GGrantIndex
← Search

I-Corps: Source Recovery from Binaries Using SecondWrite

$50,000FY2012TIPNSF

University Of Maryland, College Park, College Park MD

Investigators

Abstract

This I-Corps team plans to further develop a software tool that takes x86 binary programs as input (including stripped binaries), and produces equivalent source-code programs in C. The binary can be compiled from any language. The output C code is not the same as the original source code, but is functionally equivalent. The output C code is fully functional: it can be modified, recompiled, and run as needed. Alternately, the software can output a rewritten binary, or the intermediate representation (IR) of the open-source LLVM compiler, allowing further analysis and transformation of binary code with existing or new LLVM passes. The software developed by the team is able to perform deep binary analysis where the output code is high-level, containing symbols, functions, arguments, return values, types (including aggregate types), and there are high-level control flow constructs, and an abstract stack. Alias analysis and type recovery schemes have been developed that work synergistically to do effective alias analysis on binary code, and recover types including aggregate types like structures and arrays. The team has also developed technologies to rewrite stripped binaries (i.e., those without relocation and symbolic information). With further development this software tool may be a valuable tool for the recovery of source code from legacy binaries. Both in government and industry, legacy code is run every day, but its source code is often hard to track or lost, given that the original code vendor may have gone through corporate mergers, reorganization or liquidations. Re-developing code from scratch can be costly and difficult to replicate as the full scope of the original functionality is often unknown. In these cases, this software tool may be able to provide source code that can be understood, maintained, updated and recompiled with newer compliers and for newer versions of the x86 instruction set. Additionally, this tool may have applications in forensics to examine and understand the behavior of vulnerable or un-trusted code prior to or after a security breach. This goes beyond existing security tools in dynamic binary rewriters or binary analysis tools, which used automated security tools that are useful, but cannot help with the human understanding of un-trusted or vulnerable code.

View original record on NSF Award Search →