Searching Cryptographic Functions in Binary Code by Emulation


Supervision: Andre Pawlowski

Start date: as soon as possible

Duration: 3 months

More details:


The correct usage of Pseudo Random Number Generator (PRNG) or Hash functions are often critical for the security of systems. However, searching them in an application only available as binary is often done in the most basic way by searching for magic numbers or for characteristics of known implementations. This approach might miss not known implementations or some proprietary algorithms.

We started a project to search for PRNGs and Hash functions in a binary in a most generic way. On a high level, we emulate functions multiple times and check their output for a certain level of randomness. A prototype implementation written in Python already delivers promising results. However, the prototype has still two issues: poor performance for the emulation due to Python, and since we work on a static level without actually executing the application/shared library, function pointers are a remaining problem.

The aim of this thesis is to re-implement the emulation module for our prototype using a systems programming language (e.g., C++) and Unicorn. After finishing the re-implementation, a diverse set of measurements have to be taken to show the performance improvement by the implementation.

Tasks that need to be solved include:

  • Familiarize with Unicorn and emulation.
  • Familiarize with already developed Python prototype.


  • Familiarity with systems programming language.