[GSoC'22] Project Ideas

Avatar2 applied to the Google Summer of Code 2022, but was unfortunately not selected as organization. Nonetheless, we keep our ideas here - if you are interested in approaching any of them, reach out to us!

---

avatar2.rs: Bringing Rust to avatar2’s core

Project size: Large 350h

Skill level: Intermediate / Advanced

Category: Risky / Exploratory

Mentors:

Marius Muench ([email protected]) & Paul Olivier ([email protected])

Project description:

As its core, avatar2 receives and dispatches from all the different targets it orchestrates. The logic for this was initially implemented using Python and its thread implementation. Unfortunately, this limits avatar2’s capability to scale to more than a couple of targets. This project aims to reimplement and replace the core architecture using Rust, allowing for greater scalability and execution speed.

Expected outcomes:

• An alternative design proposal for avatar2’s core, replacing Python threading with asynchronous primitives provided by Rust
• A proof of concept implementation for asynchronous dispatching of events inside the avatar2 infrastructure
• Python bindings to the new implementation for backwards compatibility

Skills required:

• Experience with the Rust programming language
• Interest in asynchronous programming

Links:

• https://rust-lang.github.io/async-book/

---

Continuous Integration for tests on physical devices

Project size: Medium 175h

Skill level: Intermediate

Category: Infrastructure

Mentors:

Marius Muench ([email protected]) & Paul Olivier ([email protected]) & Aurélien Francillon ([email protected])

Project description:

Since 2021, the Continuous Integration (CI) infrastructure of avatar2 is based on Github Actions. For now, basic testing on separate components are executed using unit tests and smoke tests. Given that one core advantage of avatar2 is the capability to orchestrate physical devices, we would like to extend our CI to also perform testing on sample hardware platforms (e.g., Nucleo board STM32LR152RE, nRF51_be). On success, this project would not only allow more realistic integration tests but also showcase all capabilities of avatar2.

Expected outcomes:

• Setup runner which can run test on physical boards
• Write unit and integration tests interacting with hardware components

Skills required:

• Python programming
• Interest into continuous integration, automation, and software testing

Links:

• https://github.com/avatartwo/avatar2-examples

---

Transitioning to standalone avatar2-targets

Project size: Medium 175h

Skill level: Intermediate

Category: Core development

Mentors:

Marius Muench ([email protected]) & Paul Olivier ([email protected])

Project description:

The initial design of avatar2 offers an intrinsic relationship between the orchestration and the target components. We have observed several projects reusing the avatar2 targets (e.g., GDBTarget) without the orchestration part. To offer improved flexibility for such efforts, this project would investigate how to loosen the ties between the target and orchestration components of avatar2 to provide targets as standalone objects for third-party projects.

Expected outcomes:

• Reimplementation of avatar2’s target infrastructure to allow for standalone targets
• Proof-of-concept of renewed avatar2 targets integrated with Symbion

Skills required:

• Python programming
• Interest in interaction with other open source project beyond avatar2

Links:

• https://docs.angr.io/advanced-topics/symbion
• https://github.com/angr/angr/issues/2701

---

Better symbolic execution integration

Project size: Flexible - both Medium (175h) and Large (350h) are possible

Skill level: Intermediate / Advanced

Category: Core development

Mentors:

Marius Muench ([email protected]) & Paul Olivier ([email protected])

Project description:

One of the supported features during the initial release of avatar2 was the integration with the angr framework providing for symbolic execution features. Over time, the corresponding angr-target became unmaintained and as a result, could not benefit from recent developments of the angr framework. This project would either look into updating and extending the existing angr-target, or explore the integration of other symbolic execution engines, such as SymQemu or S2E.

Expected outcomes:

• Proof-of-concept implementation showing robust symbolic execution capabilities on top of avatar2

Skills required:

• Python programming
• Understanding of, and interest in, symbolic execution

Links:

• https://angr.io/
• https://s2e.systems/
• https://github.com/eurecom-s3/symqemu

---

Add new dynamic analysis endpoints

Project size: Medium 175h

Skill level: Beginner / Intermediate

Category: Low-hanging fruit / New feature

Mentors:

Marius Muench ([email protected]) & Paul Olivier ([email protected])

Project description:

Avatar2 aims to enable interoperability of dynamic analysis tools for security analysis. Supporting additional tools will unlock new possibilities and extend the functionality of the framework. One example tool which would be good for integration could be the Ghidra Reverse Engineering framework. Ghidra provides both debugging and emulation interfaces, and, hence, would be a perfect fit to avatar2.

Expected outcomes:

• Implement a target, protocol and unit tests for new dynamic analysis tools.

Skills required:

• Python programming

Links:

• https://ghidra-sre.org/