Charles Hubain and Cédric Tessier
This talk will go over our efforts to implement a new open source DBI framework based on LLVM. We'll explain what DBI is used for, how it works, the implementation challenges we faced and compare a few of the existing frameworks with our own implementation.
We have been using DBI frameworks in our work for a few years now: to gather coverage information for fuzzing, to break whitebox cryptography implementations used in DRM or to simply assist reverse engineering.
However we were dissatisfied with the state of existing DBI frameworks: they were either not supporting mobile architectures, too focused on a very specific use cases or very hard to use. This prompted the idea of developing QBDI which has been in development for two years and a half.
With QBDI we wanted to try a modern take on DBI framework design and build a tool crafted to support mobile architectures from the start, adopting a modular design enabling its integration with other tools and that was easy to use by abstracting all the low-level details from the users.
In this talk we will review the motivation behind the usage of a DBI. We will explain its core principle and the main implementation challenges we faced. We will go through a few of the existing frameworks (Intel Pin, Valgrind, DynamoRIO) and compare our implementation choices with theirs. Finally, we will demo our framework and showcase its integration inside Frida.
We also plan to open source our framework under a permissive free software license (Apache 2) during the conference.