https://github.com/angr/angr Uses a Concolic execution engine where it can switch from running a binary concretely, break, and then define an unknown input and find what should I be to trigger a different breakpoint. - e.g. what should the “password” pointer be pointing to in order to trigger the “you’re in” branch of code.
Note: it still can’t reverse hashes. If you try to reverse md5 using this approach it’ll consume petabytes of RAM.
I think radare2 was looking into integrating with angr but I don’t know the status of the integration.
I’m an incident responder/malware analyst. Mostly do static analysis and reverse engineering. What would you say the benefit of your research and this binary analysis is compared to other offerings? What do you do about highly obfuscated or ‘benign’ looking binaries that aren’t?