27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Speakers
kornau
Schedule
Day Day 4 - 2010-12-30
Room Saal 2
Start time 14:30
Duration 00:30
Info
ID 4168
Event type Lecture
Track Hacking
Language used for presentation English
Feedback

A framework for automated architecture-independent gadget search

CCC edition

We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set.

Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.