Giters

michaelbrownuc / egalito-gadgets

Modified version of Egalito for use in CRA gadget elimination and poisoning.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

A modified version of Egalito targeted at statically eliminating and/or poisoning 
code reuse attack (CRA) gadgets.

If you use this tool in your research, please cite the following paper 
(currently on Arxiv, but to appear in OOPSLA 2021):

Brown, Michael D., Matthew Pruett, Robert Bigelow, Girish Mururu, 
and Santosh Pande. "Not So Fast: Understanding and Mitigating Negative 
Impacts of Compiler Optimizations on Code Reuse Gadget Sets" 
arXiv:2005.08363v2 [cs.CR]. 2021. (https://arxiv.org/pdf/2005.08363.pdf)

Suport: Gadget elimination behavior currently supports only x86_64 and work only 
in Egalito's mirror ELF mode. Gadget poisoning behavior is similarly limited in 
support, but currently does not work for GCC produced binaries as GCC does not 
respect the AMD64 ABI by default. It does work with Clang binaries.

To use: Gadget elimination behavior can be triggered with the etharden app using the 
`--gadget-reduction` flag. Gadget poisoning behavior can be triggered using the 
`--gadget-poisoning` flag with the etharden app.


Egalito's original README follows.


Egalito is a binary recompiler, designed for implementing security hardening.
It uses a low-level intermediate representation (EIR or Chunk) that accurately
reflects all aspects of a program binary. Egalito uses metadata present in
modern position-independent binaries to turn all cross-references into EIR
Links, allowing code to be arbitrarily rearranged without additional overhead.
Output generation in the form of ELFs or union ELFs is supported, and Egalito
provides a custom loader that allows it to bootstrap into a fully self-hosted
environment (parsing and transforming libegalito.so).

Egalito supports x86_64 and aarch64, with experimental support for RISC-V.

For more information, please visit: https://egalito.org

To build:
$ sudo apt-get install make g++ libreadline-dev gdb lsb-release unzip
$ sudo apt-get install libc6-dbg libstdc++6-7-dbg  # names may differ
$ git submodule update --init --recursive
$ make -j `nproc`

To test, try:
$ cd test/codegen && make && cd -
$ cd app && ./etelf -m ../src/ex/hello hello && ./hello && cd -
$ cd src && ./loader ex/hello && cd -
$ cd app && ./etshell

Other extensions:
- Python bindings and Python shell: see app/README-python
- Docker: see test/docker/README.md

About

Modified version of Egalito for use in CRA gadget elimination and poisoning.

License:GNU General Public License v3.0

Languages

Language:C++ 93.5%Language:C 1.7%Language:Makefile 1.3%Language:Shell 0.9%Language:Perl 0.9%Language:Assembly 0.8%Language:Python 0.8%Language:Roff 0.0%Language:GDB 0.0%