Work of Christopher Domas of the
Battelle Memorial Institute
 Brief overview of his talk at REcon
› The Future of RE: Dynamic Binary
The goal is to answer “what is this and
what does it do?”
Lots of time to identify patterns
 Finding the patterns is an art.
Taking a computationally difficult task
and translating it to a problem our brains
naturally do
 Traversing thousands of lines of hex and
making sense of it in 20 seconds
 Obfuscation
 Embedded Devices
 Unknown formats
Our current best RE tools are completely
dependent on known structure
 Gates’ Law
› Software is getting slower more rapidly than
hardware becomes faster
› Amount of Information we need to analyze is
growing exponentially
Greg Conti
› US Military Academy
› Blackhat
Aldo Cortesi
› Nullcube
Even in unstructured data there are
relationships, especially among local hex
 Digraphs
Mapping data to Hilbert curves
Goal: Understanding data independent
of format
Named after Georg Cantor
 Works off of emphasizing the idea of
relationships between binary information
Bayesion Method to classify certain types
of formats
Current binary parsing
› Recursive descent: IDA style that follows
patterns and calls in code
› Linear sweep: objdump and goes through in
linear fashion
Rely on a structures grammar
 ..cantor.dust.. Uses probabilistic parsing,
which does not rely on grammar
A new way to look at binary information
 Can find demo from blackhat
 No updates since last summer
The full talk and slides located on the website:

