HiLo

1. HiLo Thomas Goehner, Chris Turney 1

2. 2 The Problem: automation in reverse engineering • Understanding and modifying running binaries lacks automation • Reverse engineers spend a large portion of their time just understanding how a program works • We'd rather that reverse engineers spend their time working on top of a program • Real life example – Halo & HaloBoom

3. 3 A Current Solution: OllyDBG OllyDBG is a tool similar to what we want Can set breakpoints on code and data Can analyze the stack to point out return addresses Can be used to debug your programs But doesn't: Simulate a call Have a powerful pattern matcher for searching through instructions

4. 4 Our approach: HiLo We are planning on developing a scripting language that will make reverse engineering easier Simulate and trace: Keep track of all changes made during a simulated call At the end, we have an object storing these changes Provide a method to easily search through these changes (pattern matching)

5. 5 Example: Enable Developer Mode Possible demo: Make a cheat using HiLo that discovers the address of the rolled value in a 'guess-my-number' game Implementation Plan: 1 – Develop grammar,parser,and basic interpreter (as in PA1) 2 - Develop basic mechanisms required for our language: Read/Write to memory by address Execute calls 3 - Simulate & Trace 4 – Pattern matching for step 3