GLIMPS AUDIT-EN

GLIMPS Audit

Find the code used in your binary instantly, among millions of libraries!

GLIMPS-Audit is based on a code detection technology, independent of the compilation options, of the tools chain used and even of the architecture (x86, ARM, PPC, MIPS…) ! Thanks to this, we compare in a very quick way a binary to be analyzed with millions of libraries and other binaries on shelves. We identify the ones included in the binary being analyzed, the closest versions, and document this in your database.

Use case examples :

Software security analysis

Detailed analysis of malware to identify the threat

Checking for the CVEs in a deliverable

GLIMPS-Audit allows to save time at the different steps of the analysis :
The diagram below presents the main characteristics of this technology:
An important time saving for the reverse-engineering analyst

Any binary analysis starts with a phase called code “recognition”. This phase can be fast, but often takes days, weeks or even months in the case of monolithic firmware, for example. Thanks to GLIMPS-Audit, you can now recognize and document almost instantaneously all known code, whether it is open source code (static libraries) or public proprietary code (environment runtime such as Delphi, Go, or MSVC, embedded OS firmware…).

In addition, today your binary software audit analysts are forced to start from scratch when a new version of the product they are working on is released. Thanks to GLIMPS-Audit, you can now capitalize on the work done by reapplying it on the new version and thus focus on the analysis of the new or modified code.

How does it work
 

GLIMPS-Audit now becomes the entry point of your work. When you want to start a new analysis, you just have to push the binary ion the GLIMPS-Audit web interface, which will perform a correlation with a database of millions of known libraries. This base contains several billion “Concept Codes”, which represent the elementary code building blocks of these libraries. In a few seconds (*), GLIMPS-Audit detects then all the libraries with common code, and proposes to generate the elements allowing you to exploit these results in your favorite analysis tool.

Glimps-Audit has a dedicated HMI but is also usable from IDA through a specific plugin, it also has an SDK and other plugins are under study, do not hesitate to contact us to indicate your needs.
(*) Depending on the size of the binary to be analyzed, we consider that a complete analysis on our entire database takes between 5s and 1 minute for very large binaries (several tens or hundreds of thousands of functions).
How to use it

GLIMPS-Audit can be used in several modes: via our infrastructure in SaaS mode, or “on Premise” if you wish to ensure the control of your hosting. The product does not need to be connected to the Internet to work.

On Premise

.

On Saas

In order to optimize your analyses, you have the possibility to use a “private” database containing your own analyzed binaries. They will then be part of the correlation phase, and you will be able to propagate the documentation information on your new analyses as if they were our pre-supplied databases.

Contact

Digital Square
1137A Avenue des Champs Blancs,
35510 Cesson-Sévigné

contact@glimps.fr