Adding Flare-Floss String Analysis support #413
Labels
enhancement
New feature or request
reverse-engineering
Use case related to understanding unknown binary
Comments
whyitfor
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the use case for the feature?
strings from binutils doesn't work well on Go and Rust binaries since their strings aren't null terminated, but rather struct based. Flare-Floss from mandiant is better at it. In addition it supports extra features like string de-obfuscation.
Does the feature contain any proprietary information about another company's intellectual property?
No
How would you implement this feature?
From the experience I've had with floss its more experimental than strings. When it works its great and can give better output than strings, but it does take longer to run and it doesn't have support yet for ELFs (appears to be on their road map). Therefore, I don't think it should be a replacement for strings but rather in addition to. Implementing the backend appears straight forward and could be implemented in a similar manner to strings_analysis.py. As for the front-end, there could just be a checkbox added to the string search box called "Advanced Analysis".
Are there any (reasonable) alternative approaches?
For the backend maybe not, but for the frontend yes there are many different reasonable ways to expose the functionality.
Are you interested in implementing it yourself?
If this idea is within scope and approved, then sure.
The text was updated successfully, but these errors were encountered: