In 2011, the Cyber Research Lab began developing an integrated suite of tools for reverse engineering application software from executable forms called “DigR.” DigR provides analysts with easy-to-use tools to inspect software without source code, as well as static and dynamic analysis capabilities that enable stealthy-debugging in a graph-based reverse engineering tool.
Through this Independent Research and Development (IR&D) project, Riverside Research developed several modules, including a program importer, a binary analyzer, a 32-bit x86 disassembler and debugger, and a code segment assembler. DigR also provides a disassembly view and graph-based views of disassembly, methods to navigate using the graph view and hex view of a program, viewers for functions, text strings, and execution traces, and a set of intelligent concept and function identification heuristics.
In 2013, the ideas that were prototyped in the previous years’ Internal Research and Development (IRAD) efforts were fully developed into a cohesive software system that can be delivered to potential customers in the Version 1.0 release of DigR. Enhanced by many new features, including reverse debugging and the ability to parse ELF (LINUX) and Mach-O (Mac OS) binary files, the Cyber Laboratory has worked intensively to create and improve the tool and provide system administrators with insight into the software that runs in their networks. The Cyber Laboratory’s efforts to improve software development led to the implementation of new processes including defect management, formalized software testing, and automated software build with continuous integration. These processes continue to pay dividends past 2013 as the Cyber Laboratory continues to use the technologies and processes established during the 2011-2012 DigR IRAD effort in the current development efforts.