D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling

2023 IEEE Symposium on Security and Privacy (SP) Pub Date : 2023-05-01 DOI:10.1109/SP46215.2023.10179307

Yapeng Ye, Zhuo Zhang, Qingkai Shi, Yousra Aafer, X. Zhang

{"title":"D-ARM: Disassembling ARM Binaries by Lightweight Superset Instruction Interpretation and Graph Modeling","authors":"Yapeng Ye, Zhuo Zhang, Qingkai Shi, Yousra Aafer, X. Zhang","doi":"10.1109/SP46215.2023.10179307","DOIUrl":null,"url":null,"abstract":"ARM binary analysis has a wide range of applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, particularly AArch32, has a number of unique features making disassembly distinct from x86 disassembly, such as the mixing of ARM and Thumb instruction modes, implicit mode switching within an application, and more prevalent use of inlined data. Existing techniques cannot achieve high accuracy when binaries become complex and have undergone obfuscation. We propose a novel ARM binary disassembly technique that is particularly designed to address challenges in legacy code for 32-bit ARM binaries. It features a lightweight superset instruction interpretation method to derive rich semantic information and a graph-theory based method that aggregates such information to produce final results. Our comparative evaluation with a number of state-of-the-art disassemblers, including Ghidra, IDA, P-Disasm, XDA, D-Disasm, and Spedi, on thousands of binaries generated from SPEC2000 and SPEC2006 with various settings, and real-world applications collected online show that our technique D-ARM substantially outperforms the baselines.","PeriodicalId":439989,"journal":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP46215.2023.10179307","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

ARM binary analysis has a wide range of applications in ARM system security. A fundamental challenge is ARM disassembly. ARM, particularly AArch32, has a number of unique features making disassembly distinct from x86 disassembly, such as the mixing of ARM and Thumb instruction modes, implicit mode switching within an application, and more prevalent use of inlined data. Existing techniques cannot achieve high accuracy when binaries become complex and have undergone obfuscation. We propose a novel ARM binary disassembly technique that is particularly designed to address challenges in legacy code for 32-bit ARM binaries. It features a lightweight superset instruction interpretation method to derive rich semantic information and a graph-theory based method that aggregates such information to produce final results. Our comparative evaluation with a number of state-of-the-art disassemblers, including Ghidra, IDA, P-Disasm, XDA, D-Disasm, and Spedi, on thousands of binaries generated from SPEC2000 and SPEC2006 with various settings, and real-world applications collected online show that our technique D-ARM substantially outperforms the baselines.

查看原文本刊更多论文

D-ARM:基于轻量级超集指令解释和图建模的ARM二进制文件反汇编

ARM二进制分析在ARM系统安全中有着广泛的应用。一个基本的挑战是ARM的反汇编。ARM，特别是AArch32，具有许多独特的特性，使反汇编与x86反汇编不同，例如ARM和Thumb指令模式的混合，应用程序中的隐式模式切换，以及更普遍地使用内联数据。当二进制文件变得复杂并经历了混淆时，现有的技术无法达到高精度。我们提出了一种新的ARM二进制反汇编技术，专门用于解决32位ARM二进制文件遗留代码中的挑战。它具有轻量级的超集指令解释方法来获得丰富的语义信息，以及基于图论的方法来聚合这些信息以产生最终结果。我们与许多最先进的反汇编器(包括Ghidra、IDA、P-Disasm、XDA、D-Disasm和Spedi)对SPEC2000和SPEC2006在各种设置下生成的数千个二进制文件以及在线收集的实际应用程序进行了比较评估，结果表明我们的D-ARM技术大大优于基线。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量