This article deals with the dataflow analysis in binary programs. There are many algorithms and articles about this vast subject, so we will only cover a sample of them, highlight their advantages and drawbacks, then we will introduce the DepGraph (for dependency graph) algorithm implemented in Miasm.
Some details on the implementation/examples can be found in the article/slides/video published in the SSTIC conference: Graphes de dépendances : Petit Poucet style (WARNING: French material!).
In this article, we will study an old Zeus sample protected by a virtual machine. We will begin with the analysis of the VM structure, and automatize its reverse engineering using Miasm.
The sample is ff528fcfb4cb81b788de4e147d4aba09dd7cda472b7825aae9222330b9790ba9.zip. All zips in this post are protected using the password “infected”.
This article is the last part of the analysis of the Re150 GreHack 2015 challenge. It will focus on how to re-assemble a cleaned up version of this challenge using Miasm.
For references, please have a look at GreHack 2015 Re150 challenge: as painless as possible.
This analysis is based on Miasm revision 4eceb2b.
In this article, we will study a shellcode using dynamic analysis. This analysis includes a description of Miasm internals, which explains its length. The shellcode is in the archive dyn_sc_shellcodes.zip, protected with the password infected. The final script is here: dyn_sc_run.py
This analysis is based on Miasm revision 2cf6970.
In this article, we analyze a GreHack 2015 challenge: reverseMe (Re150).
This is not the purpose of this post to offer a documented write-up; one is already available here, based on an execution trace.
This is more about how we could have analyze this challenge, with the help of the Miasm framework (in addition with others tools, as IDA / radare2 / ...).
This analysis is based on Miasm revision d2588f5.
Welcome to the Miasm’s blog! This blog will highlight features through examples and real world cases. Miasm is hosted on GitHub.
Here are some articles related to Miasm:
- Taming a Wild Nanomite-protected MIPS Binary With Symbolic Execution: No Such Crackme
- Deobfuscation: recovering an OLLVM-protected program
- Fast DGA generation with Miasm
Your article is missing? Drop an email!