Search Icon
Submissions

Accurate Compiler and Optimization Independent Function Identification Using Program State Transformations

Derrick McKee (Purdue University), Nathan Burow (MIT Lincoln Laboratory), Mathias Payer (EPFL)

Reverse engineering unknown binaries is a difficult, resource intensive process due to information loss and optimizations performed by compilers that introduce significant binary diversity. Existing binary similarity approaches do not scale or are inaccurate. In this paper, we introduce IOVec Function Identification (IOVFI), which assesses similarity based on program state transformations, which compilers largely guarantee even across compilation environments and architectures. IOVFI executes functions with initial predetermined program states, measures the resulting program state changes, and uses the sets of input and output state vectors as unique semantic fingerprints. Since IOVFI relies on state vectors, and not code measurements, it withstands broad changes in compilers and optimizations used to generate a binary.

Evaluating our IOVFI implementation as a semantic function identifier for coreutils-8.32, we achieve a high .773 average F-Score, indicating high precision and recall. When identifying functions generated from differing compilation environments, IOVFI achieves a 100% accuracy improvement over BinDiff 6, outperforms asm2vec in cross-compilation environment accuracy, and, when compared to dynamic frameworks, BLEX and IMF-SIM, IOVFI is 25%–53% more accurate.

Paper
Slides
Video

View More Papers

On the Feasibility of Profiling Electric Vehicles through Charging...

Ankit Gangwal (IIIT Hyderabad), Aakash Jain (IIIT Hyderabad) and Mauro Conti (University of Padua)

Read More

Sn4ke: Practical Mutation Analysis of Tests at Binary Level

Mohsen Ahmadi (Arizona State University), Pantea Kiaei (Worcester Polytechnic Institute), Navid Emamdoost (University of Minnesota)

Read More

Private Certifier Intersection

Bishakh Chandra Ghosh (Indian Institute of Technology Kharagpur), Sikhar Patranabis (IBM Research - India), Dhinakaran Vinayagamurthy (IBM Research - India), Venkatraman Ramakrishna (IBM Research - India), Krishnasuri Narayanam (IBM Research - India), Sandip Chakraborty (Indian Institute of Technology Kharagpur)

Read More

Performance, Correctness, Exceptions: Pick Three

Andrea Gussoni (Politecnico di Milano), Alessandro Di Federico (Politecnico di Milano), Pietro Fezzardi (Politecnico di Milano), Giovanni Agosta (Politecnico di Milano)

Read More