BSidesCharm - 2019 - A Code Pirates Cutlass Recovering Software Architecture from Embedded Binaries

A Code Pirate's Cutlass: Recovering Software Architecture from Embedded Binaries Reversing large binaries is hard - but what if we could automatically recover the software architecture before we got started? This talk discusses two algorithms to recover object file boundaries from a linked binary. It shows some useful applications, including automated module-to-module call graphs (extracting software architecture), and automated section naming based on common strings. Presenter: evm (@evm_sec) evm has been staring at code for over a decade. A recovering Windows internals guy, he now spends most of his time with embedded systems. At APL he helped start an RE working group, and a hacker magazine. He enjoys teaching the young'uns how to snatch the error code from the trap frame.