

Symbolic Exploit Assistant (SEA) - neur0mancer
https://github.com/neuromancer/SEA

======
shiven
REIL code only. :-(

With no free/open-source x86-->REIL translator, this is not as exciting as I
was hoping it is.

Good luck with it though. Am a bit disappointed as I can't test it right away.

~~~
neur0mancer
We want to replace REIL with BAP. REIL was a good starting point, since
instructions are very easy to parse and understand, but BAP is the future.

Another option is to adapt the open source (r)reil translator[1]

[1]
[https://bitbucket.org/mb0/gdsl/src/94d607a5f058/specificatio...](https://bitbucket.org/mb0/gdsl/src/94d607a5f058/specifications/x86?at=default)

------
nitrogen
_The tool founds it is solvable if the user controls the initial value of a
local variable (which is usually not possible)_

The initial value of a local variable can be controlled if you can control the
final value of a local value in a previously called function that happens to
wind up at the same point on the stack, if that local variable is not
explicitly initialized.

~~~
neur0mancer
Exactly, but since this is not a possibility in the analyzed binary (the stack
memory of this variable is not flagged as user-controllable), the solution
can't be used to exploit it.

------
Cyph0n
I don't understand much of it, but it looks interesting nonetheless.

------
cheez
That's bloody awesome.

~~~
neur0mancer
Thanks!

Btw, the project is looking for collaborators. I belive this is the kind of
approach to discover and report security vulnerabilities in the 21st century..

~~~
saidajigumi
> I belive this is the kind of approach to discover and report security
> vulnerabilities in the 21st century..

Depending on how capable the analysis suite becomes, then it would be very
interesting to run it from CI.

