A talk on the first heuristic-free static binary rewriter for aarch64.
Why is it the first? Because everyone else already knew how much of a bad idea this would have been.
There's a bunch of closed-source arm64 binaries out there that we can't really fuzz efficiently due to slow dynamic instrumentation.
Static binary rewriting has been around since decades, but was mostly focused on x86.
Porting it to arm64 should be a straightforward task, right?
This is the story of how a simple "4-week port of an existing x86 rewriter" took 2+ years instead.
Maybe the real treasure is the CVEs we made along the way?
Warning: the talk might contain sensitive imagery of ARM Assembly. Viewers have been warned.
This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.
Please look for "audio tracks" in your desktop video player.