• Stars
    star
    102
  • Rank 335,584 (Top 7 %)
  • Language
    C
  • Created about 8 years ago
  • Updated almost 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Deprecated repo for PANDA 1.0 – see PANDA 2.0 repository

PANDA

This repository is deprecated. Please refer to PANDA 2.

No new updates will be made to this repository.

PANDA is an open-source Platform for Architecture-Neutral Dynamic Analysis. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses. Further, the replay log files are compact and shareable, allowing for repeatable experiments. A nine billion instruction boot of FreeBSD, e.g., is represented by only a few hundred MB. PANDA leverages QEMU's support of thirteen different CPU architectures to make analyses of those diverse instruction sets possible within the LLVM IR. In this way, PANDA can have a single dynamic taint analysis, for example, that precisely supports many CPUs. PANDA analyses are written in a simple plugin architecture which includes a mechanism to share functionality between plugins, increasing analysis code re-use and simplifying complex analysis development.

It is currently being developed in collaboration with MIT Lincoln Laboratory, NYU, and Northeastern University.

Building

Because PANDA has a few dependencies, we've encoded the build instructions into a script, panda_install.bash. The script should actually work on Debian 7/8 and Ubuntu 14.04, and it shouldn't be hard to translate the apt-get commands into whatever package manager your distribution uses. We currently only vouch for buildability on Debian 7/8 and Ubuntu 14.04, but we welcome pull requests to fix issues with other distros.

Note that if you want to use our LLVM features (mainly the dynamic taint system), you will need to install LLVM 3.3 from OS packages or compiled from source. On Ubuntu 14.04 this will happen automatically via panda_install.bash.

We don't currently support building on Mac/BSD, although it shouldn't be impossible with a few patches. We do rely on a few Linux-specific APIs.

Support

If you need help with PANDA, or want to discuss the project, you can join our IRC channel at #panda-re on Freenode, or join the PANDA mailing list.

We have a basic manual here.

PANDA Plugins

Details about the architecture-neutral plugin interface can be found in docs/PANDA.md. Existing plugins and tools can be found in qemu/panda_plugins and qemu/panda_tools.

Record/Replay

PANDA currently supports whole-system record/replay execution of x86, x86_64, and ARM guests. Documentation can be found in docs/record_replay.md.

Android Support

PANDA supports ARMv7 Android guests, running on the Goldfish emulated platform. Documentation can be found in docs/Android.md.

Publications

  • [1] B. Dolan-Gavitt, T. Leek, J. Hodosh, W. Lee. Tappan Zee (North) Bridge: Mining Memory Accesses for Introspection. 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.

  • [2] R. Whelan, T. Leek, D. Kaeli. Architecture-Independent Dynamic Information Flow Tracking. 22nd International Conference on Compiler Construction (CC), Rome, Italy, March 2013.

  • [3] B. Dolan-Gavitt, J. Hodosh, P. Hulin, T. Leek, R. Whelan. Repeatable Reverse Engineering with PANDA. 5th Program Protection and Reverse Engineering Workshop, Los Angeles, California, December 2015.

  • [4] M. Stamatogiannakis, P. Groth, H. Bos. Decoupling Provenance Capture and Analysis from Execution. 7th USENIX Workshop on the Theory and Practice of Provenance, Edinburgh, Scotland, July 2015.

  • [5] B. Dolan-Gavitt, P. Hulin, T. Leek, E. Kirda, A. Mambretti, W. Robertson, F. Ulrich, R. Whelan. LAVA: Large-scale Automated Vulnerability Addition. 37th IEEE Symposium on Security and Privacy, San Jose, California, May 2016.

License

GPLv2.

Acknowledgements

This work was sponsored by the Assistant Secretary of Defense for Research and Engineering under Air Force Contract #FA8721-05-C-0002.

More Repositories

1

fauxpilot

FauxPilot - an open-source GitHub Copilot server
Python
4,588
star
2

gpt-wpre

Whole-Program Reverse Engineering with GPT-3
Python
322
star
3

pdbparse

Python code to parse Microsoft PDB files
Python
306
star
4

creddump

Automatically exported from code.google.com/p/creddump
Python
232
star
5

fpsmt_gpu

Solving floating point SMT constraints on a GPU
C++
47
star
6

panda-malrec

A system to record malware using PANDA
Python
42
star
7

wdepy

Decryption utility for PGP Whole Disk Encryption
Python
17
star
8

elmfuzz

Evolving fuzzers with large language models
Python
11
star
9

csaw23_nervcenter

Pwn+Crypto challenge for CSAW 2023 Finals
C
7
star
10

func_asm_pairgen

Horrifying scripts / infrastructure to extract info from a large amount of C/C++ code
Python
7
star
11

2_ffast_2_furious

A more realistic demo of a buffer overflow cause by -ffast-math
C
7
star
12

irq_fuzzer

C
6
star
13

AsleepKeyboardDataset

Python
6
star
14

mmgrep

Fast search for binary strings
C
6
star
15

hilbert_kcov

Objective-C
5
star
16

fbtools

Some python tools to hack on Fitbits
Python
5
star
17

virtuoso

Automatically exported from code.google.com/p/virtuoso
C
5
star
18

polycoder_wrap

Wrapper to do text generation with VHellendoorn's PolyCoder model
Python
5
star
19

codex_cli

Script to hook OpenAI's Codex up to a Linux VM and try to execute commands
Python
4
star
20

panda_plugins_moyix

Repository for plugins that are useful to me but not generally applicable
C++
4
star
21

pandalog_taint_parser

A fast, parallel parser for PANDA taint logs
C++
4
star
22

ffdemo

Flush+Flush attack demo
C++
3
star
23

vidcolortree

Python
3
star
24

synthehol

A clone of Nick Fitzgerald's minisynth-rs
Rust
2
star
25

scripts

C++
2
star
26

debbuild

Tools and scripts for rebuilding all of Debian with bear (I should have used rebuilderd :p)
Python
2
star
27

AppSecAssignment1

C
1
star
28

ptrml

Using DNNs for dumb tasks: recognizing pointers
Python
1
star
29

appsec_hw1

C
1
star
30

codeql_weird_minimal

Minimal example of weird CodeQL behavior
C
1
star
31

feckless-woof

C
1
star
32

bwlightning

1
star
33

cardinal

Cardinal Pill Testing on Linux
Assembly
1
star
34

appsec_hw2

HTML
1
star
35

ipptests

Small tests to benchmark inter vs intra process communication.
C++
1
star
36

heapmap

C
1
star