Call graph discovery in binary programs from unknown instruction set architectures (2401.07565v1)
Abstract: This study addresses the challenge of reverse engineering binaries from unknown instruction set architectures, a complex task with potential implications for software maintenance and cyber-security. We focus on the tasks of detecting candidate call and return opcodes for automatic extraction of call graphs in order to simplify the reverse engineering process. Empirical testing on a small dataset of binary files from different architectures demonstrates that the approach can accurately detect specific opcodes under conditions of noisy data. The method lays the groundwork for a valuable tool for reverse engineering where the reverse engineer has minimal a priori knowledge of the underlying instruction set architecture.
- Arm a-profile a64 instruction set architecture. https://developer.arm.com/documentation/ddi0602/2023-03/Base-Instructions/BL--Branch-with-Link-?lang=en.
- Mips reference sheet. https://uweb.engr.arizona.edu/~ece369/Resources/spim/MIPSReference.pdf.
- On application of one-class svm to reverse engineering-based hardware trojan detection. In Fifteenth International Symposium on Quality Electronic Design, pages 47–54. IEEE, 2014.
- Reverse engineering of binary programs for custom virtual machines. In ReCon 2012, 2012.
- John Clemens. Automatic classification of object code using machine learning. Digital Investigation, 14:S156–S162, 2015.
- Wikimedia Commons. Executable and linkable format. https://en.wikipedia.org/wiki/Executable_and_Linkable_Format. File: ELF-layout--en.svg.
- Hardware reverse engineering: Overview and open challenges. 2017 IEEE 2nd International Verification and Security Workshop (IVSW), 2017.
- Isadetect: Usable automated detection of cpu architecture and endianness for executable binary files and object code. In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, pages 376–380, 2020.
- Johannes Kinder. Towards static analysis of virtualization-obfuscated binaries. In 2012 19th Working Conference on Reverse Engineering, pages 61–70. IEEE, 2012.
- Identifying functions in binary code with reverse extended control flow graphs. Journal of Software: Evolution and Process, 27(10):793–820, 2015.
- Automatic reverse engineering of malware emulators. In 2009 30th IEEE Symposium on Security and Privacy, pages 94–109. IEEE, 2009.
- Design of high performance MIPS cryptography processor based on T-DES algorithm. CoRR, abs/1503.03166, 2015. File: MIPS-instruction-Type.png.
- An observational investigation of reverse engineers’ process and mental models. Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, 2019.
- VMHunt: A verifiable approach to partially-virtualized binary code simplification. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 442–458, 2018.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.