Results of Radare Summer of Code 2014 and the organization of the new RSoC / GSoC 2015

    Firstly, I want to report on the past RSoC'14 , thank the Habr audience for the help that allowed us to organize this event.

    Due to the fact that there was no need to follow the rules of Google, we were able to change the two "official" members "on the fly." Last year, we selected two official participants and 6 “unofficial” (no cash rewards) . However, in the coding promotion process, only three unofficial participants remained. But, since they successfully completed their tasks, we divided the money collected equally between them (about $ 700 per person). Let's consider the tasks in more detail :

    Two tasks were not completed / completed - this is a complete translation of the entire framework to use the sdb databaseand fine-tuning webui .

    On the other hand, three tasks were completed successfully, and currently all the code is in the main branch.

    Firstly, it supports parsing complex structures and displaying them in the required format using the pf command and the C data description parser (struct / union, etc).

    Secondly, it supports downloading and using FLIRT format signatures (from IDA Pro) , as well as integration with Yara . Due to the fact that this task was successfully completed, radare2 can be used to analyze malware using existing signature databases accumulated over the years of working with IDA Pro and Yara. Integration code with Yara moved to a separate repository .

    Well, the last successfully completed task is PDB support . The main difference from many debuggers and disassemblers (except IDA Pro) is the parsing of the format on its own, without using calls to the Windows system libraries.

    In addition, since last year the situation with documentation has improved significantly: radare.today/radare2-is-documented

    This year radare2 did not qualify for Google Summer of Code as an independent organization, which did not stop us, and we decided to repeat the experience of last year and start your own campaign again. Moreover, many thanks to the notorious solardiz and its Openwall projectunder whose patronage we will participate in GSoC'15 within the framework of one mission. To conduct our own RSoC'15, we will need 3,000 EUR to attract three participants.



    So, I summarize the information on both Summer of Code:

    Google Summer of Code:
    • There is a place for one participant
    • Applications can be submitted from March 16 to March 27
    • Payment of $ 5000
    • Standard program restrictions (only students and strict compliance with the rules of the event)


    Radare Summer of Code:
    • Applications are accepted from March 11 to May 3
    • Announcement of accepted participants on May 8
    • Programming from June 17 to September 16
    • Payment in the amount of 1000 EUR (supposedly depends on the amount of funds raised)
    • No restrictions on participants


    This year we presented the following assignments for GSoC students and RSoC participants:
    View assignments

    Web interface


    Creating widgets for:
    • Custom Hex Column Hex Editor
    • Graph: interactive graphs for blocks, functions, and comparisons
    • Sections
    • Search for strings, opcodes, and patterns
    • Structures: View, Create, and Modify

    In addition, it is required to provide a “rubber” interface applicable for desktop and tablet, as well as minimize the number of requests to the network to speed up work via the Internet


    Enhanced ESIL Features



    ESIL based emulation support


    First, you need to add (and improve) ESIL support for more architectures (see libr / anal / p / *).
    Secondly, you will need to add the following features for the ESIL engine itself:
    • Simplify ESIL Commands
    • Ability to emulate the selected function (via ESIL)
    • Calculation of the value of the selected register at the selected point of the program upon request
    • Built-in emulation of standard library functions
    • Trace support
    • Reverse Debugging


    Dynamic analysis based on emulation through ESIL


    Here, I think, it should be clarified what is meant. This task closely intersects with the previous one, since it allows it to implement automatic code analysis during its execution.
    • Autodiscover switch ()
    • Detecting Dynamic Jump Values ​​(Links)
    • Auto-analysis of function parameters
    • Improving cross-link recognition (xrefs)


    Automatic conversion of ESIL code to SSA (Single Static Assignment form)


    As many know, this is the first step to a full decompilation. In this assignment, the student will need to create a three-way exchange of information between the three levels - the binary code (and disasma), the ESIL view, and the SSA view.


    Work on the interface and debugger features


    This task will need to be performed based on a comparison of the capabilities of existing debugs: gdb, lldb, voltron, mona.py, peda, immunity. List of what will need to be done:
    • UI with code / stack / registers panels (as in peda / voltron)
    • Display past and future breakpoints
    • Hotkeys
    • Configure ASLR
    • Show function parameter values ​​if the breakpoint is on the call to this function (as in OllyDbg)
    • Showing values ​​(typed) on the stack and in registers



    Writing a universal parser library for assemblers (rasm2)


    This is required to separate it into a separate project, like capstone or sdb, to unify the syntax between assemblers and to support macros. We believe that fasm syntax and macro language support would be ideal .

    Enhanced radare2 graphing and data and code visualization capabilities


    Here, the participant will need to improve the algorithms for drawing overlapping blocks, add full support for Unicode and beautiful nodes, support for colors and syntax highlighting, grouping nodes and commenting on them.


    I did not begin to describe all the tasks, I only emphasized the most “backbone” ones, more complete information can be obtained on the corresponding page .


    A summer plan with a detailed description of the tasks is here: rada.re/rsoc

    Official project site: rada.re

    Become a sponsor of the RSoC campaign or just send a donation.

    PS This year (in isolation from GSoC / RSoC) we are going to : improve Windows support (including better integrate WinDbg and PDB support ), complete the full move to SDB, complete the license revision (for the convenience of linking to commercial products without too much thought, what you can include in the assembly and what not; improve support for mobile platforms (ARM, MIPS), simplify the writing of plugins and make assembly and use of bindings more obvious, increase the number of regression tests and attract new developers.

    Also popular now: