Binary Cryptographic Function Identification via Similarity Analysis with Path-insensitive Emulation
It becomes an essential requirement to identify cryptographic functions in binaries due to their widespread application in modern software. The technology fundamentally supports numerous security analyses, such as malware analysis, blockchain forensics, etc. Unfortunately, the existing methods still struggle to strike a balance between analysis accuracy, efficiency, and code coverage, which hampers their practical application.
In this paper, we propose BinCrypto, a method of emulation-based code similarity analysis with intervals, to identify cryptographic functions in binary files. It produces accurate results because it relies on the behavior-related code features collected during emulation. On the other hand, the emulation is performed in a path-insensitive manner, where the emulated values are all represented as intervals. As such, it is able to analyze every basic block only once, accomplishing the task efficiently, and achieve complete block coverage simultaneously. We conduct the experiments with nine real-world cryptographic libraries. The results show that BinCrypto is much more accurate than state-of-the-art methods, achieving the average accuracy of 83.2%, nearly twice that of WheresCrypto, the state-of-the-art method. BinCrypto also successfully complete the tasks, including statically-linked library analysis, cross-library analysis, obfuscated code analysis, and malware analysis, demonstrating its potential for practical applications.
Thu 16 OctDisplayed time zone: Perth change
10:30 - 12:15 | CodeOOPSLA at Orchid Plenary Ballroom Chair(s): Jiasi Shen The Hong Kong University of Science and Technology | ||
10:30 15mTalk | ABC: Towards a Universal Code Styler through Model Merging OOPSLA Yitong Chen School of Computer Science and Engineering, College of Software Engineering, School of Artificial Intelligence, Southeast University, Zhiqiang Gao School of Computer Science and Engineering, College of Software Engineering, School of Artifical Intelligence, Southeast University, Chuanqi Shi School of Computer Science and Engineering, College of Software Engineering, School of Artifical Intelligence, Southeast University, Baixuan Li School of Computer Science and Engineering, College of Software Engineering, School of Artifical Intelligence, Southeast University, Miao Gao School of Computer Science and Engineering, College of Software Engineering, School of Artifical Intelligence, Southeast University | ||
10:45 15mTalk | Binary Cryptographic Function Identification via Similarity Analysis with Path-insensitive Emulation OOPSLA | ||
11:00 15mTalk | Boosting Program Reduction with the Missing Piece of Syntax-Guided Transformations OOPSLA Zhenyang Xu University of Waterloo, Yongqiang Tian Monash University, Mengxiao Zhang , Chengnian Sun University of Waterloo | ||
11:15 15mTalk | Code Style Sheets: CSS for Code OOPSLA | ||
11:30 15mTalk | Enhancing APR with PRISM: A Semantic-Based Approach to Overfitting Patch Detection OOPSLA | ||
11:45 15mTalk | PAFL: Enhancing Fault Localizers by Leveraging Project-Specific Fault Patterns OOPSLA | ||
12:00 15mTalk | Stencil-Lifting: Hierarchical Recursive Lifting System for Extracting Summary of Stencil Kernel in Legacy Codes OOPSLA Mingyi Li Institute of Computing Technology, CAS, Junmin Xiao , Siyan Chen Institute of Computing Technology, Chinese Academy of Sciences, Hui Ma Institute of Computing Technology, Chinese Academy of Sciences, Xi Chen Institute of Computing Technology, Chinese Academy of Sciences, Peihua Bao University of Chinese Academy of Sciences, Liang Yuan Chinese Academy of Sciences, Guangming Tan Chinese Academy of Sciences(CAS) | ||