Hash All The Things / Get All The Sig(s) - Introducing Sighthouse for Seamless Function Detection

No ratings

Presented at RE//verse 2026 by

The aim of this talk is to address a common challenge faced by reverse engineers: distinguishing relevant software from third-party libraries within firmware or programs. This task often wastes time as unnecessary code is reversed. Our goal is to provide an automatic function detection mechanism that enables researchers to efficiently identify third-party code, allowing them to focus on analyzing the proprietary components. To tackle this issue, we introduce SightHouse, a new open-source project designed to assist reverse engineers. SightHouse is built on top of existing effective software, such as Ghidra's BSIM Similarity engine. Unlike previous tools like FLIRT, which rely on the raw bytes of the function; BSIM leverages Ghidra's P-Code (IIR), enabling cross-architecture similarity detection. The challenges in function detection primarily revolve around the creation and maintenance of signature databases, and BSIM is no exception. Researchers face the task of finding, compiling, and extracting signatures from programs with symbols to populate these databases, which can be a time-consuming process. To address these challenges, we proposed an automated pipeline designed to maximize data collection for function extraction. This system works by automatically scraping open-source projects, compiling and analyzing them, thereby streamlining the process and reducing the manual effort required. We will present our contributions, including the benchmarks and experiments conducted to evaluate and select between different similarity engines. Additionally, we will release SightHouse to share with the community and encourage further development and improvement.