This version of GaLity has been re-implemented within GSA (https://github.com/michaelbrownuc/GadgetSetAnalyzer) and is no longer supported. The functionality in this project will be supported as part of GSA from now on. This repository has been left up for informational purposes only.
GaLity is an open-source implementation to compute metrics on sets of gadgets which has been developed by Andreas Follner. This particular version has been updated and expanded by Michael D. Brown. This version of gality will calculate the originally proposed metrics for JOP and COP gadgets, and also incorporates some minor bug fixes and code comments.
If you use this version of Gality in your research, please cite the following papers:
Andreas Follner, Alexandre Bartel, Eric Bodden: Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality, in Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS), London, UK, 2016 [bib] [pdf]
Michael D. Brown, Santosh Pande: Is Less Really More? Why Reducing Code Reuse Gadget Counts via Software Debloating Doesn't Necessarily Indicate Improved Security, arXiv:1902.10880v3 [cs.CR] [pdf]
The easiest way is to import the git project into Eclipse and to let it compile it automatically.
You can also compile the program on the command line:
$ cd gality
$ javac -d ./bin/ src/gality/Program.javaThe first argument is the file containing the set of gadgets generated by ROPgadget. The second argument is Gality's output file.
You can use a "run configuration" to give parameters to gality and then run gality.
$ ROPgadget --binary /usr/bin/whereis > /tmp/whereis.gadgets
$ java -cp ./bin/ gality.Program /tmp/whereis.gadgets /tmp/whereis.gadgets.metrics