Radare Summer of Code 2017 - Selection Results

This year, apart from our Google Summer of Code campaign we decided to start our own campaign again. But unlike the previous year we asked our candidates to focus on the high-level part of radare project - radeco and rune. We’ve been working on a decompiler (radeco) for 3 years already, and hope that this year you’ll be able to see the generated C pseudocode for the first time. Less famous, but nevertheless very important parts of modern reverse engineering, program analysis and vulnerability hunting, is the symbolic (and concolic, also known as dynamic) execution engine - rune. To be honest, for now it’s just a skeleton of what we have envisioned, but we hope soon it will be as usable as other parts of radare2 framework and toolset.

Radeco - The Decompiler

Hello, I’m Zhuo Zhang, also known as izhuer which I always used in CTF competition. I am a 20 year old student, currently at Shanghai Jiao Tong University, and meanwhile, a CTFer in 0ops.

Over last couple of weeks I’ve done several fixed for ragg2, including some bug fixes:

• fix some bugs in rcc_pushstr in egg_lang.c
• fix bugs when strings within ‘,’ and starting with non-zero char
• fix the segment fault when calling functions with arguments
• fix wrong label bugs in “while” syntax and rename some label
• fix odd syntax in “while” and “if”

Also, I have implemented some new features for ragg2:

• add support for directory in include
• add support for alias in include
• add support for if-else syntax
• add support for math operations in local variables

For this Radare Summer of Code, I will be working on radeco, a radare2 based decompiler. The first part of my job is to add log feature to log all such errors in radeco to improve analysis over time, which is a guiding task to make me familiar with the whole codebase. The secode part is my main job, for adding support to transform register SSA to memory SSA. And finally, I will complete the whole procedure from SSA to a kind of human-readable C code.

Excited, I am ready for this busy and challengeable summer.

Rune - Symbolic Executor

Hello, I am Chinmay Deshpande, a fresh graduate from India. I have been using radare2 for basic RE tasks in CTFs and have contributed several small patches to r2 over the years. I have always wanted to work on a major project for r2 and I believe RSoC is the perfect opportunity to do so. My major work has been along with Kishor on attempting to leverage the SSA-based radecoIR for optimizing symbolic execution strategies.

rune is a symbolic execution engine project written in Rust which was started by sushant94. Although the project works, there are a lot of missing features which make it unusable for testing/emulating complicated binaries. As a part of RSoC, I plan to extend and improve the usability and basic functionality of the emulator. The goal is to make it mature enough to be a playground for implementing newer analysis and research in SymEx as time progresses. Following are some of the goals I plan to achieve:

• Setting up a test framework for testing different modules such as the Engine and the Explorer
• Implementing a binary-loader for information retrieval from radare2
• Add an underlying OS model to allow users to emulate/hook system calls
• Multithreaded path exploration for BFS/DFS styled explorers
• [Dream] Finish the incomplete radeco-lib integration for users to have a convenient pipe between the two tools and hence allow to apply optimizations on the generated IR.