IDA2Obj - Static Binary Instrumentation on Steroids

Explore a powerful tool for static binary instrumentation in this conference talk from Hack In The Box Security Conference. Learn about IDA2Obj, a tool designed to dump multiple object files from a single executable binary, enabling faster code coverage collection and integration with popular fuzzing engines. Discover the implementation process, challenges faced, and solutions developed by the creator, Mickey Jin. Gain insights into integrating IDA2Obj with fuzzing engines and witness a live demonstration of the tool in action. Delve into topics such as COFF object file format, object file writing, instrumentation techniques, and solutions for specific challenges like RVA fixing and compression schemes. Understand the advantages of this static binary instrumentation approach compared to dynamic binary instrumentation solutions, and explore future plans for the tool's development.

MICKEY JIN
# whoami
What is SBI/DBI ?
My First Idea
IDA2MASM: My First Solution
Export ASM File
Split By Segments
Re-Assemble
Tune Grammar List (Partial)
Link Issue
Link Solution
Patch The New Built Binary
Crash Root Cause
Think Of The Essence
My Second Idea (Algorithm)
Linker Does The Magic
Object File Format • Object file is COFF (Common Object File Format)
cough: Object File Writer • Repo : Install: pip install cough Tutorial
Encapsulate Some Primitives
Dump Objects
Instrumentation & Trampoline
Architecture
_afl_maybe_log
Harness
The Real Challenge & The Solu
FixRVA.py
Compression Scheme of FH4
Solution For FH4
Takeaway Two SBI implementations
Future Plan
HITB SECCONF SIN-2021 VIRTUAL EDITION