Using angr to augment binary analysis workflow

This is a workshop on the open source binary analysis framework angr. We will teach you about its various analyses techniques for reverse engineering and how to integrate them into your workflow.

In this workshop we will present the binary analysis toolkit angr. We will show it's capabilities for reverse engineering and how to use them to improve your reverse engineering workflow. This includes both using angr as a standalone tool, how it's features can be integrated into modern tools like IDA, Binary Ninja or radare2 and how to built your own custom tooling on top of it.

We will introduce core concepts like:

  • Intermediate Representations

    • architecture independent analysis
    • formalizing instruction behavior
  • Symbolic Execution

    • Reasoning about how some code would behave depending on all its inputs and not just with one specific input
  • SMT Solving

    • Formalizing your problem
    • Use ~~decades of research in automated theorem proving and constraint solving~~ some Python to solve it

And present problems that can be solved using those concepts in addition to introductory exercises:

  • First Hands-On experience with angr
  • Thinking about programs symbolically instead of concretely
  • automatically finding passwords/keys/backdoors
  • Breaking anti-reverse-engineering measures and tricks (e.g. opaque predicates, dead code, obfuscation)
Participants should bring:

Some linux environment with angr installed and setup. This can be a linux VM, a docker container like or just a virtual environment on your host.

Participants must know or have:
  • Basic understanding of concepts of reverse engineering
  • Comfortable using the Python Programming Language

Florian Magin Security Researcher, ERNW Research GmbH

Florian Magin works as a Security Researcher at ERNW Research GmbH while pursuing a degree at the TU Darmstadt in Germany. They organize the local CTF team WizardsOfDos and are a regular CTF player with the main interests in reverse engineering and automated program analysis.

Alexeyan Android Security Researcher, Fraunhofer-Institute

Alexeyan studies IT Security at Technische Universität Darmstadt and is writing a thesis on modifying an android kernel for application tracing and malware sandboxing. Besides that he is working as an android security researcher at Fraunhofer-Institute for secure information technologies and focuses on building low level native analysis tools. In his spare time he plays Capture The Flag with the WIzardsOfDos team.