https://github.com/b2r2-org/funseeker

FunSeeker: Binary Function Identification Tool
https://github.com/b2r2-org/funseeker

binary-analysis function intel x86 x86-64

Last synced: 10 months ago
JSON representation

FunSeeker: Binary Function Identification Tool

• Host: GitHub
• URL: https://github.com/b2r2-org/funseeker
• Owner: B2R2-org
• License: mit
• Created: 2022-03-18T02:07:46.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2023-12-23T09:21:54.000Z (about 2 years ago)
• Last Synced: 2024-05-04T14:31:19.381Z (almost 2 years ago)
• Topics: binary-analysis, function, intel, x86, x86-64
• Language: F#
• Homepage:
• Size: 42 KB
• Stars: 23
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# FunSeeker

FunSeeker is function identification tool for Intel CET-enabled binaries.

FunSeeker leverages patterns of CET-relevant instructions to find function

entries. The details of the algorithm is in our [paper](https://softsec.kaist.ac.kr/~sangkilc/papers/kim-dsn2022.pdf),

"How'd Security Benefit Reverse Engineers? The Implication of Intel CET on

Function Identification," which will appear in DSN 2022.

### Build & Run

FunSeeker is written in F#, so you need to install [.NET SDK

6.0](https://dotnet.microsoft.com/en-us/download). Also, FunSeeker includes

following NuGet packages: [FSharp.Core

](https://www.nuget.org/packages/FSharp.Core/6.0.1) and

[B2R2.FrontEnd.BinInterface

](https://www.nuget.org/packages/B2R2.FrontEnd.BinInterface/0.6.0-alpha)

Next, you should download and build FunSeeker as follows.

```

$ git clone https://github.com/B2R2-org/FunSeeker.git

$ cd FunSeeker/

$ dotnet build -c Release

```

Now, you are ready to run FunSeeker. You can run it with following command

```

$ src/FunSeeker/bin/Release/net6.0/FunSeeker [binary_path]

```

### Docker

You can use Docker image to try out FunSeeker quickly.

```

docker build --tag funseeker .

docker run --rm funseeker /FunSeeker/src/FunSeeker/bin/Release/net6.0/FunSeeker [binary_path]

```

### Dataset

You can download our [dataset](https://drive.google.com/file/d/1tHv-Mws-rxy_3ErjSR6VS-0-xAKd0R0C/view?usp=sharing) which contains non-stripped binaries, stripped binaries and function list files.

### Authors

This research project has been conducted by [SoftSec Lab](https://softsec.kais.ac.kr) and [CSRC](https://csrc.kaist.ac.kr) at KAIST.

- Hyungseok Kim

- Junoh Lee

- [Soomin Kim](https://softsec.kaist.ac.kr/~soomink/)

- Seungil Jung

- [Sang Kil Cha](https://softsec.kaist.ac.kr/~sangkilc/)

### Citation

If you plan to use FunSeeker in your own research, please consider citing our [paper](https://softsec.kaist.ac.kr/~sangkilc/papers/kim-dsn2022.pdf):

```

@INPROCEEDINGS{kim:dsn:2022,

  author = {Hyungseok Kim and Junoh Lee and Soomin Kim and Seungil Jung and Sang Kil Cha},

  title = {How'd Security Benefit Reverse Engineers? The Implication of Intel CET on Function Identification},

  booktitle = dsn,

  year = 2022

}

```