Marius Muench
Marius is a postdoctoral researcher at Vrije Universiteit Amsterdam. His research interests cover (in-)security of embedded systems, as well as binary and microarchitectural exploitation. He obtained his PhD from Sorbonne University in cooperation with EURECOM. He developed and maintains avatar2, a framework for analyzing embedded systems firmware. Most recently, he used the framework in the scope of the FirmWire project for automated security testing of cellular baseband implementations.
Sessions
Error handling is often done using exceptions. Because error code paths represent abnormal program behavior, they are an interesting target for reverse engineering.
Try, catch and throw semantics are straight-forward to use when programming, but what’s happening behind the scenes? On a quest to figure this out, we will follow an exception on its journey from the throw statement all the way to it being caught by its handler. On its way it will interact with many different parts of the program’s runtime, which will use DWARF information to unwind the stack, determining the handler using Language-Specific Data Areas (LSDA), personality routines, and more.
Using what we learnt, we’ll introduce a reverse-engineering plugin for Binary Ninja that extracts exception handling information from ELF and Mach-O binaries.