Reverse Engineering of ARM Binaries Using Formal Transformations
Pages 345 - 350
Abstract
Understanding the behavior of a program when no source code is available tends to be a complicated and time-expensive task. In particular, only very limited information can be gained without analyzing the binary's assembler representation. In this paper, we present a novel approach for reverse engineering of ARM binaries. The main idea is to translate the original assembler representation into a formal intermediate representation language, namely WSL, and then to apply rephrasing transformations to the code. To achieve a highly modular translation, we define a rule set to translate each assembler instruction individually. Furthermore, new rephrasing rules were developed to recover high level control flow aspects and to eliminate assembler specific program fragments in the intermediate code. Our translation engine was coupled with the FermaT program transformation system to apply the rephrasing rules. We demonstrate the applicability of our approach through the successful recovery of high level control flow statements in the Debian coreutils binaries. Using these example binaries, we studied the performance and the quality of our transformation.
References
[1]
ARM. ARM Compiler toolchain, 4.1 edition, 2011.
[2]
S. Cesare and Y. Xiang. Wire -- a formal intermediate language for binary analysis. In TrustCom, pages 515--524. IEEE, 2012.
[3]
F. Chen, H. Yang, W. Chu, and B. Xu. A program transformation framework for multicore software reengineering. In QSIC, pages 270--275. IEEE, 2012.
[4]
Hex Rays. Hex-rays home, 2012.
[5]
J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, July 1976.
[6]
C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Automating mimicry attacks using static binary analysis. In Proceedings of the USENIX Security Symposium. USENIX, 2005.
[7]
Martin P. Ward. Pigs from sausages? Reengineering from assembler to C via FermaT transformations. Sci. Comput. Program., 52:213--255, 2004.
[8]
M. Myreen, M. Gordon, and K. Slind. Machine-code verification for multiple architectures-an application of decompilation into logic. In Formal Methods in Computer-Aided Design, pages 1--8. IEEE, 2008.
[9]
M. Ward and K. Bennett. A practical program transformation system for reverse engineering. In Reverse Engineering, pages 212--221. IEEE, 1993.
[10]
M. Ward and H. Zedan. Combining dynamic and static slicing for analysing assembler. Science of Comp. Progr., 75(3):134--175, 2010.
[11]
M. P. Ward. Assembler to C Migration using the FermaT Transformation System. In Int. Conf. on Software Maintenance, pages 67--76. IEEE, 1999.
Recommendations
On Static Binary Translation of ARM/Thumb Mixed ISA Binaries
Special Issue on Embedded Computing for IoT, Special Issue on Big Data and Regular PapersCode discovery has been a main challenge for static binary translation, especially when the source instruction set architecture has variable-length instructions, such as the x86 architectures. Due to embedded data such as PC (program counter)-relative ...
Effective code discovery for ARM/Thumb mixed ISA binaries in a static binary translator
CASES '13: Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded SystemsCode discovery has been a main challenge for static binary translation, especially when the source ISA (Instruction Set Architecture) has variable-length instructions, such as the X86 architectures. Due to embedded data such as PC-relative data, jump ...
Translating ATL Model Transformations to Algebraic Graph Transformations
Proceedings of the 8th International Conference on Theory and Practice of Model Transformations - Volume 9152Analyzing and reasoning on model transformations has become very relevant for various applications such as ensuring the correctness of transformations. ATL is a model transformation language with rich semantics and a focus on usability, making its ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
September 2014
518 pages
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
In-Cooperation
- SIGSAC: ACM Special Interest Group on Security, Audit, and Control
- MNIT: Malaviya National Institute of Technology
- Aksaray Univ.: Aksaray University
- SICSA: The Scottish Informatics and Computer Science Alliance
- University of Glasgow: University of Glasgow
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 September 2014
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
SIN '14
SIN '14: The 7th International Conference on Security of Information and Networks
September 9 - 11, 2014
Scotland, Glasgow, UK
Acceptance Rates
SIN '14 Paper Acceptance Rate 32 of 109 submissions, 29%;
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 118Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in