https://miscreants.github.io/blog.trailofbits.com/categories/manticore/Recent content in manticore on The Trail of Bits BlogHugoen-usThu, 15 Dec 2022 08:00:23 -0500https://miscreants.github.io/blog.trailofbits.com/2022/12/15/manitcoreui-symbolic-execution-gui/Thu, 15 Dec 2022 08:00:23 -0500https://miscreants.github.io/blog.trailofbits.com/2022/12/15/manitcoreui-symbolic-execution-gui/During my internship at Trail of Bits, I explored the effectiveness of symbolic execution for finding vulnerabilities in native applications ranging from CTF challenges to popular open source libraries like image parsers, focusing on finding ways to enhance ManticoreUI. It is a powerful tool that improves accessibility to symbolic execution and vulnerability […]https://miscreants.github.io/blog.trailofbits.com/2022/12/13/manticore-gui-plugin-binary-ninja-ghidra/Tue, 13 Dec 2022 08:00:04 -0500https://miscreants.github.io/blog.trailofbits.com/2022/12/13/manticore-gui-plugin-binary-ninja-ghidra/Trail of Bits maintains Manticore, a symbolic execution engine that can analyze smart contracts and native binaries. While symbolic execution is a powerful technique that can augment the vulnerability discovery process, it requires some base domain knowledge and thus has its own learning curve. Given the plethora […]https://miscreants.github.io/blog.trailofbits.com/2021/11/17/mui-visualizing-symbolic-execution-with-manticore-and-binary-ninja/Wed, 17 Nov 2021 07:00:55 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/17/mui-visualizing-symbolic-execution-with-manticore-and-binary-ninja/During my summer internship, I had the wonderful opportunity to work on the Manticore User Interface (MUI). The MUI project aims to combine the strength of both Manticore, a powerful symbolic execution library, and Binary Ninja, a popular binary analysis tool, to provide a more intuitive and visual interface […]https://miscreants.github.io/blog.trailofbits.com/2020/07/12/new-manticore-verifier-for-smart-contracts/Sun, 12 Jul 2020 15:00:46 -0400https://miscreants.github.io/blog.trailofbits.com/2020/07/12/new-manticore-verifier-for-smart-contracts/Smart contract authors can now express security properties in the same language they use to write their code (Solidity) and our new tool, manticore-verifier, will automatically verify those invariants. Even better, Echidna and Manticore share the same format for specifying property tests. In other words, smart contract authors can now write one property test and […]https://miscreants.github.io/blog.trailofbits.com/2020/03/03/manticore-discovers-the-ens-bug/Tue, 03 Mar 2020 14:21:52 -0500https://miscreants.github.io/blog.trailofbits.com/2020/03/03/manticore-discovers-the-ens-bug/The Ethereum Name Service (ENS) contract recently suffered from a critical bug that prompted a security advisory and a migration to a new contract (CVE-2020-5232). ENS allows users to associate online resources with human-readable names. As you might expect, it allows you to transfer and sell domain names. Specific details about the bug were in […]https://miscreants.github.io/blog.trailofbits.com/2020/01/31/symbolically-executing-webassembly-in-manticore/Fri, 31 Jan 2020 09:00:26 -0500https://miscreants.github.io/blog.trailofbits.com/2020/01/31/symbolically-executing-webassembly-in-manticore/With the release of Manticore 0.3.3, we’re proud to announce support for symbolically executing WebAssembly (WASM) binaries. WASM is a newly standardized programming language that allows web developers to run code with near-native performance directly within the browser. Manticore 0.3.3 can explore all reachable states in a WASM program, and derive the concrete inputs that […]https://miscreants.github.io/blog.trailofbits.com/2019/10/24/watch-your-language-our-first-vyper-audit/Thu, 24 Oct 2019 07:00:04 -0400https://miscreants.github.io/blog.trailofbits.com/2019/10/24/watch-your-language-our-first-vyper-audit/A lot of companies are working on Ethereum smart contracts, yet writing secure contracts remains a difficult task. You still have to avoid common pitfalls, compiler issues, and constantly check your code for recently discovered risks. A recurrent source of vulnerabilities comes from the early state of the programming languages available. Most developers are using […]https://miscreants.github.io/blog.trailofbits.com/2019/06/07/announcing-manticore-0-3-0/Fri, 07 Jun 2019 06:50:57 -0400https://miscreants.github.io/blog.trailofbits.com/2019/06/07/announcing-manticore-0-3-0/Earlier this week, Manticore leapt forward to version 0.3.0. Advances for our symbolic execution engine now include: “fast forwarding” through concrete execution that you don’t care about, support for Linux binaries statically compiled for AArch64, and an interface for selectively solving for interesting test cases. We’ve been working really hard on these and other features […]https://miscreants.github.io/blog.trailofbits.com/2019/04/01/performing-concolic-execution-on-cryptographic-primitives/Mon, 01 Apr 2019 07:50:55 -0400https://miscreants.github.io/blog.trailofbits.com/2019/04/01/performing-concolic-execution-on-cryptographic-primitives/For my winternship and springternship at Trail of Bits, I researched novel techniques for symbolic execution on cryptographic protocols. I analyzed various implementation-level bugs in cryptographic libraries, and built a prototype Manticore-based concolic unit testing tool, Sandshrew, that analyzed C cryptographic primitives under a symbolic and concrete environment. Sandshrew is a first step […]https://miscreants.github.io/blog.trailofbits.com/2019/01/25/symbolic-path-merging-in-manticore/Fri, 25 Jan 2019 07:50:16 -0500https://miscreants.github.io/blog.trailofbits.com/2019/01/25/symbolic-path-merging-in-manticore/Each year, Trail of Bits runs a month-long winter internship “winternship” program. This year we were happy to host 4 winterns who contributed to 3 projects. This is the first in a series of blog posts covering the 2019 Wintern class. Our first report is from Vaibhav Sharma (@vbsharma), a PhD student at the University […]https://miscreants.github.io/blog.trailofbits.com/2019/01/23/fuzzing-an-api-with-deepstate-part-2/Wed, 23 Jan 2019 07:50:06 -0500https://miscreants.github.io/blog.trailofbits.com/2019/01/23/fuzzing-an-api-with-deepstate-part-2/Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand (as we did in Part 1) is fine, and we could try it again, but “the plural of anecdote is not data.” However, this is not strictly true. If we have enough anecdotes, we […]https://miscreants.github.io/blog.trailofbits.com/2019/01/22/fuzzing-an-api-with-deepstate-part-1/Tue, 22 Jan 2019 07:50:21 -0500https://miscreants.github.io/blog.trailofbits.com/2019/01/22/fuzzing-an-api-with-deepstate-part-1/Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much more fully featured test generator. The DeepState fuzzer, despite requiring no more coding effort, supports replay of regression tests, reduction of the size […]https://miscreants.github.io/blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/Tue, 14 Aug 2018 12:39:52 -0400https://miscreants.github.io/blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/This spring and summer, as an intern at Trail of Bits, I researched modeling fault attacks on RSA signatures. I looked at an optimization of RSA signing that uses the Chinese Remainder Theorem (CRT) and induced calculation faults that reveal private keys. I analyzed fault attacks at a low level rather than in […]https://miscreants.github.io/blog.trailofbits.com/2017/11/06/hands-on-the-ethernaut-ctf/Mon, 06 Nov 2017 14:32:19 -0500https://miscreants.github.io/blog.trailofbits.com/2017/11/06/hands-on-the-ethernaut-ctf/Last week Zeppelin released their Ethereum CTF, Ethernaut. This CTF is a good introduction to discover how to interact with a blockchain and learn the basics of the smart contract vulnerabilities. The CTF is hosted on the ropsten blockchain, and you can receive free ethers for it. The browser developer console is used to interact […]https://miscreants.github.io/blog.trailofbits.com/2017/05/15/magic-with-manticore/Mon, 15 May 2017 07:50:05 -0400https://miscreants.github.io/blog.trailofbits.com/2017/05/15/magic-with-manticore/Manticore is a next-generation binary analysis tool with a simple yet powerful API for symbolic execution, taint analysis, and instrumentation. Using Manticore one can identify ‘interesting’ code locations and deduce inputs that reach them. This can generate inputs for improved test coverage, or quickly lead execution to a vulnerability. I used Manticore’s power to solve Magic, a challenge […]https://miscreants.github.io/blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/Thu, 27 Apr 2017 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/Manticore helps us quickly take advantage of symbolic execution, taint analysis, and instrumentation to analyze binaries.https://miscreants.github.io/blog.trailofbits.com/2016/11/02/shin-grr-make-fuzzing-fast-again/Wed, 02 Nov 2016 07:50:40 -0400https://miscreants.github.io/blog.trailofbits.com/2016/11/02/shin-grr-make-fuzzing-fast-again/We’ve mentioned GRR before – it’s our high-speed, full-system emulator used to fuzz program binaries. We developed GRR for DARPA’s Cyber Grand Challenge (CGC), and now we’re releasing it as an open-source project! Go check it out. Fear GRR Bugs aren’t afraid of slow fuzzers, and that’s why GRR was designed with unique and innovative […]