Function Identification and Recovery Signature Tool

  • Angel Villegas


Reverse Engineering benign or malicious samples can take a considerable amount of time and new samples are created at an alarming rate. Leveraging disassemblers, like IDA Pro, a reverse engineer can analyze the same routines across several samples over the lifetime of their career. Their knowledge is not easily transferred to similar samples or functions for themselves or others.
In particular we can consider the problem code reuse has on reversing efforts, whether it is via statically-linked libraries or integrating existing software. In this paper we want to provide a solution for transferring knowledge to similar functions by introducing a new reverse engineering tool, named FIRST (Function Identification and Recovery Signature Tool), to reduce analysis time and enable information sharing.


P. Amini, "IDA Sync,"

C. Eagle, "CollabREate," The IDA Pro Book, chapter 23,

S. Porst, "ShaREing is Caring - Announcing the free BinCrowd community server," Zynamics Blog,

B. Edwards and A Portnoy, "Toolbag" Recon 2012,

M. Gaasedelen and N. Burnett, "Sol[IDA]rity,"

A. Meyers, "CrowdRE: Alpha++ Release," CrowdStrike Blog,

Xorpd, "FCatalog,"

S. H. H. Ding, B. C. M. Fung, and P. Charland, "Kam1n0: MapReduce-based Assembly Clone Search for Reverse Engineering," In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '16), p. 461-470.

Conference short papers