zeno: Automatic Detection of Vulnerabilities in Black Box Applications
Zeno Framework
Common approaches to analyzing software for security vulnerabilities are such as source code reviews, static analysis, and fuzzing. Since this thesis focuses on already compiled software source code reviews can not be performed, instead, reverse engineering is needed which can result in a very tedious and time-consuming task.
Reverse Engineering
This forces the analyst to roughly follow this process.
Understanding the Overall Architecture. Since there is often only a user and no developer documentation it is necessary to understand the technical architecture by trying to trace where the processing of the input is and how input is passed to the software and where different trust zones between components are implemented.
Recovering Function Names. If the software is stripped, it is a necessary step to try to recover function names to generate a better understanding of the control flow of the program. This can sometimes be achieved due to the left in debug output otherwise the analyst has to name the function according to his ability to understand what the function does.
Recovering Structs and Classes. depending if the program is compiled from c or c++ it is a tedious step to recover the used structs and classes. It is possible to support this step with automated tools in the case of c++ due to Run-Time Type Information (RTTI) Software. However, the step of recovering structs and classes goes hand in hand with the
following process.Analyzing Control Flow and Hunting for Bugs. This step requires the previous steps to successful hunt for bugs. Here it is necessary to analyze functions in the control flow for processing input in depth. This is the most challenging and time-consuming task.
Installation
cd ~
git clone https://github.com/Traxes/zeno –recursive
sudo pip3 install termcolor tqdm
git clone https://github.com/Z3Prover/z3 –recursive
cd z3
python3 scripts/mk_make.py –python
cd build
make
sudo make install
cd ~/zeno
Use
python3 src/main.py
Copyright (c) 2019, Traxes
All rights reserved.
