5 Steps Binary Analysis Methodology [Updated 2022]

Binary Analysis is the process of identifying security vulnerabilities in binary files by evaluating those files with various security testing methodologies. The end purpose of this methodology is to identify critical security issues by using different static and dynamic analysis methods. One of the purposes of this methodology is to cover all low-hanging fruits i.e. basic vulnerabilities in one go and identify unknown vulnerabilities by iterating tasks easily.

Why is Binary Analysis important?

Generally, source code is proprietary in nature, and companies are hesitant to share source code with the security auditing organization. Sometimes, firmware binary comes as a third-party product, and the source code is not available for analysis. Another example is the use of third-party code and libraries in a product.

Binary Analysis help organizations inspect binaries for security vulnerabilities without any involvement from the owner/developer.

Binary Analysis Methodology

Step 1: Scope Identification

Scope Identification is the preliminary step to initiate the binary analysis. It is recommended to arrange an open communication between the auditing agency and the client organization to identify the set of inputs required to start the activity.

In this step, a lot of disagreement may happen between the auditing agencies and client organizations as many inputs required for this step may be sensitive in nature. By end of this step, all required inputs should be drafted on a sheet of paper to avoid any confusion while the assessment.

One example is the requirement of a binary file for assessment. It may happen client organization is not ready to provide binary files directly to the auditing agencies. They are willing to give while hardware product and expect extraction of binary from hardware. One of the possibilities is to provide binary in an encrypted format. All those points should be drafted on a sheet of paper to avoid any confusion while assessing.

Step 2: Reconnaissance/Data Collection

This step is the most common important phase of binary assessment and it is also known as Information Gathering. This step allows auditors to collect as much information as they can on the target, by using different Linux commands, OSINT (Open Source Intelligence) tools, and techniques.

You can use below Linux utilities to identify information related to binary. Try to identify the detailed manual of any command by using one line script "man <command>"

  • file
  • find
  • strings
  • readelf
  • objdump
  • ldd
  • hexdump
  • ps
  • bash
  • locate

The file command is extremely useful in identifying file type if you know nothing about it. Similarly, this step uses other Linux utilities to gain information on binary files.

Step 3: Vulnerability Assessment (VA)

VA activity is carried out by using mainly static analysis, dynamic analysis, and manual testing. All three types of analysis require a set of tools and different manual methods.

At this stage, auditors use different tools and techniques to collect as many vulnerabilities in the binary file and try to inspect as many available attack vectors. The comprehensive data collected from this stage serves as a basis to exploit vulnerabilities in the next stage. This step may use the below set of tools (listed few) to increase the effectiveness of VA.

IDA Pro

Angr

Binary Ninja

Parasoft

Step 4: Exploitation

In this step, the security team tries to use different exploits available publically by using all possible attack vectors & vulnerabilities. This particular step uses different methods and open-source scripts and customized tools to gain security issues as much as possible.

Step 5: Analysis of Results and Report Preparation

This is the final stage of the whole assessment process. In this stage, the security team combines all security findings and provides the client with a comprehensive report. The report will contain both high-level and low-level analyses of all the security issues along with the report. This report also gives a conclusion about both strengths and weaknesses of a binary file.

After the submission of a report, the auditing organization will discuss findings with a developer if required.

Conclusion

This blog list basic steps to initiate the binary analysis. This is a high-level process that allows you to think about the steps followed while assessment of binaries.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *