Disassembly framework is the fundamental component in all binary analysis, reversing, and exploit development. However, it is shameful that until the end of 2013, there was no single framework that can handle multi-architecture machine code with a friendly license. Especially, with the shift of the computer industry towards multi-platforms products, the lack of such a disassembly engine becomes serious and should be fixed as soon as possible. Unfortunately, at that time, there was no light at the end of the tunnel, as apparently nobody proposed anything to fix it.
We decided to step up and took the problem in our own hands to solve it once and for all. As a result, Capstone engine was born, and fixed all the outstanding issues. Our disassembly framework offers some unparalleled features, as highlighted below:
This talk introduces some existing disassembly frameworks, then goes into details of their design/implementation and explains their current issues. Next, we will present the architecture of Capstone and the challenges of designing and implementing it. The audience will understand the advantages of our engine and see why the future is assured, so that Capstone will keep getting better, stronger and become the ultimate disassembly engine of choice for the security community.
Last but not least, we will introduce some cutting-edge binary analysis frameworks built on top of Capstone, which open the whole new potentials for a range of areas like reversing, exploitation development, and malware detection.
Full source code of Capstone with new advanced features will be released at Black Hat USA 2014.
Nguyen Anh Quynh is a security researcher. He has presented his researches in various conferences all around the world, such as EusecWest, Hack In The Box, Hack.lu, Syscan, DeepSec, Black Hat, DEF CON, XCon, etc. Quynh holds a PhD degree in Computer Science, and is a member of Vnsecurity, a pioneer security research group in Vietnam.