RE over Adobe Acrobat Reader using Immunity Debugger presented at REcon 2008

by Pablo Solè,

URL : http://www.recon.cx/2008/a/pablo_sole/ID_reCON_2008.pdf

Summary : Nowadays, security research and vulnerability assessment is becoming more specific and attacks tends to be application-focused. Blind scanning using generic fuzzers and automated generic tools don't have a significant level of success anymore. Vendors tend to use more and more those tools as testbeds on each release. It's necessary to build specialized programs that interact directly with the debugger and modify their behavior according to deep information about protocols and different program state. With this task in mind we created Immunity Debugger, a free distributed debugger, fully script-able that joins the power of a fast and practical GUI, with the robustness and programmatic properties of Python. The presentation will cover how to use Immunity Debugger to achieve this objective, diving deeply in the Adobe Acrobat Reader internals and its Javascript engine as a case-study. Unleashed information on how to find the methods implemented by each JS object and decode each method's arguments. With all these information together, the talk will guide the audience in the elaboration of a custom fuzzer combining SPIKE and the JS information to achieve the maximum goal, finding bugs.