Uncategorized

Reversing Gameboy ROMs using Radare2

[…]…This post will describe how I solved simple.gb, a Gameboy ROM challenge written by @condret. It was actually my first time reversing a Gameboy ROM — and it was awesome![…]

https://www.megabeets.net/a-journey-into-radare-2-part-1/

https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/

Standard
Uncategorized

Radare Conference 2017

https://rada.re/con/2017/

http://radare.org/con/2017/

Training:
Beginner Training (pancake, alvarofe)
Intro to Unpacking on Windows (newlog, Giomismo, zlowram)
Beginner Training (maijin, xvilka)
Tiny uControllers firmware reversing and exploiting (dark_k3y)

Presentations:
r2frida (@mrmacete)
SIOL – condret
CFG-based fussy hash for malware classification using r2 (robin marsollier)
zdbg (@zutle)
GSoC talks (gdbserver, windows support and backstepping) @xvilka
r2anal (alvaro) + limits of esil (killabyte)
RAIR (@oddcoder)
r2 module for Yara (@plutec_net + @mmorenog)
Anal clemency (@raysong)
Intro to Reversing Windows Malware Using r2 @ newlog
Surprise talk by @oleavr
Diaphora and r2 (@pancake, @matalaz)
Road to the kernel (@nighterman)
Pimp my Triton (ak42)

Standard
Uncategorized

Reversing ARM firmware using Radare: scripts/bins available

Re: https://firmwaresecurity.com/2017/03/31/reversing-arm-firmware-using-radare-presentation-available/

The samples for this presentation are also available. Previously, it was just the presentation PDF.

http://radare.org/get/r2snow.zip

http://radare.org/get/r2snow.pdf

http://radare.org/

 

 

Standard
Uncategorized

scan_thinkpwn: searches for ThinkPwn vulnerability

THINKPWN SCANNER: This program is used to scan UEFI drivers extracted from firmware image for ThinkPwn vulnerability in vendor/model agnostic way.
AUTHORS:
@d_olex (aka Cr4sh) — initial Vivisect based version of the program;

@trufae (aka pankake) — radare2 based version (this one);

Read the source code for more user docs, including a detailed source comment about how the code works.

https://github.com/Cr4sh/ThinkPwn/blob/master/scan_thinkpwn.py

More info:
https://github.com/Cr4sh/ThinkPwn
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

Standard
Uncategorized

Using Radare to emulate BIOS

(There’s a Twitter URL for it, but I’ve lost it, sorry.)
Emulating a simple bootloader

Generally speaking, emulating a bootloader is simpler than it is for regular binaries, because they lack external libraries and usually have direct access to memory and hardware. In this case, the bootloader is a binary for x86 architecture which runs in 16-bits real mode using BIOS calls to perform its loading duties and textual input/output. The idea here is to emulate Cropta1 crackme using radare2 ESIL emulation, providing the needed BIOS via a trivial quick & dirty python implementation of just what it’s needed to run the crackme code. There are several ways to do it, I tried two of them and here is the story. […]

http://radare.today/posts/emulating-simple-bootloader/

 

Standard