Cerberus is the tool you want to use to make Rust and Go static analysis a lot easier.
Based on hashing and scoring systems, it can retrieve lots of symbol names.
After analyzing your ELF binary to find the used libraries, Cerberus will download and build them.
Then the tool will hash (in various ways) the functions in your file and in the libraries to make matches.
Build the tool
How to use ?
Syntax
Parameters
Flags
Example
Warning
- You need to have Python3, Cargo, Go and the binutils package installed on your system.
- Clone the repository.
- Install Python dependencies using
pip3 install -r requirements.txt. - Build the tool using
./build.sh. - Add the generated
distdirectory to your path usingPATH=$PATH:~/path/to/the/repo/dist.
cerberus binary [-param value] [--flag]
output -> Specifies the path for the resulting ELF file.
part_hash_len -> Specifies the length of a part hash. The part hash of a function is just a reduction of the function with a linear pace.
This technique is used to prevent fixed addresses from corrupting a standard hash. Default value : 20
part_hash_trust -> Specifies minimum ratio of similarity between the two hashed functions to compare. The kept function will be the one with the most matches anyway.
Increasing this value will reduce the number of matched functions but speed up execution time. Default value : 0.6
min_func_size -> The minimum length a function must be to get analyzed. Decreasing this value will increase matches but also false positives. Default value : 10
help -> Displays a help message.
debug -> Enable debug level of logging.
no-prompt -> Automatically skips user prompts
The following command will try to unstrip the file ./rust_example into a new ELF called ./rust_example_syms.
cerberus ./rust_example -output ./rust_example_syms
Here is a comparison of the main function in the two files using Binary Ninja :
This software must only be used to carry out lawful experiments and I am not responsible for any breach of this rule !