Results of Radare Summer of Code 2014 and the organization of the new RSoC / GSoC 2015
First, I want to report on the past RSoC'14 , thank the audience of Habr for the help that allowed us to organize this event.
Due to the fact that there was no need to follow the rules of Google, we were able to change the two "official" participants "on the fly." Last year, we chose two official participants and 6 “unofficial” (without a cash reward) . However, in the process of promoting coding, only three unofficial participants remained. But, since they successfully completed their assignments, we divided the money collected equally between them (about $ 700 per person). Consider the job details :
Two tasks were not completed / completed - this is a complete translation of the entire framework to use the sdb database and fine- tune the webui .
')
On the other hand, the three tasks were completed successfully, and at the moment all the code is in the main branch.
First, it is support for parsing complex structures and displaying them in the required format using the pf command and parser describing data in the C language (struct / union, etc).
The second is support for loading and using FLIRT format signatures (from IDA Pro) , as well as integration with Yara . Due to the fact that this task was successfully completed, radare2 can be used to analyze malware using existing signature databases accumulated over the years with IDA Pro and Yara. The integration code with Yara is in a separate repository .
Well, the last successful task is the support of PDB . The main difference from many debuggers and disassemblers (except for IDA Pro) is the format parsing on their own, without using calls to the Windows system libraries.
In addition, since last year the situation with the documentation has improved significantly: radare.today/radare2-is-documented
This year, radare2 did not qualify for Google Summer of Code as an independent organization, which did not stop us, and we decided to repeat the experience of last year and launch our own campaign again. Moreover, many thanks to the notorious solardiz and his project Openwall , under whose patronage we will participate in GSoC'15 in the framework of one task. To conduct our own RSoC'15, we will need 3000 EUR to attract three participants.
So, summarize the information on both the Summer of Code:
Google Summer of Code:
Radare Summer of Code:
This year we presented the following assignments for GSoC students and RSoC participants:
Plan for the summer with a detailed description of the tasks is here: rada.re/rsoc
Official site of the project: rada.re
Become a sponsor of the RSoC campaign or just send a donation.
PS This year (apart from GSoC / RSoC) we are going to : improve Windows support (including better integrate WinDbg and PDB support), complete a full move to SDB, finish license revisions (for ease of linking to commercial products without any hesitation, what can be included in the assembly and what is not; improve support for mobile platforms (ARM, MIPS), simplify the writing of plug-ins and make the assembly and use of buyding more obvious, increase the number of regression tests and attract new developers.
Due to the fact that there was no need to follow the rules of Google, we were able to change the two "official" participants "on the fly." Last year, we chose two official participants and 6 “unofficial” (without a cash reward) . However, in the process of promoting coding, only three unofficial participants remained. But, since they successfully completed their assignments, we divided the money collected equally between them (about $ 700 per person). Consider the job details :
Two tasks were not completed / completed - this is a complete translation of the entire framework to use the sdb database and fine- tune the webui .
')
On the other hand, the three tasks were completed successfully, and at the moment all the code is in the main branch.
First, it is support for parsing complex structures and displaying them in the required format using the pf command and parser describing data in the C language (struct / union, etc).The second is support for loading and using FLIRT format signatures (from IDA Pro) , as well as integration with Yara . Due to the fact that this task was successfully completed, radare2 can be used to analyze malware using existing signature databases accumulated over the years with IDA Pro and Yara. The integration code with Yara is in a separate repository .
Well, the last successful task is the support of PDB . The main difference from many debuggers and disassemblers (except for IDA Pro) is the format parsing on their own, without using calls to the Windows system libraries.
In addition, since last year the situation with the documentation has improved significantly: radare.today/radare2-is-documented
This year, radare2 did not qualify for Google Summer of Code as an independent organization, which did not stop us, and we decided to repeat the experience of last year and launch our own campaign again. Moreover, many thanks to the notorious solardiz and his project Openwall , under whose patronage we will participate in GSoC'15 in the framework of one task. To conduct our own RSoC'15, we will need 3000 EUR to attract three participants.
So, summarize the information on both the Summer of Code:
Google Summer of Code:
- There is space for one participant.
- Applications can be submitted from March 16 to March 27.
- Payment of $ 5000
- Standard restrictions of the program (only students and strict compliance with the regulations of the event)
Radare Summer of Code:
- Applications are accepted from March 11 to May 3.
- Announcement of accepted participants on May 8
- Programming from June 17 to September 16
- Payment in the amount of 1000 EUR (presumably, depends on the amount of funds raised)
- No restrictions imposed on participants
This year we presented the following assignments for GSoC students and RSoC participants:
View assignments
Creating widgets for:
In addition, it is required to provide a “rubber” interface applicable for the desktop and tablet, as well as to minimize the number of requests to the network, to speed up work via the Internet
First, you need to add (and improve) ESIL support for more architectures (see libr / anal / p / *).
Secondly, you will need to add the following features for the ESIL engine itself:
Here, I think, it should be clarified what is meant. This task is closely intersected with the previous one, since it allows on its basis to implement automatic code analysis in the course of its execution.
As many know, this is the first step to full decompilation. In this task, the student will need to create a three-ton exchange of information between the three levels — the binary code (and dysasm), the ESIL representation, and the SSA representation.
This task will need to be performed based on a comparison of the capabilities of existing debugs: gdb, lldb, voltron, mona.py, peda, immunity. A list of what needs to be done:
This will be required to select it as a separate project, like capstone or sdb, to unify the syntax between assemblers and to support macro commands. We believe that the fasm syntax and macro language support would be ideal.
Here, the participant will need to improve the algorithms for rendering overlapping blocks, add full support for unicode and beautiful nodes, support colors and syntax highlighting, group the nodes and comment on them.
I did not begin to describe all the tasks, only emphasized the most “systemic”, more complete information can be obtained on the appropriate page .
Web interface
Creating widgets for:
- Hex Editor with Custom Column Format
- Graph: interactive graphs for blocks, functions, and comparison
- Sections
- Search for strings, opcodes and patterns
- Structures: View, Create, and Modify
In addition, it is required to provide a “rubber” interface applicable for the desktop and tablet, as well as to minimize the number of requests to the network, to speed up work via the Internet
Improve ESIL features
ESIL based emulation support
First, you need to add (and improve) ESIL support for more architectures (see libr / anal / p / *).
Secondly, you will need to add the following features for the ESIL engine itself:
- Simplify commands for working with ESIL
- Ability to emulate the selected function (via ESIL)
- Calculating the value of the selected register at the selected program point on request
- Built-in emulation of standard library functions
- Tracing support
- Reverse Debugging
Dynamic emulation based analysis via ESIL
Here, I think, it should be clarified what is meant. This task is closely intersected with the previous one, since it allows on its basis to implement automatic code analysis in the course of its execution.
- Autodiscovery switch ()
- Detection of values ​​of dynamic jumps (links)
- Auto analysis of function parameters
- Improved cross-reference recognition (xrefs)
Automatic conversion of ESIL code to SSA (Single Static Assignment form)
As many know, this is the first step to full decompilation. In this task, the student will need to create a three-ton exchange of information between the three levels — the binary code (and dysasm), the ESIL representation, and the SSA representation.
Work on the interface and debugger features
This task will need to be performed based on a comparison of the capabilities of existing debugs: gdb, lldb, voltron, mona.py, peda, immunity. A list of what needs to be done:
- UI with code / stack / registers panels (as in peda / voltron)
- Display past and future breakpoints
- Hotkeys
- Setting up work with ASLR
- Showing function parameter values ​​if the breakpoint is on a call to this function (as in OllyDbg)
- Show values ​​(typed) on the stack and in registers
Writing a universal parser library for assemblers (rasm2)
This will be required to select it as a separate project, like capstone or sdb, to unify the syntax between assemblers and to support macro commands. We believe that the fasm syntax and macro language support would be ideal.
Improving the ability of radare2 to create graphs and visualize data and code
Here, the participant will need to improve the algorithms for rendering overlapping blocks, add full support for unicode and beautiful nodes, support colors and syntax highlighting, group the nodes and comment on them.
I did not begin to describe all the tasks, only emphasized the most “systemic”, more complete information can be obtained on the appropriate page .
Plan for the summer with a detailed description of the tasks is here: rada.re/rsoc
Official site of the project: rada.re
Become a sponsor of the RSoC campaign or just send a donation.
PS This year (apart from GSoC / RSoC) we are going to : improve Windows support (including better integrate WinDbg and PDB support), complete a full move to SDB, finish license revisions (for ease of linking to commercial products without any hesitation, what can be included in the assembly and what is not; improve support for mobile platforms (ARM, MIPS), simplify the writing of plug-ins and make the assembly and use of buyding more obvious, increase the number of regression tests and attract new developers.
Source: https://habr.com/ru/post/252905/
All Articles