addr 0x0 @asm ”add %eax, %ebx” t:u32 = R EBX:u32 R_EBX:u32 = R_EBX:u32 + R_EAX:u32 R_CF:bool = R_EBX:u32 < t:u32 addr 0x2 @asm ”shl %cl, %ebx” t1:u32 = R_EBX:u32 >> 0x20:u32 − (R_ECX:u32 & 0x1f:u32 ) R_CF:bool = ((R_ECX:u32 & 0x1f:u32) = 0:u32) & R_CF:bool | ̃((R_ECX:u32 & 0x1f:u32) = 0:u32) & low:bool (t1:u32) addr 0x4 @asm ”jc 0x000000000000000a” cjmp R_CF:bool, 0xa:u32, ”nocjmp0” #branchto 0xa if R_CF = true label nocjmp0 BIL representation
Developers who deal with assembly irregularly often face the challenge of getting a clear picture on what’s happening behind the scene. Binary Analysis Platform (BAP) is a framework to analyze binary code by unfolding every operation that takes place when an instruction executes. BAP is developed in the Carnegie Mellon University.
BAP does this by translating binary code into an easy to understand language named BIL (BAP Intermediate Language). This language breaks down every instruction to the lowest level including the flags which get modified. This helps in understanding the behaviour and possible side effects of the instruction. The most regular usage of BAP is to analyze the generated BIL code. BAP also supports many popular analyses and built-in program representations.
BIL has a few language constructs, making it easy to analyze. BAP supports representations like Control Flow Graph (CFG) and Static Single Assignment (SSA) forms. It also includes a suite of common compiler optimizations and analyses. BAP is implemented in OCaml. In case you are not familiar with it, BIL can be exported into formats like protobuf, XML, and JSON or even LLVM bytecode.
Some of the areas being worked on at the time of writing are:
- Scalable formal verification techniques
- Automatic reverse engineering
- Vulnerability-Based Signature Generation
- Automatic Exploit Generation
- Crypto verification
- Malware analysis
- Vulnerability detection in COTS software
BAP can be downloaded in source code form from its home page (link below). To install, extract the archive, cd into the extracted bap directory and run:
$ ./autogen.sh $ ./configure $ make $ sudo make install
BAP is under heavy development. If you’ld like to contribute, join the project!
On GitHub: BAP