Skip to content

chop-project/chop

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CHOP - Catch Handler Oriented Programming

CHOP paper thumbnail

This repository contains the source code release accompanying our paper "Let Me Unwind That For You: Exceptions to Backward-Edge Protection".

In a nutshell, CHOP is a binary exploit technique which relies on confusing the unwinder when operating on corrupted metadata (e.g., after a stack-based buffer overflow). This allows an attacker to hijack control-flow even with traditional backwards-edge defenses, such as canaries or shadowstacks, in-place.

For more details, please read our paper or browse this repository!

Dataset

The crawler for our large-scale data set is located in analysis. However, if you want to replicate our work using the same dataset as in our paper, you download our crawled packages directly here (~67GB).

Alternatively, you could also directly download a mirror of our database here (~2.9GB) and use the pgsql_import.sh script to import it after unpacking. But be warned: this database was created at the beginning of the project and grew over time. As such, it may include outdated fields and tables which are not used by the current analysis scripts.

Citing

Our paper will be published at the Network and Distributed System Security Symposium 2023. Please use the following bibtex to refer to our work:

@inproceedings{duta_chop_2023,
  title = {{Let Me Unwind That For You: Exceptions to Backward-Edge Protection}},
  booktitle = {{Symposium on Network and Distributed System Security (NDSS)}},
  author = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},
  year = {2023}
}

Black Hat Talk

We also presented our findings at BlackHat EU'22. You can find the slides here and a recording will (likely) be available at a later time.

Recon Talk

We presented exception handling internals at Recon'22. These internals are useful background for understanding CHOP attacks. You can find the recording here and the slides here.

About

Binary exploitation by confusing the unwinder

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published