REMaQE – Reverse Engineering Math Equations from Executables

by   Meet Udeshi, et al.

Cybersecurity attacks against industrial control systems and cyber-physical systems can cause catastrophic real-world damage by infecting device binaries with malware. Mitigating such attacks can benefit from reverse engineering tools that recover sufficient semantic knowledge in terms of mathematical operations in the code. Conventional reverse engineering tools can decompile binaries to low-level code, but offer little semantic insight. This paper proposes REMaQE, an automated framework for reverse engineering of math equations from binary executables. REMaQE uses symbolic execution for dynamic analysis of the binary to extract the relevant semantic knowledge of the implemented algorithms. REMaQE provides an automatic parameter analysis pass which also leverages symbolic execution to identify input, output, and constant parameters of the implemented math equations. REMaQE automatically handles parameters accessed via registers, the stack, global memory, or pointers, and supports reverse engineering of object-oriented implementations such as C++ classes. REMaQE uses an algebraic simplification method which allows it to scale to complex conditional equations with ease. These features make REMaQE stand out over existing reverse engineering approaches for math equations. On a dataset of randomly generated math equations compiled to binaries from C and Simulink implementations, REMaQE accurately recovers a semantically matching equation for 97.53 accuracy stays consistently over 94 average and in 1.3 seconds for more complex equations. This real-time execution speed enables a smooth integration in an interactive mathematics-oriented reverse engineering workflow.


Symbolic Execution and Debugging Synchronization

In this thesis, we introduce the idea of combining symbolic execution wi...

On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financ...

ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries

The security of Industrial Control Systems (ICS) has been attracting inc...

Reverse Engineering x86 Processor Microcode

Microcode is an abstraction layer on top of the physical components of a...

How to Kill Symbolic Deobfuscation for Free; or Unleashing the Potential of Path-Oriented Protections

Code obfuscation is a major tool for protecting software intellectual pr...

Malware Sight-Seeing: Accelerating Reverse-Engineering via Point-of-Interest-Beacons

New types of malware are emerging at concerning rates. However, analyzin...

Reverse engineering of CAD models via clustering and approximate implicitization

In applications like computer aided design, geometric models are often r...

Please sign up or login with your details

Forgot password? Click here to reset