View article

Dynamic binary analysis techniques play a central role to study the security of software systems and detect vulnerabilities in a broad range of devices and applications. Over the past decade, a variety of different techniques have been published, often alongside the release of prototype tools to demonstrate their effectiveness. Unfortunately, most of those techniques’ implementations are deeply coupled with their dynamic analysis frameworks and are not easy to integrate in other frameworks. Those frameworks are not designed to expose their internal state or their results to other components. This prevents analysts from being able to combine together different tools to exploit their strengths and tackle complex problems which requires a combination of sophisticated techniques. Fragmentation and isolation are two important problems which too often results in duplicated efforts or in multiple equivalent solutions for the same problem–each based on a different programming language, abstraction model, or execution environment.

In this paper, we present avatar2, a dynamic multi-target orchestration framework designed to enable interoperability between different dynamic binary analysis frameworks, debuggers, emulators, and real physical devices. Avatar2 allows the analyst to organize different tools in a complex topology and then “move” the execution of binary code from one system to the other. The framework supports the automated transfer of the internal state of the device/application, as well as the configurable forwarding of input/output and memory accesses to physical peripherals or emulated targets.