As of 2024, most reverse engineers still struggle to statically reverse Rust binaries. Static RE tools are beginning to develop features for analyzing Rust, and tools for recovering Rust library function signatures now exist. However, even when function symbols and signatures are available, analyzing data flow in Rust binaries is not trivial. The Rust type system, standard library, and compiler differ in many ways from C and C++, making type recovery difficult even for experienced reverse engineers.
This workshop provides a guide for reverse engineers on reconstructing types in Rust binaries. We will cover the basic building blocks of the Rust type system, from both the Rust programmer's perspective and the Rust compiler's perspective. From the primitive types, we will move to constructing the layouts of common standard library types found in Rust binaries, including types used in string formatting and in error handling. We will also cover artifacts inside Rust binaries that give information about type layout - how to find them, how to use them, and where in the Rust toolchain they actually come from.
The goal for this workshop is to provide the audience with a solid mental model for the layouts of Rust types, and present bite-sized practical techniques for Rust structure recovery. The intended audience for this workshop is reverse engineers who are familiar with reversing C or C++ code, but who are unfamiliar with both developing and reversing Rust.
Cindy Xiao , Decoder Loop
Cindy Xiao is an experienced malware analyst, security researcher, and software developer. She has given talks and workshops on malware and Rust reverse engineering at leading cybersecurity conferences, including RECon, RE//verse, and NorthSec.
Cindy is the founder of Decoder Loop, a specialty firm created to raise the bar for binary reverse engineering training. The tools, techniques, and resources that reverse engineers have were built for the era of C. Meanwhile, malware authors and software developers alike are rapidly switching to modern programming languages such as Rust. Decoder Loop offers expert training that levels the playing field for reverse engineers facing modern binaries.