Binary Analysis is the process of identifying security vulnerabilities in binary files by evaluating those files with various security testing methodologies. The end purpose of this methodology is to identify critical security issues by using different static and dynamic analysis methods. One of the purposes of this methodology is to cover all low-hanging fruits i.e. basic vulnerabilities in one go and identify unknown vulnerabilities by iterating tasks easily.

Why is Binary Analysis important?

Generally, source code is proprietary in nature, and companies are hesitant to share source code with the security auditing organization. Sometimes, firmware binary comes as a third party product and source code is not available for analysis. Another example is the use of third party code and libraries in a product.

Binary Analysis help organizations to inspect binaries for security vulnerabilities without any involvement from the owner/developer.

Binary Analysis Methodology

Step 1: Scope Identification

Scope Identification is the preliminary step to initiate binary analysis. It is recommended to arrange a open communication between auditing agency and the client organization to identify the set of inputs required to start the activity.

In this step, lot of disagreement may happen between auditing agency and client organization as many inputs required for this step may be sensitive in nature. By end of this step, all required inputs should be drafted in a sheet of paper to avoid any confusion while assessment.

One example is the requirement of binary file for assessment. It may happen client organization is not ready to provide binary file directly to auditing agency. They are willing to give while hardware product and expect extraction of binary from hardware. One of the possibility is to provide binary in encrypted format. All those points should be drafted in a sheet of paper to avoid any confusion while assessment.

Step 2: Reconnaissance/Data Collection

This step is the most common important phase of binary assessment and it is also known as Information Gathering. This step allow auditors to collect as much information as they can on the target, by using different Linux commands, OSINT (Open Source Intelligence) tools and techniques.

You can use below Linux utilities to identify information related to binary. Try to identify detailed manual of any command by using one line script "man <command>"

  • file
  • find
  • strings
  • readelf
  • objdump
  • ldd
  • hexdump
  • ps
  • bash
  • locate

file command is extremely useful in identify file type if you know nothing about it. Similarly, this step use other Linux utilities to gain information of binary file.

Step 3: Vulnerability Assessment (VA)

VA activity is carried out by using mainly static analysis, dynamic analysis and manual testing. All three types of analysis requires set of tools and different manual methods.

At this stage, auditors use different tools and techniques to collect as much vulnerabilities in the binary file and try to inspectas many available attack vectors. The comprehensive data collected from this stage serves a basic to exploit vulnerabilities in next stage. This step may use below set of tools (listed few) to increase effectiveness of VA.

IDA Pro

Angr

Binary Ninja

Parasoft

Step 4: Exploitation

In this step, security team try to use different exploits available publically by using all possible attack vectors & vulnerabilities. This particular step use different methods and open-source scripts and customize tools to gain security issues as much as possible.

Step 5: Analysis of Results and Report Preparation

This is the final stage of the whole assessment process. In this stage, the security team combine all security findings and provide the client with a comprehensive report. The report will contain a both high level and low level analysis of all the security issues along with the report. This report also give a conclusion about both strength and weaknesses of binary file.

After submission of report, auditing organization will discuss findings with developer if required.

Conclusion

This blog list out basic steps to initiate binary analysis. This is a high level process that allows you think about the steps follow while assessment of binaries.