BARF v0.6 releases: open source Binary Analysis & Reverse engineering Framework

BARF: Binary Analysis and Reverse engineering Framework

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open-source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers, and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated.

The BARF project includes BARF and related tools and packages. So far the project is composed of the following items:

• BARF: A multiplatform open-source Binary Analysis and Reverse engineering Framework
• PyAsmJIT: A JIT for the Intel x86_64 and ARM architecture.
• Tools built upon BARF:
  • BARFgadgets: Lets you search, classify and verify ROP gadgets inside a binary program.
  • BARFcfg: Lets you recover the control-flow graph of the functions of a binary program.
  • BARFcg: Lets you recover the call graph of the functions of a binary program.

For more information, see:

• BARF: A multiplatform open-source Binary Analysis and Reverse engineering Framework (Whitepaper) [en]
• BARFing Gadgets (ekoparty2014 presentation)

BARF

BARF is a Python package for binary analysis and reverse engineering. It can:

• Load binary programs in different formats (ELF, PE, etc),
• It supports the Intel x86 architecture for 32 and 64 bits,
• It supports the ARM architecture for 32 bits,
• It operates on an intermediate language (REIL) thus all analysis algorithm are architecture-agnostic,
• It has integration with Z3 and CVC4 SMT solvers which means that you can express fragments of code as formulae and check restrictions on them.

Changelog v0.6

Added

• Add Python 3 compatibility.
• Add classes for managing call conventions.
• Add hook support to the Emulator class.
• Add cconv (calling convention) module.
• Add ReilCpu tests.
• Add replay tool to replay x86 execution traces.
• Add x86.trace module.
• Add x86.helper module.
• Add kao’s toy project solution to the examples folder.
• Add flare-on 2015 challenge #2 solution to the examples folder.
• Add basic symbolic execution support.
• Add extra methods to ReilSequence and ReilContainer classes.
• Improve hook support of the Emulator class.
• Add support for SHLD instruction.

Changed

• Refactor ARM package.
• Refactor ARM tests.
• Refactor x86 package.
• Refactor x86 tests.
• Improve emulate-binary example script.
• Refactor ReilBuilder class.
• Refactor instruction translators (both Intel and ARM). Group translators by category and create a module for each one.
• Improve Emulator class.
• Refactor ReilCpu tests.
• Rename bi module to binary.
• Refactor Disassembler class.
• Refactor ReilEmulatorTainter class.
• Refactor ReilCpu class.
• Refactor reil.helpers module.
• Refactor ReilContainer class.
• Refactor ReilBuilder class.
• Refactor reil.tainter module.
• Refactor ReilCpu class.
• Refactor reil.parser test module.
• Refactor reil.emulator test module.
• Rename basicblock package (and tests) to graphs.
• Rename gadget package (and tests) to gadgets.
• Rename reilparser module to reil.parser.
• Refactor reilemulator module. Split module into submodules: emulator.cpu, emulator.emulator, emulator.memory, and emulator.tainter.
• Refactor arch.emulator module.

Removed

• Remove DualInstruction class.

Fixed

• Fix RSB ARM instruction.
• Fix control-flow graph rendering.
• Fix SHRD translation.
• Fix size of effective address calculation for Intel architecture.
• Fix SHL and SHR instruction translator.

Installation

BARF depends on the following SMT solvers:

• Z3 : A high-performance theorem prover being developed at Microsoft Research.
• CVC4 : An efficient open-source automatic theorem prover for satisfiability modulo theories (SMT) problems.

The following command installs BARF on your system:

git clone https://github.com/programa-stic/barf-project.git

$ sudo python setup.py install

You can also install it locally:

$ sudo python setup.py install --user

 Usage

Document 

More info, visit here.

Copyright (c) 2014, Fundación Dr. Manuel Sadosky
All rights reserved.