Just Released: CodeSonar 5.3. Learn More

CodeSurfer for Binaries

A binary reverse engineering and vulnerability research tool that understands pointers, indirect function calls, and whole-program effects, and helps cyber security teams to document and re-use the investigative process to evaluate software for cyber vulnerabilities.

Reverse Engineering from GrammaTech

While CodeSonar is an automated static analysis tool that finds bugs and generates a report of defects in the code, CodeSurfer is a program-understanding tool that makes manually analyzing applications and firmware more efficient. CodeSurfer can reverse engineer a binary application or firmware and analyze both the structure and the semantics of the program model, including concepts such as control flow graphs, data flow graphs, kills sets, value set analysis as well as indirect pointer resolution. CodeSurfer’s analysis is interprocedural and can transcend Instruction Set Architectures.


Why CodeSurfer?

Many reverse engineering tools interpret applications or firmware loosely. In contrast, CodeSurfer does a precise analysis and calculates a variety of representations that can be explored through the powerful programming API with bindings for many languages, including Python.

Notable features include:

  • Whole-Program Analysis. See any interactions among source files or within a whole binary executable.
  • Pointer Analysis. See which pointers point to which variables and procedures.
  • Call Graphs. See a complete call graph, including functions called indirectly via pointers.
  • GMOD/GREF Analysis. See all the globals a function uses or modifies.
  • Impact Analysis. See what statements depend on a selected statement or instruction.
  • Powerful Searching. Find information easily with precise searches.
  • Dataflow Analysis. Pinpoint where a variable was assigned its value.
  • Control Dependence Analysis. See the code that influences a statement's execution.
  • Decompliation. Translate assembly code into pseudo-C code to facilitate reviews.
  • Jupyter Executable Notebooks. Intermix documentation and scripting.
  • Visualization. UML-based visualization of interactions between components.

CodeSurfer Use Cases

CodeSurfer allows cyber security investigators a deep look inside the logic of binary applications or firmware. This is an often critical capability when 3rd party applications or libraries are used in safety or security critical systems such as network routers, automotive control systems, avionics or defense systems.

CodeSurfer allows the researcher to fold open the binary and take a deep look inside. Examples are:

  • Searching for code paths that call encryption functions
  • Searching for signatures that indicate open source libraries
  • Searching for SQL or command injection vulnerabilities
  • Searching for data taint and how it traverses the system
  • Searching for buffer overrun, or underrun situations

CodeSurfer API

CodeSurfer's API enables you to extend and customize CodeSurfer to meet your project-specific needs. For example, you can build specialized analyses or integrate CodeSurfer with other tools. The API supports many different languages, including Python, C, C++ and Java.


Program Representations

Deep-Structure Representations:

  • Normalized ASTs
  • Points-to information
  • Call graph
  • Indirect variable usage
  • Control and data dependence
  • Per-procedure non-local variable usage
  • Per-procedure I/O dependence

Surface-Structure Representations:

  • ASTs
  • Symbol table
  • Direct variable usage
  • CFGs
  • Basic blocks