galapag0 Posted May 25, 2013 Report Posted May 25, 2013 Hello!I'm asking for help/collaboration from the community toexpand and improve our tool called "Symbolic Exploit Assistant" (SEA) for assisted exploitgeneration of binary programs.In a few words, this tool starts with a path in a disassembled binaryrepresented with an abstract intermediate language (we start supporting REIL)to generate and solve SMT constraints according to the user request.If the solver finds a solution, the values for the input variables can be used toexploit the path of the program selected.Of course, SEA is not state of the art but a few examples from Gera's Insecure Programming can be "solved".We tried to look for other open source and public tools like SEA, but wecouldn't find any. We believe that there should be completely open toolsthat help people to find vulnerabilities easier and quicker.We don't like the idea that only some companies and governments haveaccess to such tools. This is a very small step in the directionof the democratisation of the access to exploitation tools.Finally, we ask the community for help to do research, development andimplementation of SEA in order to build a tool to perform binaryanalysis.The code and some documentation is available in:https://github.com/neuromancer/seaThanks! Quote
