Elf Explorer

Inspiration

I have been working at a low-level with binaries for several years, and their ecosystems can be very complex and intimidating with lots of nuance and poor documentation. I have a decent grasp of them only after much trial, error, and confusion.

A higher-level representation of a binary separated from the messy details like assembly code could be extremely helpful to students that are intimidated by the complexity of the ecosystem.

What it does

ELF Explorer displays the control flow of an arbitrary ELF binary in a high-level user-friendly way. It accomplishes this by presenting the call graph of a disassembled binary independent of the more complex details like the assembly code.

The binary's call graph is displayed in an interactive web browser window. The user can freely inspect the graph at various resolutions, and select individual nodes on the graph as well. When a node is selected, a dynamic panel in the browser displays information about the symbol that references the node, including function information from official sources and details on external symbols.

While it is not built for in-depth binary analysis, ELF Explorer would be a significant asset to any student wishing to become familiar with the general ELF binary ecosystem.

How we built it

ELF Explorer relies on GTIRB, a binary lifting and analysis intermediate representation, for call graph analysis. The call graph is parsed through python's networkx and plotly libraries, and then displayed using dash, a flask-based web framework.

Symbols definitions are identified through a web scraped database, taken from IBM's website and parsed into a useable format. This is built with extensiblility in mind for the future, it can be easily expanded.

Challenges we ran into

The majority of the challenges with this project were related to graphing the binary data. Parsing the data into the plotly format and finding an adequate graphing algorithm presented a challenge that required a lot of trial-and-error.