Pass the SALT 2026

The aim of this talk is to address a common challenge faced by reverse engineers: distinguishing relevant software from third-party libraries within firmware or programs. This task often wastes time as unnecessary code is reversed.
Our goal is to provide an automatic function detection mechanism that enables researchers to efficiently identify third-party code, allowing them to focus on analyzing the proprietary components.

To tackle this issue, we introduce SightHouse, a new open-source project designed to assist reverse engineers. SightHouse is built on top of existing effective software, such as Ghidra's BSIM Similarity engine. Unlike previous tools like FLIRT, which rely on the raw bytes of the function; BSIM leverages Ghidra's P-Code (IIR), enabling cross-architecture similarity detection.

The challenges in function detection primarily revolve around the creation and maintenance of signature databases, and BSIM is no exception. Researchers face the task of finding, compiling, and extracting signatures from programs with symbols
to populate these databases, which can be a time-consuming process.

To address these challenges, we proposed an automated pipeline designed to maximize data collection for function extraction. This system works by automatically scraping open-source projects, compiling and analyzing them, thereby streamlining the process and reducing the manual effort required.

We will present our contributions, including the benchmarks and experiments conducted to evaluate and select between different similarity engines. Additionally, we will release SightHouse to share with the community and encourage further development and improvement.

Reverse engineers frequently encounter firmware or large binaries containing a mixture of proprietary code and numerous third-party libraries. Identifying which components belong to external libraries is a recurring and time-consuming challenge that can significantly slow down analysis.

This workshop introduces SightHouse, an open-source project designed to help reverse engineers automatically detect third-party functions within binaries. SightHouse leverages similarity detection techniques built on top of Ghidra’s BSIM engine, which uses Ghidra’s P-Code intermediate representation to enable cross-architecture function similarity analysis. By identifying reused code, researchers can quickly isolate proprietary logic and focus their efforts where it matters most.

The workshop will begin with a short introduction to the challenges of third-party code identification and the similarity detection techniques used in modern reverse engineering workflows. Participants will then be introduced to SightHouse, its architecture, and how it integrates with existing reverse engineering tools.

Following this introduction, participants will apply SightHouse on a real-world reverse engineering target, learning how to detect and filter third-party libraries in practice.

In the final part of the workshop, participants will explore how SightHouse can be extended. They will learn how to create their own workers, enabling them to add new data sources, automate signature extraction, and contribute to expanding the system’s capabilities.

By the end of the session, participants will understand how to integrate automated function identification into their reverse engineering workflows and how to customize SightHouse to fit their own research needs.