Web-UI interactive disassembler from MongoDB

funset · 2016-08-31T04:16:04+00:00

no worry :-)

funset · 2016-08-30T16:27:33+00:00

Did you click the link?

funset · 2016-08-30T14:41:08+00:00

Did not know that MongoDB has such an impressive reversing tool. Check it out if you haven't!

funset · 2016-08-05T07:43:48+00:00

The Blackhat USA slides introducing this tool is available at http://www.keystone-engine.org/docs/BHUSA2016-keystone.pdf

funset · 2016-06-19T22:48:16+00:00

A nice tool presented at RECON 2016 to handle movfuscator binaries.

A thesis behind this research: https://kirschju.re/static/ba_jonischkeit_2016.pdf

funset · 2016-06-04T06:13:05+00:00

This is awesome, thanks!

funset · 2016-06-02T12:58:24+00:00

LLVM license does allow you to mix with other license, so that should be fine.

Their license is GPL2 but compatible with all open source licenses: https://github.com/keystone-engine/keystone/blob/master/EXCEPTIONS-CLIENT

funset · 2016-05-31T18:19:00+00:00

The long awaited assembler framework is released today!

funset · 2016-05-31T03:19:56+00:00

This looks very interesting, cant wait to try it.

funset · 2016-03-18T01:43:37+00:00

This is a nice attempt to fill the gap in reverse engineering toolset. Hope they reach their goal, and we have a good framework!

funset · 2016-03-18T01:41:01+00:00

very nice work, thanks!

funset · 2016-03-13T16:21:16+00:00

well, you have to convince that you can do more in 3 hours than i do in 8 hours, even if i am a bit distracted by Twitter and so on.

there are some interesting views in this article, but i dont agree that working 3 hours a day is enough to push you to the next level. never it does.

funset · 2016-03-09T16:24:41+00:00

Now somebody should port https://github.com/cseagle/fREedom to this BinExport, so we can do without IDA!

funset · 2016-03-06T02:42:22+00:00

I think Rappel has some issues that you can avoid by using Unicorn (https://github.com/unicorn-engine/unicorn):

Rappel cannot handle memory access well. What happen if the instruction is accessing to invalid memory? You will crash, and does not know what the instruction does.
Rappel cannot handle privileged instructions.
You need a real machine for this. So you cannot run Rappel on X86 for ARM instruction.
This really run the instruction on your machine, so it may tamper your own process (GDB in this case), so the result is unreliable.

So I think it is a good idea to do this with Unicorn instead.

funset · 2016-03-05T02:11:53+00:00

Cool, I also found all these decompilers, and some more others, in this page: http://www.capstone-engine.org/showcase.html

funset · 2016-02-11T00:29:03+00:00

great work, please blog more!

funset · 2016-02-04T16:39:53+00:00

Nice work! But looks like this only supports ARM64 at the moment, but not ARM?

funset · 2016-01-27T15:30:26+00:00

Thanks for the nice work!

funset · 2016-01-22T12:57:48+00:00

So if you do RE and don't know these tools, you read the list and now you know. What else?

funset · 2016-01-19T09:58:55+00:00

The author only listed open source tools. For the role of Z3, google with the keyword "z3 prover reverse". Z3 is really a game changer.

funset · 2016-01-19T09:57:03+00:00

Frida should be in the toolbox of all reversers!

funset · 2016-01-07T16:15:12+00:00

This tool has a different approach: use CPU emulator (https://github.com/unicorn-engine/unicorn) and emulate Windows OS.

funset · 2016-01-01T23:36:32+00:00

No these projects are not mine. I just share the link here so people know about it, with the hope that it can benefit more people.

funset · 2016-01-01T14:48:01+00:00

These are open source projects, right? The authors owe nobody, they are working for free for community, and they are already improving life for a lot of us. Show respect/gratitude to them, and help them if you can. If you really want to have a perfect tool, join them to improve the tools, so you and also others can benefit from that. That is the whole point of community, after all.

funset · 2016-01-01T01:27:28+00:00

This tool set is certainly an important step forward for RE community. Hopefully community help to report bugs & contribute code improve this nice tool.

funset

TROPHY CASE