Abstract
In this paper we describe a technique for automatic
algorithm identification and information extraction from
unknown binaries. We emulate the binary using PyEmu forcing
complete code coverage whilst simultaneously examining its
behavior. Our behavior matcher then identifies specific
algorithmic behavior and extracts information. We demonstrate the use of this technique for automated extraction of encryption keys from an unseen program with no prior knowledge about its implementation. Our technique can also be used for automatic categorization and suggestion of function purpose to analysts
Original language | English |
---|---|
Publication status | Published - Jun 2012 |
Event | IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensics - Kuala Lumpur, Malaysia Duration: 26 Jun 2012 → 28 Jun 2012 |
Conference
Conference | IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensics |
---|---|
Country/Territory | Malaysia |
City | Kuala Lumpur |
Period | 26/06/12 → 28/06/12 |