Automatically Inferring Image Base Addresses of ARM32 Binaries Using Architecture Features

Automatically Inferring Image Base Addresses of ARM32 Binaries Using Architecture Features

연구 분야: Analysis

학회: International Conference on Ubiquitous Security

We designed an innovative method, namely iBase, which automatically infers the image base address of an ARM32 binary by statistically, structurally, and semantically correlating the absolute and the relative addresses contained in the binary. iBase exploits ARM32’s architecture features, and hence it is immune to variances introduced by software development and compilation. In addition, iBase is parameter-free and it requires no manual configuration. We implemented iBase and performed evaluation using 20 ARM32 binaries. Our evaluation results have shown that iBase successfully detects base addresses for all of them and outperforms start-of-the-art tools including Ghidra and Radare2.