Binary Analysis Platform v2.6 alpha releases: reverse engineering and program analysis platform

by do son · Published April 5, 2019 · Updated July 17, 2022

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn’t require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in the sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python, and Rust. The Primus Framework also provides a Lisp-like DSL for writing program analysis tools.

Changelog v2.6 alpha

fixes bap.top and baptop (#1541)

This commit fixes the `bap.top` library and the `baptop` executable so that they can now be used. Before that, they were failing with “`
Exception:
(Invalid_argument
“The dynlink.cma library cannot be used inside the OCaml toplevel”)
“`

Installation

wget https://github.com/BinaryAnalysisPlatform/bap/releases/download/v2.5.0/{bap,libbap,libbap-dev}_2.5.0.deb

sudo dpkg -i {bap,libbap,libbap-dev}_2.5.0.deb

Usage

Shell

The BAP main frontend is a command-line utility called bap. You can use it to explore the binary, run existing analysis, plugin your own behavior, load traces, and much more.

To dump a program in various formats use the --dump option (or its short equivalent, -d), For example, let’s run bap on thex86_64-linux-gnu-echo file.

$ bap testsuite/bin/x86_64-linux-gnu-echo -d | grep 'sub print_endline' -A44

00000334: sub print_endline()

00000301:

00000302: v483 := RBP

00000303: RSP := RSP - 8

00000304: mem := mem with [RSP, el]:u64 <- v483

00000305: RBP := RSP

00000307: RSP := RSP - 0x20

0000030e: mem := mem with [RBP + 0xFFFFFFFFFFFFFFE8, el]:u64 <- RDI

0000030f: RAX := mem[RBP + 0xFFFFFFFFFFFFFFE8, el]:u64

00000310: mem := mem with [RBP + 0xFFFFFFFFFFFFFFF8, el]:u64 <- RAX

00000311: goto %00000312



00000312:

00000313: RAX := mem[RBP + 0xFFFFFFFFFFFFFFF8, el]:u64

00000314: RAX := pad:64[pad:32[mem[RAX]]]

00000315: v545 := low:8[low:32[RAX]]

0000031b: ZF := 0 = v545

0000031c: when ~ZF goto %0000032a

0000031d: goto %0000031e



0000031e:

0000031f: RDI := pad:64[0xA]

00000320: RSP := RSP - 8

00000321: mem := mem with [RSP, el]:u64 <- 0x400731

00000322: call @putchar with return %00000323



00000323:

00000324: RSP := RBP

00000325: RBP := mem[RSP, el]:u64

00000326: RSP := RSP + 8

00000327: v693 := mem[RSP, el]:u64

00000328: RSP := RSP + 8

00000329: return v693



0000032a:

0000032b: RAX := mem[RBP + 0xFFFFFFFFFFFFFFF8, el]:u64

0000032c: RDX := RAX + 1

0000032d: mem := mem with [RBP + 0xFFFFFFFFFFFFFFF8, el]:u64 <- RDX

0000032e: RAX := pad:64[pad:32[mem[RAX]]]

0000032f: RAX := pad:64[extend:32[low:8[low:32[RAX]]]]

00000330: RDI := pad:64[low:32[RAX]]

00000331: RSP := RSP - 8

00000332: mem := mem with [RSP, el]:u64 <- 0x40071C

00000333: call @putchar with return %00000312

Tutorial

Source: https://github.com/BinaryAnalysisPlatform

Binary Analysis Platform v2.6 alpha releases: reverse engineering and program analysis platform

Search

Brilliantly

Content & Links