Research On The Automatic Exploit Generation Method Of Binary Programs

How to automate detect the vulnerabilities and generate Exploit has always been a key point in the research of software security.Current automatic Exploit generation method are still in the early stages with the shortage of simple Exploit type and no further validation of Exploit and so on.The automatic Exploit generation method has been proposed to further improve the current automated exploit technology.The automatic Exploit generation method includes three modules: dynamic symbolic execution module,validation module and Exploit correction module.Dynamic symbolic execution module is responsible for exploring the vulnerability path,analyzing its type combined with the state and generating the Exploit if the Exploit constraints are satisfied.We can detect two kinds of vulnerability: stack overflow and function pointer coverage.There are also two kinds of Exploit categories: code injection and code reuse.Validation module is responsible for verifying the Exploit by providing it to the binary program for actual executing.If a crash happens during the verifying,the Exploit will be handed over to the Exploit correction module.Exploit correction module is responsible for using the dynamic stain tracking method to track the propagation process of Exploit in memory in the assembly instruction level.Once the location in the Exploit of the tainted bytes that leads to the crash is determined,mutates the bytes,and verify again.Repeat like thus until Exploit is availableAccording to the above proposed method,the prototype system of automate detect the vulnerabilities and generate Exploit is realized.The symbolic execution engine Angr is used as a platform to perform the analysis of the binary program,completing the detecting and exploiting steps.The dynamic binary instrumentation tool Pin is used to carry out the dynamic stain tracking analysis in the assembly instruction level,completing the automated correction of the Exploit.After testing the 11 CTF samples,the prototype system is proved to be able to automate detect and analysis vulnerability,and generate Exploit for micro-programs,demonstrating that it is effective to use the dynamic stain tracking method to complete the correction of Exploit.