Keystone Engine: Next Generation Assembler Framework

Assembler is an application that compiles a string of assembly code and returns instruction encodings. An assembler framework allows us to build new tools, and is a fundamental component in the Reverse Engineering (RE) toolset. However, a good assembler framework is sorely missed since the ice age! Indeed, there is no single multi-architecture, multi-platform and open source framework available and the whole RE community are badly suffering from this lingering issue.

We have decided to step up again to solve this challenge once and for all. We built Keystone, an assembler engine with unparalleled features:

- Multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, & X86 (include 16/32/64bit). - Clean/simple/lightweight/intuitive architecture-neutral API. - Implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go & Rust available. - Native support for Windows & nix (with Mac OSX, Linux, BSD & Solaris confirmed). - Thread-safe by design. - Open source.

This talk is going to introduce some existing assembler frameworks, then goes into details of their design/implementation and explains their current issues. Next, we will present the architecture of Keystone and the challenges of designing and implementing it. The audience will understand the advantages of our engine and see why the future is assured, so that Keystone will keep getting better, stronger and become the ultimate assembler engine of choice for the security community.

Keystone aims to lay the ground for innovative works and open up new opportunities for future of security research and development. To conclude the talk, some new advanced RE tools built on top of Keystone will be introduced to demonstrate its power.

Keystone has a homepage at http://www.keystone-engine.org. Full source code of our engine will be released at Black Hat USA 2016.

Presented by