Hacker News new | past | comments | ask | show | jobs | submit login
Symbolic Exploit Assistant (SEA) (github.com/neuromancer)
73 points by neur0mancer on Sept 28, 2013 | hide | past | favorite | 8 comments



REIL code only. :-(

With no free/open-source x86-->REIL translator, this is not as exciting as I was hoping it is.

Good luck with it though. Am a bit disappointed as I can't test it right away.


We want to replace REIL with BAP. REIL was a good starting point, since instructions are very easy to parse and understand, but BAP is the future.

Another option is to adapt the open source (r)reil translator[1]

[1] https://bitbucket.org/mb0/gdsl/src/94d607a5f058/specificatio...


The tool founds it is solvable if the user controls the initial value of a local variable (which is usually not possible)

The initial value of a local variable can be controlled if you can control the final value of a local value in a previously called function that happens to wind up at the same point on the stack, if that local variable is not explicitly initialized.


Exactly, but since this is not a possibility in the analyzed binary (the stack memory of this variable is not flagged as user-controllable), the solution can't be used to exploit it.


I don't understand much of it, but it looks interesting nonetheless.


That's bloody awesome.


Thanks!

Btw, the project is looking for collaborators. I belive this is the kind of approach to discover and report security vulnerabilities in the 21st century..


> I belive this is the kind of approach to discover and report security vulnerabilities in the 21st century..

Depending on how capable the analysis suite becomes, then it would be very interesting to run it from CI.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: