for analysis (and manual transformation). The recovered assembly or high level code is mostly for the program analysis and understanding purpose.

The fact that the reverse engineered code cannot be reassembled or recompiled back to executables has severely restricted the application of reverse engineering techniques in legacy software retrofitting. The analysis and transformation tools and ecosystems are disconnected and fragmented. Connecting the dots between the tools, infrastructures, and ecosystems will have great impact on software analysis and retrofitting. Recompilability is one of the main barriers that have led to this fragmented ecosystem.

To fill in the gap, a radically different approach is proposed. We will consider the recompilability as the first and topmost goal, without any compromise, and put other goals as secondary or best effort (relatively, compare to the first goal). This is in sharp contrast to the traditional reverse engineering approaches which do not focus on recompilability. Our preliminary study on reassembleable disassembling, as demonstrated by our prototype Uroboros, achieves the goal of reassembleability. We will develop further on the reverse engineering, analysis, and retrofitting infrastructure, with the similar design goal to preserve the recompilability.

People

Press Release

ONR press release about our work on JRed. Others see here

Software Release

Publications

Sponsor

  • A New Direction for Software Reverse Engineering and Binary Code Retrofitting, Dinghao Wu (PI), Office of Naval Research (ONR) N00014-17-1-2894, $3,568,941, 2017-2022.

  • Reverse Engineering Based Software Diversification for Cyber Fault Tolerance, Dinghao Wu (PI), Office of Naval Research (ONR), Grant No. N00014-16-1-2912, $509,378, 2016-2019.

  • Secure Lean Binary Code, Dinghao Wu (PI) and Peng Liu, Office of Naval Research (ONR), Grant No. N00014-16-1-2265, $504,930, 2016-2019.

  • Towards Secure Lean Software, Dinghao Wu (PI) and Peng Liu, Office of Naval Research (ONR), Grant No. N00014-13-1-0175, $423,520, 2013-2017.