posted

0 Comments

By Christopher McCown

Our team is announcing the initial public release of Software Forensic Kit, an open source GitHub application that helps to quickly identify specific control flows within your binary files. With Software Forensic Kit installed, it can analyze your application(s) to determine if a function of interest exists and, if so, generate the call graph to that function.

In most cases, binaries are built upon other libraries which are built on top of even more libraries. This makes it really difficult to determine in a short period of time if your application really is using a certain function from a particular library. This needle in a haystack problem of multi-layered code is more difficult when you then need to analyze every application on a given machine.

Here’s where Software Forensic Kit can help. By pointing Software Forensic Kit to a given server and specifying the function of interest, it will provide you with a list of libraries that contain this function. Beyond just identifying applications of interest, it will also generate an interactive call graph on how that function might be reached in your code. This way you can filter out what you aren’t interested in and only focus on the code paths of interest.

Currently, Software Forensic Kit only analyzes Java binaries, but eventually we’d like to add support for additional programming languages. We welcome contributions from anyone interested in helping expand this project.

Like most projects, this tool was built to solve a specific problem we were facing. As part of the Security Response team, we are responsible for securing all products across the company, which includes the libraries those products are built upon. We needed a quick and easy way to analyze all of these applications and their libraries in an untainted, pre-built, production-ready environment. Software Forensic Kit was one of the solutions we came up with to help us in visualizing the control flow to these functions of interest.

Our future ideas, as mentioned earlier, include expanding Software Forensic Kit to analyze other programming languages as well as improving call graph UIs to make them easier to view, search and interact with. We are also exploring a more interactive mode so that you can make decisions during the execution of the analysis process.

When we have new functionality like that to announce, we’ll let you know here, so be sure to stay tuned to the Open Source Blog and follow us on Twitter (@vmwopensource) for updates.