PISE (Protocol Inference with Symbolic Execution) is a tool that leverages symbolic execution and automata learning to uncover the state machine of a protocol implemented in a given executable. It is available in two modules:
- The server: for performing the symbolic execution. Implemented in Python.
- The client (this repo): responsible for automata learning. Implemented in Java.
-
Java JDK:
sudo apt install openjdk-11-jre-headless
-
sudo apt install maven
-
GraphViz: for displaying state machines
sudo apt install graphviz
In order to start working with PISE, first clone this repo:
git clone https://github.com/ron4548/PISEClient.git
cd PISEClientInstall jdk, maven and GraphViz:
sudo apt install openjdk-11-jre-headless maven graphvizInstall maven dependencies:
mvn dependency:resolveCompile PISEClient:
mvn compileFirst, you need to run an instance of The server suitable for the binary you want to reverse engineer.
Second, start the client by running:
mvn exec:java -Dexec.mainClass="com.pise.client.PiseLearner"The PISE paper is available here.
Our Black Hat USA 2022 briefing is available here.