Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
I recently discovered
@ModernVintageG's channel on YouTube. A lot of stuff about old video game copy protections (arcade, console, PC), emulation, game development, etc. Good production values, too. Great stuff for reverse engineering enthusiasts.https://youtu.be/vCtXZM8iG-o -
A recent result: deobfuscation via relational abstract interpretationpic.twitter.com/qPNUZsvBpm
-
I must be missing something -- IDA has all of those VTable structures already? (With function pointer types, not just names.) E.g. I selected four at random and all were available via "Add standard structure", see attachedpic.twitter.com/oQU3Jz0XJo
-
Found it. The keyboard shortcut is 4,451 characters long, though.pic.twitter.com/ZXWBruiesK
-
-
Research went better than expected. No manual work was involved in creating this screenshot. All type information was automatically generated and automatically applied to a freshly-created database.pic.twitter.com/p59yPB4seF
-
The disassembler does support that; use the "structure offset chooser" (place your cursor on the operand and press 'T') after importing the JNINativeInterface structure.pic.twitter.com/C93N5k1MAT
-
That's correct -- I made a list of instructions observed as causing page faults and implemented mostly only those. For flags-setting instructions, I just thunk down to assembly, for speed, and so I don't have to implement them.pic.twitter.com/SOSGIUY0d0
-
Perusing Ghidra's ARMneon.sinc, it uses intrinsics for those instructions. Hex-Rays has good support for x86 intrinsics (see pic), but apparently lacks some on ARM. It would not be difficult for them or third-parties to add them. An annoying limitation, but not a fundamental one.pic.twitter.com/lW0RIWvi9W
-
Lucky you! Sitting next to
@criscifuentes on a panel discussion at ACSC was one of the proudest moments of my career.pic.twitter.com/nMZLTfncpw
-
-
Just spent an hour looking at MBA obfuscation for the first time. At first glance it seems pretty trivial to break with some abstract algebra. (This was done automatically, based on black-box dynamic analysis, not using a SAT/SMT solver or any third-party libraries):pic.twitter.com/hUxGBnvObc
Prikaži ovu nit -
Ghidra's extensibility is jaw-dropping. Today I needed the pcode to model the x86 parity flag, which it doesn't do by default. 30 minutes and a 35-line patch to ia.sinc later, I can proceed. No other tool even comes close to how easy that was. (diff: https://github.com/RolfRolles/GhidraPAL/blob/master/ia.diff … …)pic.twitter.com/SQOKX5ZkwB
-
Promptly delivered and as advertised, A+++, would win contest again https://twitter.com/rgb_lights/status/1106570883601235969?s=21 …pic.twitter.com/A7EapuNpwp
-
1250 lines of Java later, I ported one of my abstract interpretation-based deobfuscation tools (https://www.msreverseengineering.com/blog/2014/6/23/control-flow-deobfuscation-via-abstract-interpretation …) to Ghidra:pic.twitter.com/1rRLwdJC5T
-
"I wish I knew how Hex-Rays worked internally, so I could write better plugins for it." Three months later...pic.twitter.com/3CYUoW8ZR8
-
Here, for example, is a paper about Java. Yet most Java programmers don't know, or need to know, that stuff. That information is for language implementers, tool developers, and researchers.pic.twitter.com/38pF8VETXW
-
Looks like I will be deprived of future updates on IdaKiller.jspic.twitter.com/IwN8ESIpWv
-
Hoffman and Kunze define it as a function, and make reference to representation theory:pic.twitter.com/m2oa3hl7KO
-
It all started when I wanted to know how "Create new struct type..." worked, and it sort of spiraled from there ;-)pic.twitter.com/0bGnkOJATs
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.