CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution
In the past, Automatic Exploit Generation (AEG) research was seldom open-sourced. This research was inspired from AFL++ , and publishes an open source exploit generator, CRAX++.
CRAX is an exploit generator developed by SQLab from National Chiao Tung University. The design principle of CRAX++ is to become an exploit generation framework which is clean architected, easy to extend, reproducible, and able to integrate several AEG researches in the future. Given a x86_64 Linux ELF and PoC input, the input will generate a specific execution path, the system uses concolic execution to search the limitation of that path, add exploit constraints to it, and generates the final exploit script by SMT solver. Additionally, the system enables users to add custom threat techniques and analyze modules, to maximize the scalability of the system.
This session will introduce the structure and design of CRAX++, and discuss the difficulties faced during development, and the future of the system.