Joxean Koret (@matalaz)Jul 12, 2023

I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.

#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations

Show threadJoxean Koret (@matalaz)Jul 12, 2023

The summary: given compilable source code and a binary corresponding to the previously mentioned source code, find the code added by the compiler that doesn't correspond to code in the actual source code, also find the code that is in the source codes *but* was optimized away for the compiler, and then apply some basic rules to determine what smells like a bug or a vulnerability.

How Hard Can It Be (TM)?

Show threadKarstenJul 12, 2023
@joxean sounds like a use-case for your Pigaios tool? :)
Show threadJoxean Koret (@matalaz)Jul 12, 2023
@grayfox Is similar, but it will require fully compilable source codes to prevent false positives.
Show threadKarstenJul 12, 2023
@joxean That's a good point! Although I can imagine you could get interesting results from source leaks and partial open sourced (apple), too. Even if more work to sort out FP.
Show threadJoxean Koret (@matalaz)Jul 12, 2023
@grayfox To begin with this project, I will focus on compilable source codes. I do have the knowledge to try with partially compilable ones but... I will try to make it as simple as possible at the beginning.
Show threadKarstenJul 12, 2023
@joxean makes absolutely sense :D I tend to fall into the trap to reach directly for complex solutions 😅
Show threadJoxean Koret (@matalaz)
@grayfox Hahaha, that's a very easy to fall trap for us.
Jul 12, 2023 at 2:50pmWeb