<p>The complexity of modern applications makes binary auditing a long slow march without a significant investment in tools and techniques. BaSO4 is a new IDA plug-in that highlights the instructions responsible for processing and propagating the information stored at a given input range. Using dynamic data flow analysis based on a captured execution trace, BaSO4 can compute, for example, the instructions, memory locations, and registers used to process the string table in a Flash SWFfile. This information can be used to target manual audits and assist in reverse engineering. The analysis is computed for each byte of the tainted input and is linked to the abstract syntax of the input files.The IDA plug-in switches between various levels of abstract syntax and dynamically updates the highlighted code regions. The Tamarin VM (Adobe's open source AVM2 byte code engine) is used as a case study to illustrate the strengths and weaknesses of BaSO4.
</p><p>Dion has been breaking software since 1994, playing with debug.com and RalfBrown's Interrupt List. Somewhere along the way, he took a more respectablepath and ended up as a software developer. He has been writing code forembedded devices for the last 8 years. When not securing pay-per-viewporn for his current employer, he spends his time decompiling SNES games,bug hunting, and automating his bug hunting techniques. His relevantinterests include compilers, operating systems, programming languages andinterpreters.</p>