crauEmu — your IDE for code-reuse attacks — ZeroNights 2019
crauEmu — your IDE for code-reuse attacks

If facing the process of creating, modifying, and debugging ROP/JOP and other code-reuse payloads is your typical nightmare scenario, we’re here to help return your healthy sleep. In this talk, we’ll introduce the crauEmu plugin for IDA Pro, which will simplify the process. Thanks to emulation, the plugin enables quick and simple checks and debugs of both individual gadgets and entire gadget chains.

crauEmu is built as a plugin for IDA Pro. It’s written in IDAPython and is an add-in for the uEmu plugin, which, in turn, is based on Unicorn Engine.

The primary purpose of crauEmu is to simplify the development of ROP, JOP, and other code-reuse payloads. For this, an additional view was implemented that allows for easier editing payload of an exploit.

crauEmu is capable of facilitating analysis and modification of already existing payloads and transferring them between researchers.

For demonstration, we’ll show how the plugin works with the checkm8 exploit and, possibly, with other exploits.

Alex Kovrizhnykh

Alex Kovrizhnykh

Alex Kovrizhnykh is an information security expert at Digital Security specialized in reverse engineering.
Reports
Reports