Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dear /r/ReverseEngineering,
- Today we are opensourcing an early version of our tool
- called "Symbolic Exploit Assistant" (SEA) for assisted exploit
- generation and asking for help/collaboration from the community to
- expand and improve it.
- In a few words, this tool starts with a path in a disassembled binary
- represented with an abstract intermediate language (we start supporting REIL)
- to generate and solve SMT constraints according to the user request.
- If the solver finds a solution, the values for the input variables can be used to
- exploit the path of the program selected.
- Of course, SEA is not state of the art but a few examples from
- Gera's Insecure Programming can be "solved".
- We tried to look for other open source and public tools like SEA, but we
- couldn't find any. We believe that there should be completely open tools
- that help people to find vulnerabilities easier and quicker.
- We don't like the idea that only some companies and governments have
- access to such tools. This is a very small step in the direction
- of the democratisation of the access to exploitation tools.
- Finally, we ask the community for help to do research, development and
- implementation of SEA in order to build a tool to perform binary
- analysis.
- The code and some documentation is available in:
- https://github.com/neuromancer/sea
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement