27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Referenten
kornau
Programm
Tag Day 4 - 2010-12-30
Raum Saal 2
Beginn 14:30
Dauer 00:30
Info
ID 4168
Veranstaltungstyp Vortrag
Track Hacking
Sprache der Veranstaltung englisch
Feedback

A framework for automated architecture-independent gadget search

CCC edition

We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set.

Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.