The Binary Analysis Platform is a reverse engineering and program analysis platform that targets binaries, i.e., compiled programs without the source code. BAP supports multiple architectures (more than 30), though the first tier architectures are x86, x86-64, and ARM. BAP operates by disassembling and lifting the binary code into the RISC-like BAP Instruction Language (BIL). Thus the analysis, implemented in BAP, is architecture independent in a sense that it will work equally well for all the supported architectures. The platform comes with a set of tools, libraries, and plugins. The main purpose of BAP is to provide a toolkit for automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, though we have bindings to C, Python, and Rust.
The v1.3 release is the 13th and the biggest public release in the history of BAP, that brings lots of new stuff, including:
New OGRE loader that works smoothly with all sorts of the binaries, including Linux and Darwin kernel modules, shared libraries, and other peculiar program representations
Memory consumption is reduced several times (special thanks to the Spacetime team)
Primus - the CPU emulation and microexecution framework
Better and more concise program representation, thanks to the dead code elimination pass with effect analysis
I read about BAP a few months ago, and I was like shit this would seem pretty useful in my security research, I finally got to playing with it this week, and I love it so far, I also read the papers on bitblaze, and splitscreen.
However, while the blog is pretty helpful, and it’s pretty wel documented, and obviously it has a lot of features, what I think would be really useful for adoption, would be like a blog post detailing on using it to reverse different live malware samples, with pictures, because the majority of malware analysts i know, tend to prefer that kind of thing.
That’s a really good point. I’m thinking of it myself. But I’m struggling to find an interesting but rather easy example as a showcase. As soon as I get to something real and interesting, and becomes a little bit complicated to show. So, if you have any ideas out of your head, please share, and I will try to cook a blog post out of them
Well, for something interesting but complicated, I wouldn’t be worried about the audience giving up so much as the ammount of time you will lose obsessing over it, and like watching a week go by, when you were supposed to just to write a blog post and then, hating yourself afterwards, and then finding out that like the information that you suffered for, was already posted by some guys at kapersky, along with more useful info, in a 3 page release.
Malware Analysts, are just uncomfortable wiith the unfamiliar, but they do have better attention spans, than most software engineers.
