Advanced binary and source code analysis platform. Support for low-cost and high-assurance binary patching. Effective workflows for malware analysis, binary understanding, C code quality, and vulnerability detection. Demonstrated best-in-class over many DARPA and IARPA projects.
CodeHawk is a powerful open-source tool that redefines static analysis and binary patching for modern software challenges. Aarno Labs currently maintains and adds new advanced capabilities to CodeHawk. With a foundation in sound mathematical principles and a proven track record across DARPA and IARPA programs such as STONESOUP, AMP, HACCS, STAC, and MUSE, CodeHawk delivers industrial-strength capabilities for precise code analysis. It supports a diverse range of architectures, including C soure code and binaries (x86, MIPS, ARM32, and Power32), while scaling to analyze large codebases like the Linux kernel or entire device firmware.
At the core of CodeHawk’s analysis is its robust implementation of abstract interpretation, a mathematical framework that enables sound reasoning about program behavior without execution. By leveraging advanced abstract domains—such as intervals, polyhedra, symbolic sets, and taint analysis—CodeHawk captures precise and comprehensive program behaviors and semantics. For binaries, unlike other binary analysis platforms, CodeHawk's analysis results can be trusted to be correct. Furthermore, CodeHawk produces more precise results with more comprehensive analyses, including its own verifiable architectural models and its own disassemblers, ensuring accurate detection of vulnerabilities with fewer false positives. Designed to scale, CodeHawk’s architecture has been demonstrated on complex software systems.
Aarno Labs has employed CodeHawk on multiple DARPA programs and with clients to deliver best-in-class outcomes. With the help of CodeHawk’s analysis, in DARPA HACCS, Aarno Labs produced the most automatically-generated exploiting inputs for known vulnerabilities. For DARPA AMP, an independent evaluation team achieved the shortest time to produce a patch on a stripped binary, employing CodeHawk’s validated and modifiable C lifting. Aarno Labs employed CodeHawk to discover and understand a vulnerability in a popular medical device, verify (as in prove) that the binary vendor patch closed the discovered vulnerability, and understand the other changes of the patch.
Aarno Labs' offers various services related to CodeHawk. We can incorporate the analysis directly into your development or program understanding workflows (including vulnerability discovery). We also provide services that employ CodeHawk to provide lower-cost and better results for our clients' requests related to vulnerability analysis, firmware understanding, patch understanding, and source code quality.
Delivers precise, actionable insights into memory safety, undefined behaviors, and vulnerabilities in C code using advanced abstract interpretation and a rigorous model of C semantics.
Drastically lower the cost of minimally invasive, high-assurance patches for binaries without source code, perfect for fixing vulnerabilities in legacy and end-of-life software.
Deeper static analysis to help identify and understand vulnerabilities across diverse binaries, including our own verifiable disassemblers and architecture models. Let our analysis do the hard stuff.
Rapidly and precisely understand the risks of your own code or 3rd-party code. Summarized results for an overall picture, or drill down into each issue found. Precise analysis dramatically reduces false positives.
Our advanced relational analyses provide an intuitive and detailed understanding between versions of a binary or firmware. Validated analyses produce trustworthy results, enabling you to reason about the risks and benefits of new software.
Reveals program behavior and source structure through deep and scalable analysis. Reduce time and improve debugging, reverse engineering, and vulnerability understanding workflows.
For BlackHat Arsenal 2024, we presented CodeHawk's low-cost, high-assurance binary patching capabilities. The video below provides an overview and demo of these capabilities.
We have developed a suite of plugins for IDA Pro to intuitively query and display CodeHawk's binary analysis conclusions. Our workflows are demonstrated to drastically increase the effectiveness and efficiency of binary understanding, particularly vulnerability discovery.
