StateLearner is a tool that can learn state machines from implementations using a black-box approach. It makes use of LearnLib for the learning specific algorithms.
This tool can be used for TLS implementations, smart cards and can be extended using its socket module.
An overview of different security protocols where state machine learning has been applied can be found here.
- graphviz
Build a self-contained jar file using the following command:
mvn package shade:shade
java -jar stateLearner-0.0.1-SNAPSHOT.jar <configuration file>
Example configurations can be found in the 'examples' directory. To run the OpenSSL example:
cd examples/openssl
java -jar ../../target/stateLearner-0.0.1-SNAPSHOT.jar server.properties
StateLearner (or one of its predecessors) has been used in the following publications:
- Automated Reverse Engineering using Lego, Georg Chalupar, Stefan Peherstorfer, Erik Poll and Joeri de Ruiter
- Protocol state fuzzing of TLS implementations, Joeri de Ruiter and Erik Poll
- A Tale of the OpenSSL State Machine: a Large-scale Black-box Analysis, Joeri de Ruiter