After six months of active development, the BAP Team is proud to announce the release of the Binary Analysis Platform 1.4.
The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn’t require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python, and Rust. The Primus Framework also provides a Lisp-like DSL for writing program analysis tools.
The new release brings quite a few new features and several bug fixes. All summarized below. We would like to especially thank Anton Kochkov (aka XVilka) for contributing the MIPS lifter, and SoftSec Lab for extensive testing and verification of our lifter semantics.
BAP v1.4 can be installed via the OCaml Package Manager (opam) and NixOS package manager (nix). You can also use prebuilt deb, rpm, or tgz packages or build BAP manually from sources. A good selection of docker and vagrant recipes is also available, with some prebuilt docker images uploaded to DockerHub.
BAP is a moving target, so we are also encouraging everyone to use our rolling releases opam repository, that will give you access to the newest features and bug fixes as soon as they got merged into the master branch. Just add it to your opam with
opam repo add bap-testing \
https://github.com/BinaryAnalysisPlatform/opam-repository.git#testing
Release Notes
Features
- MIPS and MIPS64 lifters
- PowerPC and PowerPC64 lifters
- LLVM 5.0 compatibility
- BARE Binary Analysis Rule Engine
- New Taint Analysis Framework
- Primus Lisp 2.0 with symbols and methods
- Recipes
- Primus Test Framework
- Dataflow and Abstract Interpretation Framework
- Progress Reports and Profilers
- New primitives for BML
Bug fixes
- Incorrect error handling in x86 lifter
- Failure to decode ICC binaries
- Fixes equiv type in Graphlib
- Unhardcodes llvm backed in the linear sweep disassembler
- Fixes the memory printer
- Fixes handling relocations in reconstructor
- Fixes race condition in the source merge procedure
- Restores the source-type command line option
- Proper handling of tail calls in IR lifter
- Fixes segment registers in mov instruction
- Fixes xor in the BIL simplfication procedure
- Fixes flag calculation in the x86 sub instruction
- Fixes numerous missed sign extensions in x86 lifter
- Adds modulo operation to x86 rot/rol instructions
- Fixes operands order in the x86 xadd instruction
- Fixes segment duplication