FunSeeker is function identification tool for Intel CET-enabled binaries. FunSeeker leverages patterns of CET-relevant instructions to find function entries. The details of the algorithm is in our paper, "How'd Security Benefit Reverse Engineers? The Implication of Intel CET on Function Identification," which will appear in DSN 2022.
FunSeeker is written in F#, so you need to install .NET SDK 6.0. Also, FunSeeker includes following NuGet packages: FSharp.Core and B2R2.FrontEnd.BinInterface
Next, you should download and build FunSeeker as follows.
$ git clone https://github.com/B2R2-org/FunSeeker.git
$ cd FunSeeker/
$ dotnet build -c Release
Now, you are ready to run FunSeeker. You can run it with following command
$ src/FunSeeker/bin/Release/net6.0/FunSeeker [binary_path]
You can use Docker image to try out FunSeeker quickly.
docker build --tag funseeker .
docker run --rm funseeker /FunSeeker/src/FunSeeker/bin/Release/net6.0/FunSeeker [binary_path]
You can download our dataset which contains non-stripped binaries, stripped binaries and function list files.
This research project has been conducted by SoftSec Lab and CSRC at KAIST.
- Hyungseok Kim
- Junoh Lee
- Soomin Kim
- Seungil Jung
- Sang Kil Cha
If you plan to use FunSeeker in your own research, please consider citing our paper:
@INPROCEEDINGS{kim:dsn:2022,
author = {Hyungseok Kim and Junoh Lee and Soomin Kim and Seungil Jung and Sang Kil Cha},
title = {How'd Security Benefit Reverse Engineers? The Implication of Intel CET on Function Identification},
booktitle = dsn,
year = 2022
}