Binary software with no corresponding source code is pervasive in legacy settings, especially in OT (Operational Technology)/IoT (Internet of Things) scenarios. Understanding this software’s composition, functionality, strengths, and weaknesses helps assess its security, safety, and fitness for purpose. Such assessments are also valuable for binaries created in new-development pipelines, to verify that any third-party components and any modifications performed by the build toolchain did not introduce unexpected functionality or defects.
We use state-of-the-art static and dynamic program analysis techniques to build an understanding of executable software and firmware. We apply that understanding to improve functionality, security, maintainability, and performance, including automatically transforming binary software executables and libraries towards each of those goals.
Our pipeline begins with unpacking the binaries via our firmware analysis platform REAFFIRM. Next, our static and dynamic disassemblers, ddisasm and tbdisasm, support high-quality recovery of assembly code. After this, a suite of analyses extracts information from the disassembled code. REAFFIRM provides foundational analyses as well as structural and semantic information about software components and capabilities. Discover uses machine learning to support computation of Software and Firmware Bills of Materials. Finally, Bin2Math recovers human-understandable representations of mathematical algorithms that the software implements, which is particularly useful for Cyber Physical Systems.
Our open-source GTIRB intermediate representation serves as a lingua franca for all our tooling and allows extensibility and interoperability. A set of GTIRB-based transformation tools operates on binaries to harden them against vulnerabilities, debloat them to remove unnecessary functionality reducing size and attack surface, and to extract and harness components for testing.
Projects
- REAFFIRM
- Ddisasm
- Discover/FBME
- GTIRB
- Bin2Math
- Tbdisasm