Uncategorized

Cutter 1.0 released (GUI for radare2)

Re: https://firmwaresecurity.com/2017/09/25/iaito-becomes-cutter/

Cutter 1.0 has been released:

https://github.com/radareorg/cutter/releases/tag/v1.0
http://radare.org/

See-also:
https://insinuator.net/2016/10/reverse-engineering-with-radare2-part-3/
https://radare.gitbooks.io/radare2book/content/
https://github.com/ifding/radare2-tutorial

Screenshot

Standard
Uncategorized

REmatch: binary diffing framework

“REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.

REmatch, a simple binary diffing utility that just works. At least, we hope it will be. Rematch is still a work in progress and is not fully functional at the moment. We’re currently working on bringing up basic functionality. Check us out again soon or watch for updates! It is intended to be used by reverse engineers by revealing and identifying previously reverse engineered similar functions and migrating documentation and annotations to current IDB. It does that by locally collecting data about functions in your IDB and uploading that information to a web service (which you’re supposed to set up as well). Upon request, the web service can match your functions against all (or part) of previously uploaded functions and provide matches. A secondary goal of this (which is not currently pursued) is to allow synchronization between multiple reverse engineers working on the same file. The goal of REmatch is to act as a maintained, extendable, open source tool for advanced assembly function-level binary comparison and matching. Rematch will be a completely open source and free (as in speech) community-driven tool. We support buttom-up organizational methods and desire Rematch to be heavily influenced by it’s users (both in decision making and development).[…]”

 

https://github.com/nirizr/rematch

Standard
Uncategorized

IDA Pro 7.0 released

https://www.hex-rays.com/products/ida/7.0/index.shtml

https://hex-rays.com/products/decompiler/news.shtml#170914

Standard
Uncategorized

Anti-disassembly on ARM with IDA

[…]So what else is cool about this is, this is just one combination of invalid bytes that creates a PLD instruction the processor can ingest. There’s all sorts of combinations that will cause this same thing to happen

https://kbdsmoke.me/anti-disassembly-on-arm-ida-specifically/

Standard
Uncategorized

BootStomp: Android bootloader vulnerability finder

BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper. To run BootStomp’s analyses, please read the following instructions. Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results.[…]

https://seclab.cs.ucsb.edu/academic/publishing/#bootstomp-security-bootloaders-mobile-devices-2017

https://github.com/ucsb-seclab/BootStomp/blob/master/tools/huawei_tools/oeminfo_exploit.py

https://github.com/ucsb-seclab/BootStomp

print [!] Usage: + sys.argv[0] + <oeminfo.img> <exploit_oeminfo.img>\n

Lots of links to read at the end of the github readme web page.

 

Standard
Uncategorized

uEmu: Unicorn-based emulator plugin for IDA

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.

Supports following architectures out of the box: x86, x64, ARM, ARM64.

What is it GOOD for?
* Emulate bare metal code (bootloaders, embedded firmware etc)
* Emulate standalone functions

https://github.com/alexhude/uEmu

Standard