rev.ng: The Road Ahead

In this blog post we will briefly describe today's release, provide an overview of the components of rev.ng and introduce you the next steps the rev.ng project intends to take towards the 1.0 release.

We are inviting small groups of people to get access to nightly builds. If you already registered, be patient and monitor our Twitter account. Otherwise, register now.

Nightly builds release

Today, we start releasing nightly builds of all the rev.ng components including revng (binary lifter and translator), revng-c (the decompiler) and cold-revng (the user interface).

rev.ng is an ambitious project which took the long route in several aspects. We think this will prove to be a winning strategy to build an innovative product.

We're now starting to see the end of the tunnel that leads us to become a mature tool for binary analysis, but we're not there yet. Nightly builds are our way to invite you to join us along the last mile of the journey.

What to expect

rev.ng can currently handle binaries compiled for Linux targeting x86-64, i386, ARM, AArch64, MIPS and SystemZ. Here's a few things you can do with the current release.

1. Try out the UI using test files

The package we distribute includes a set of pre-lifted files. You can open them in the UI right away.

EXAMPLES=root/share/revng/qa/tests/runtime/x86_64/abi-enforced-for-decompilation
./revng ui $EXAMPLES/calc.bc

2. Lift, translate and run ls

You can also give a try to the binary translator. For instance, you can lift ls to LLVM IR, recompile it, and run it again:

wget 'https://rev.ng/downloads/ls-ubuntu-16.04'
chmod +x ls-ubuntu-16.04
./ls-ubuntu-16.04 --color=always -lhn
./revng translate ls-ubuntu-16.04
./ls-ubuntu-16.04.translated --color=always -lhn

Please note that translation support for non-x86-64 input architectures is working but has some limitations.

3. Decompile ls

The rev.ng UI also provides a wizard for decompilation.

What not to expect

The builds are to be considered unstable and under heavy development, therefore keep in mind to:

1. read the README.md
2. perform frequent updates
3. expect suboptimal decompiled code and crashes
4. report anything unexpected/slow
5. expect rapid improvements

For those, who have access to the nightly builds, the revng/help repository will contain a shortlist of known issues we're working on.

Overview of the rev.ng components

rev.ng is divided in several components, some of them are open source.

Let's start with the ones we forked from existing projects:

• qemu: our fork provides a dynamic library able to produce tiny code instructions from a raw sequence of bytes.
• llvm: our LLVM 10 fork with minor changes.
• qtcreator: the base of our UI.

The following projects are the open source parts of the rev.ng project:

• revng. The core of rev.ng: the binary lifter and translator. Given a binary program, it lifts to tiny code instructions and then to LLVM IR. Produces an LLVM module, and, optionally recompiles it.
• orchestra. Our almighty meta-build system. It handles all the dependencies for you, fetches them from our binary archives or builds them from source. Don't try to build rev.ng by yourself, use orchestra.
• revng-qa. A repository for our test programs.

The following projects will be released under a commercial license and are currently released as binaries only:

• revng-c. Takes revng output and decompiles it to C.
• caliban. A project providing an API to perform high-level actions on binaries, on top of which the UI and, in the future, our scripting engine are built.
• cold-revng. The UI, a QtCreator plugin.

Roadmap towards the release

In the following, we report a list of tasks to accomplish and components to develop/finalize in order to get to the final release. You can expect one or more blog posts or some other form of publication for each item.

• Release the nightly builds
• Create a GitHub repository to support nightly builds' users
• Completely move the development of open source projects to GitHub
• Requirements for tagging the beta:
  • CFG combing
  • Improved ABI Analysis
  • Type Shrinking Analysis
  • Data Layout Analysis
  • Value Manipulation Analysis
  • Define a data model for the analyzed program and how to change it
  • Identify libraries using strings (BigMatch)
  • Full PE/COFF and Mach-O support
• Requirements for tagging the 1.0 release:
  • Improve UI/UX
  • Python scripting engine
  • Windows and macOS port
  • Import C headers and debug information
  • Compatibility layer
  • Support for packers/self-modifying code
  • Support remote processing

Conclusions

We'd like to thank everyone who is participating in the nightly builds programme. Your feedback will help us along the way towards the final release.

Releasing nightly builds, along with switching to a fully open air development of the open source components, is part of our effort to spread the word and collect feedback. Our ultimate goal is to build a robust community to engage with and to grow a flourishing ecosystem of software based on rev.ng binary analysis framework.

Also, a shout-out to all those who put their hard work in order to make this first public release finally possible, in particular Pietro, Alain, fcremo and Andrea, but also all the others who contributed to spot bugs and share their opinions.

We hope you're excited as we are. Enjoy!