Ponce 0.2 released with multi-platform support

Published:
By: Alberto García Illera and Francisco Oca


As you may know from our [previous post] (https://research.trust.salesforce.com/Introducing-Ponce-One-click-symbolic-execution/), Ponce won the IDA Plugin Contest 2016. One of the possible improvements to Ponce suggested by the contest organizers was multiplatform support. Well, we’re excited to announce a new Ponce release, which includes Windows, Mac OS X and Linux compatibility. Now you can use Ponce in all of the IDA-compatible architectures.

Here, you can see Ponce running on Ubuntu:

ponce_on_ubuntu

We also added support for IDA 6.8 (the latest version is IDA 6.95). Some users reported issues when using the hex dump to taint values in IDA 6.8. IDA’s old version SDK doesn’t have support to select a range of bytes in the hex dump, so we disabled this functionality. The user still can taint memory using the disassembly view menu.

And that’s not all! We also added the following functionality after 68 commits:

  • Automatic tainting of Unicode main
  • Identifying unsupported instructions, like some FPU instructions
  • More Triton optimizations, so now Ponce should be faster!
  • Configurable auto-init
  • Various bug fixes

Our goal is for Ponce to be a useful tool for all reverse engineers. Here’s a glimpse of what we’d like to bring to future releases: * Adding symbolic information to the decompiled code * Automatically taint/symbolize all user inputs, file, network, register * Add manual expressions * Auto removing the colors and comments added by the plugin when a new execution starts * Improve performance when using library functions by using heuristics * Deal with symbolic memory reads

Thank you for all your feedback on Ponce so far! In our next post, we will showcase real scenarios where Ponce can reduce time it takes to complete your reverse engineering tasks.

All feedback is welcome, so don’t hesitate to send us questions or ask for a [specific feature] (https://github.com/illera88/ponce/issues) you’d like to see implemented.

Download Ponce v0.2.