Infer
The Infer plugin accesses the highest level representation of the information extracted from a binary file, and can be used to perform in-depth analyses. The inferred data features are gathered by using boomerang--a tool for acquiring the decompilation of a file, Radare2, and angr--an extensive tool for performing binary analysis.
get_cfg
uses angr and an extension of it called angr-utils. The CFG is saved as a PNG image file located in the same directory as the file upon which it was called, and it is displayed immediately.
get_ir
uses angr and its dependency PyVex to return the intermediate representation of the original bytes.
decompile
gets the decompilation by using boomerang to translate the binary into C code. The file is saved in the outputs directory within FoRREST's root directory.
deobfuscate
is currently being developed. We are planning to use a tool called metasm.
Not Yet Implemented
get_sys_calls
is intended to return the program's call to the host system. Not currently implemented, considering using strace
get_func_trace
is intended to return all calls to a specific function. Not currently implemented, considering calling FoRREST's get_functions
along with the disassembly to determine where functions are called, and by what other functions.
slice
Not currently implemented, planning to use angr to perform back-slicing.
get_stack_frames
is intended to return all of the stack frames built by the program during execution. Not currently implemented.
symbolic_exec
Not currently implemented, planning to use angr's execution engine for symbolic execution.
taint_analysis
Not currently implemented, considering using a combination of FoRREST's \verb/get_data_references/ and \verb/slice/ functions.