A modified version of Egalito targeted at statically eliminating and/or poisoning code reuse attack (CRA) gadgets. If you use this tool in your research, please cite the following paper (currently on Arxiv, but to appear in OOPSLA 2021): Brown, Michael D., Matthew Pruett, Robert Bigelow, Girish Mururu, and Santosh Pande. "Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets" arXiv:2005.08363v2 [cs.CR]. 2021. (https://arxiv.org/pdf/2005.08363.pdf) Suport: Gadget elimination behavior currently supports only x86_64 and work only in Egalito's mirror ELF mode. Gadget poisoning behavior is similarly limited in support, but currently does not work for GCC produced binaries as GCC does not respect the AMD64 ABI by default. It does work with Clang binaries. To use: Gadget elimination behavior can be triggered with the etharden app using the `--gadget-reduction` flag. Gadget poisoning behavior can be triggered using the `--gadget-poisoning` flag with the etharden app. Egalito's original README follows. Egalito is a binary recompiler, designed for implementing security hardening. It uses a low-level intermediate representation (EIR or Chunk) that accurately reflects all aspects of a program binary. Egalito uses metadata present in modern position-independent binaries to turn all cross-references into EIR Links, allowing code to be arbitrarily rearranged without additional overhead. Output generation in the form of ELFs or union ELFs is supported, and Egalito provides a custom loader that allows it to bootstrap into a fully self-hosted environment (parsing and transforming libegalito.so). Egalito supports x86_64 and aarch64, with experimental support for RISC-V. For more information, please visit: https://egalito.org To build: $ sudo apt-get install make g++ libreadline-dev gdb lsb-release unzip $ sudo apt-get install libc6-dbg libstdc++6-7-dbg # names may differ $ git submodule update --init --recursive $ make -j `nproc` To test, try: $ cd test/codegen && make && cd - $ cd app && ./etelf -m ../src/ex/hello hello && ./hello && cd - $ cd src && ./loader ex/hello && cd - $ cd app && ./etshell Other extensions: - Python bindings and Python shell: see app/README-python - Docker: see test/docker/README.md