Automatically Inferring Image Bases of ARM32 Binaries

Author

Daniel T. Chong, Wright State University

Publication Date

2022

Document Type

Thesis

Committee Members

Junjie Zhang, Ph.D. (Advisor); Lingwei Chen, Ph.D. (Committee Member); Meilin Liu, Ph.D. (Committee Member)

Degree Name

Master of Science in Computer Engineering (MSCE)

Abstract

Reverse engineering tools rely on the critical image base value for tasks such as correctly mapping code into virtual memory for an emulator or accurately determining branch destinations for a disassembler. However, binaries are often stripped and therefore, do not explicitly state this value. Currently available solutions for calculating this essential value generally require user input in the form of parameter configurations or manual binary analysis, thus these methods are limited by the experience and knowledge of the user. In this thesis, we propose a user-independent solution for determining the image base of ARM32 binaries and describe our implementation. Our solution makes use of features present in all ARM32 binaries, utilizing statistical, structural, and semantical filtration to automatically calculate the image base value. We implemented our tool in 335 lines of Python. We tested our tool on 20 stripped binaries, and it successfully determined the image bases of each binary.

Page Count

45

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2022

Copyright

Copyright 2022, all rights reserved. My ETD will be available under the "Fair Use" terms of copyright law.