Disassembling x86 binaries for static analysis and reverse engineering (completed)

Starting Date: Summer 2017
Prerequisites: Advanced level of Java; basics of Reverse Engineering and x86 assembly
Will results be assigned to University:

The Jakstab static analyser for binaries automatically disassembles x86 binaries for Windows or Linux and reconstructs a control flow graph. It is particularly effective on targets that have been obfuscated with various tricks that throw off regular disassemblers such as IDA Pro.

Jakstab disassembles one instruction at a time, translates it into an intermediate language, and then computes the potential effects this instruction could have in any execution context. This process is called Abstract Interpretation and underpins many analysis tools for finding bugs and vulnerabilities in software. Jakstab uses Abstract Interpretation to compute all possible targets of indirect jumps in the program, i.e., jump instructions whose targets are computed at runtime, such as jmp eax.

The goal of this project is to connect Jakstab with the modern Capstone library, replacing Jakstab’s outdated disassembler component. Capstone supports multiple architectures and offers bindings for Java; it is increasingly popular in the reverse engineering community and is already at the core of a large number of tools.

The project will require to understand the existing framework, to design an internal interface between the analyser and the disassembler, and to implement a translation layer for feeding data into Capstone and mapping the disassembled instructions into the analyser.

You should be proficient in Java and most of all excited by the prospect of digging around in executables and twiddling with assembly code when evaluating the framework.