Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 11/24/20 in all areas

  1. Ma certi ? : ) postez ce consider necesar pentru a-mi fundamenta sau detalia o idee, nu vii tu. un necunoscut random. sa trasezi directive la ce putem scrie sau nu.. esti cumva vreun admin pe aici si nu stiam? ti-am dat block, nu te deranja sa-mi raspunzi Ignora-mi postarile pe viitor, te rog. Multam
    2 points
  2. @Cristin arduino , ir sensor, (recomand asta daca nu le ai cu codingul asa tare si vrei totul mura in gura ) https://create.arduino.cc/projecthub/Raushancpr/arduino-with-ir-sensor-1579b6 rasbery pi, ir sensor ( daca stii ceva python) https://circuitdigest.com/microcontroller-projects/raspberry-pi-ir-sensor-tutorial
    1 point
  3. Introduction A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers. The customer had pcaps and a hypervisor snapshot of the system on the moment it was compromised. We started wondering if it was possible to decrypt the SSH session and gain knowledge of it by recovering key material from the memory snapshot. In this blogpost I will cover the research I have done into OpenSSH and release some tools to dump OpenSSH session keys from memory and decrypt and parse sessions in combinarion with pcaps. I have also submitted my research to the 2020 Volatility framework plugin contest. SSH Protocol Firstly, I started reading up on OpenSSH and its workings. Luckily, OpenSSH is opensource so we can easily download and read the implementation details. The RFC’s, although a bit boring to read, were also a wealth of information. From a high level overview, the SSH protocol looks like the following: SSH protocol + software version exchange Algorithm negotiation (KEX INIT) Key exchange algorithms Encryption algorithms MAC algorithms Compression algorithms Key Exchange User authentication Client requests a channel of type “session” Client requests a pseudo terminal Client interacts with session Starting at the begin, the client connects to the server and sends the protocol version and software version: SSH-2.0-OpenSSH_8.3. The server responds with its protocol and software version. After this initial protocol and software version exchange, all traffic is wrapped in SSH frames. SSH frames exist primarily out of a length, padding length, payload data, padding content, and MAC of the frame. An example SSH frame: Example SSH Frame parsed with dissect.cstruct Before an encryption algorithm is negotiated and a session key is generated the SSH frames will be unencrypted, and even when the frame is encrypted, depending on the algorithm, parts of the frame may not be encrypted. For example aes256-gcm will not encrypt the 4 bytes length in the frame, but chacha20-poly1305 will. Next up the client will send a KEX_INIT message to the server to start negotiating parameters for the session like key exchange and encryption algorithm. Depending on the order of those algorithms the client and server will pick the first preferred algorithm that is supported by both sides. Following the KEX_INIT message, several key exchange related messages are exchanged after which a NEWKEYS messages is sent from both sides. This message tells the other side everything is setup to start encrypting the session and the next frame in the stream will be encrypted. After both sides have taken the new encryption keys in effect, the client will request user authentication and depending on the configured authentication mechanisms on the server do password/ key/ etc based authentication. After the session is authenticated the client will open a channel, and request services over that channel based on the requested operation (ssh/ sftp/ scp etc). Recovering the session keys The first step in recovering the session keys was to analyze the OpenSSH source code and debug existing OpenSSH binaries. I tried compiling OpenSSH myself, logging the generated session keys somewhere and attaching a debugger and searching for those in the memory of the program. Success! Session keys were kept in memory on the heap. Some more digging into the source code pointed me to the functions responsible for sending and recieving the NEWKEYS frame. I discovered there is a “ssh” structure which stores a “session_state” structure. This structure in turn holds all kinds of information related to the current SSH session inluding a newkeys structure containing information relating the encryption, mac and compression algorithm. One level deeper we finally find the “sshenc” structure holding the name of the cipher, the key, IV and the block length. Everything we need! A nice overview of the structure in OpenSSH is shown below: SSHENC Structure and relations And the definition of the sshenc structure: SSHENC Structure It’s difficult to find the key itself in memory (it’s just a string of random bytes), but the sshenc (and other) structures are more distinct, having some properties we can validate against. We can then scrape the entire memory address space of the program and validate each offset against these constraints. We can check for the following properties: name, cipher, key and iv members are valid pointers The name member points to a valid cipher name, which is equal to cipher->name key_len is within a valid range iv_len is within a valid range block_size is within a valid range If we validate against all these constraints we should be able to reliably find the sshenc structure. I started of building a POC Python script which I could run on a live host which attaches to processes and scrapes the memory for this structure. The source code for this script can be found here. It actually works rather well and outputs a json blob for each key found. So I demonstrated that I can recover the session keys from a live host with Python and ptrace, but how are we going to recover them from a memory snapshot? This is where Volatility comes into play. Volatility is a memory forensics framework written in Python with the ability to write custom plugins. And with some efforts, I was able to write a Volatility 2 plugin and was able to analyze the memory snapshot and dump the session keys! For the Volatility 3 plugin contest I also ported the plugin to Volatility 3 and submitted the plugin and research to the contest. Fingers crossed! Volatility 2 SSH Session Key Dumper output Decrypting and parsing the traffic The recovery of the session keys which are used to encrypt and decrypt the traffic was succesfull. Next up is decrypting the traffic! I started parsing some pcaps with pynids, a TCP parsing and reassembly library. I used our in-house developed dissect.cstruct library to parse data structures and developed a parsing framework to parse protocols like ssh. The parsing framework basically feeds the packets to the protocol parser in the correct order, so if the client sends 2 packets and the server replies with 3 packets the packets will also be supplied in that same order to the parser. This is important to keep overall protocol state. The parser basically consumes SSH frames until a NEWKEYS frame is encountered, indicating the next frame is encrypted. Now the parser peeks the next frame in the stream from that source and iterates over the supplied session keys, trying to decrypt the frame. If successful, the parser installs the session key in the state to decrypt the remaining frames in the session. The parser can handle pretty much all encryption algorithms supported by OpenSSH. The following animation tries to depict this process: SSH Protocol Parsing And finally the parser in action, where you can see it decrypts and parses a SSH session, also exposing the password used by the user to authenticate: Example decrypted and parsed SSH session Conclusion So to sum up, I researched the SSH protocol, how session keys are stored and kept in memory for OpenSSH, found a way to scrape them from memory and use them in a network parser to decrypt and parse SSH sessions to readable output. The scripts used in this research can be found here: Standalone Python POC to dump SSH session keys Volatility 2 plugin Volatility 3 plugin The SSH Protocol Parser A potential next step or nice to have would be implementing this decrypter and parser into Wireshark. Final thoughts Funny enough, during my research I also came across these commented lines in the ssh_set_newkeys function in the OpenSSH source. How ironic! If these lines were uncommented and compiled in the OpenSSH binaries this research would have been much harder.. OpenSSH source code snippet References https://fossies.org/dox/openssh-8.4p1/structssh.html https://fossies.org/dox/openssh-8.4p1/structsshenc.html sursa: https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
    1 point
  4. Unde ai intampinat dificulati?
    1 point
  5. Ideea nu e sa se vaccineze lumea, ci sa cumpere tarile vaccinurile plus dispozitive frigorifice. cha-ching!!!
    1 point
  6. Change Log Ghidra v9.2 (November 2020) New Features Graphing. A new graph service and implementation was created. The graph service provides basic graphing capabilities. It was also used to generate several different types of graphs including code block graphs, call graphs, and AST graphs. In addition, an export graph service was created that supports various formats. (GP-211) PDB. Added a new, prototype, platform-independent PDB analyzer that processes and applies data types and symbols to a program from a raw (non-XML-converted) PDB file, allowing users to more easily take advantage of PDB information. (GT-3112) Processors. Added M8C SLEIGH processor specification. (GT-3052) Processors. Added support for the RISC-V processor. (GT-3389, Issue #932) Processors. Added support for the Motorola 6809 processor. (GT-3390, Issue #1201) Processors. Added CP1600-series processor support. (GT-3426, Issue #1383) Processors. Added V850 processor module. (GT-3523, Issue #1430) Improvements Analysis. Increased the speed of the Embedded Media Analyzer, which was especially poor for large programs, by doing better checking and reducing the number of passes over the program. (GT-3258) Analysis. Improved the performance of the RTTI analyzer. (GT-3341, Issue #10) Analysis. The handling of Exception records found in GCC-compiled binaries has been sped up dramatically. In addition, incorrect code disassembly has been corrected. (GT-3374) Analysis. Updated Auto-analysis to preserve work when encountering recoverable exceptions. (GT-3599) Analysis. Improved efficiency when creating or checking for functions and namespaces which overlap. (GP-21) Analysis. Added partial support of Clang for Windows. (GP-64) Analysis. RTTI structure processing speed has been improved with a faster technique for finding the root RTTI type descriptor. (GP-168, Issue #2075) API. The performance of adding large numbers of data types to the same category has been improved. (GT-3535) API. Added the BigIntegerNumberInputDialog that allows users to enter integer values larger than Integer.MAX_VALUE (2147483647). (GT-3607) API. Made JSON more available using GSON. (GP-89, Issue #1982) Basic Infrastructure. Introduced an extension point priority annotation so users can control extension point ordering. (GT-3350, Issue #1260) Basic Infrastructure. Changed file names in launch.bat to always run executables from System32. (GT-3614, Issue #1599) Basic Infrastructure. Unknown platforms now default to 64-bit. (GT-3615, Issue #1499) Basic Infrastructure. Updated sevenzipjbinding library to version 16.02-2.01. (GP-254) Build. Ghidra's native Windows binaries can now be built using Visual Studio 2019. (GT-3277, Issue #999) Build. Extension builds now exclude gradlew artifacts from zip file. (GT-3631, Issue #1763) Build. Reduced the number of duplicated help files among the build jar files. (GP-57, Issue #2144) Build. Git commit hash has been added to application.properties file for every build (not just releases). (GP-67) Contrib. Extensions are now installed to the user's settings directory, not the Ghidra installation directory. (GT-3639, Issue #1960) Data Types. Added mutability data settings (constant, volatile) for Enum datatype. (GT-3415) Data Types. Improved Structure Editor's Edit Component action to work on array pointers. (GP-205, Issue #1633) Decompiler. Added Secondary Highlights to the Decompiler. This feature allows the user to create a highlight for a token to show all occurrences of that token. Further, multiple secondary highlights are allowed at the same time, each using a unique color. See the Decompiler help for more information. (GT-3292, Issue #784) Decompiler. Added heuristics to the Decompiler to better distinguish whether a constant pointer refers to something in the CODE or DATA address space, for Harvard architectures. (GT-3468) Decompiler. Improved Decompiler analysis of local variables with small data types, eliminating unnecessary casts and mask operations. (GT-3525) Decompiler. Documentation for the Decompiler, accessible from within the Code Browser, has been rewritten and extended. (GP-166) Decompiler. The Decompiler can now display the namespace path (or part of it) of symbols it renders. With the default display configuration, the minimal number of path elements necessary are printed to fully resolve the symbol within the current scope. (GP-236) Decompiler. The Decompiler now respects the Charset and Translate settings for string literals it displays. (GP-237) Decompiler. The Decompiler's analysis of array accesses is much improved. It can detect more and varied access patterns produced by optimized code, even if the base offset is not contained in the array. Multi-dimensional arrays are detected as well. (GP-238, Issue #461, #1348) Decompiler. Extended the Decompiler's support for analyzing class methods. The class data type is propagated through the this pointer even in cases where the full prototype of the method is not known. The methods isThisPointer() and isHiddenReturn() are now populated in HighSymbol objects and are accessible in Ghidra scripts. (GP-239, Issue #2151) Decompiler. The Decompiler will now infer a string pointer from a constant that addresses the interior of a string, not just the beginning. (GP-240, Issue #1502) Decompiler. The Decompiler now always prints the full precision of floating-point values, using the minimal number of characters in either fixed point or scientific notation. (GP-241, Issue #778) Decompiler. The Decompiler's Auto Create Structure command now incorporates into new structures data-type information from function prototypes. The Auto Fill in Structure variant of the command will override undefined and other more general data-types with discovered data-types if they are more specific. (GP-242) Demangler. Modified Microsoft Demangler (MDMang) to handle symbols represented by MD5 hash codes when their normal mangled length exceeds 4096. (GT-3409, Issue #1344) Demangler. Upgraded the GNU Demangler to version 2.33.1. Added support for the now-deprecated GNU Demangler version 2.24 to be used as a fallback option for demangling. (GT-3481, Issue #1195, #1308, #1451, #1454) Demangler. The Demangler now more carefully applies information if generic changes have been made. Previously if the function signature had changed in any way from default, the demangler would not attempt to apply any information including the function name. (GP-12) Demangler. Changed MDMang so cast operator names are complete within the qualified function name, effecting what is available from internal API. (GP-13) Demangler. Added additional MDMang Extended Types such as char8_t, char16_t, and char32_t. (GP-14) Documentation. Removed Eclipse BuildShip instructions from the DevGuide. (GT-3634, Issue #1735) FID. Regenerated FunctionID databases. Added support for Visual Studio versions 2017 and 2019. (GP-170) Function Diff. Users may now add functions ad-hoc to existing function comparison panels. (GT-2229) Function Graph. Added Navigation History Tool option for Function Graph to signal it to produce fewer navigation history entries. (GT-3233, Issue #1115) GUI. Users can now view the Function Tag window to see all functions associated with a tag, without having to inspect the Listing. (GT-3054) GUI. Updated the Copy Special action to work on the current address when there is no selection. (GT-3155, Issue #1000) GUI. Significantly improved the performance of filtering trees in the Ghidra GUI. (GT-3225) GUI. Added many optimizations to increase the speed of table sorting and filtering. (GT-3226, Issue #500) GUI. Improved performance of bit view component recently introduced to Structure Editor. (GT-3244, Issue #1141) GUI. Updated usage of timestamps in the UI to be consistent. (GT-3286) GUI. Added tool actions for navigating to the next/previous functions in the navigation history. (GT-3291, Issue #475) GUI. Filtering now works on all tables in the Function Tag window. (GT-3329) GUI. Updated the Ghidra File Chooser so that users can type text into the list and table views in order to quickly jump to a desired file. (GT-3396) GUI. Improved the performance of the Defined Strings table. (GT-3414, Issue #1259) GUI. Updated Ghidra to allow users to set a key binding to perform an equivalent operation to double-clicking the XREF field in the Listing. See the Show Xrefs action in the Tool Options... Key Bindings section. (GT-3446) GUI. Improved mouse wheel scrolling in Listing and Byte Viewers. (GT-3473) GUI. Ghidra's action context mechanism was changed so that actions that modify the program are not accidentally invoked in the wrong context, thus possibly modifying the program in ways the user did not want or without the user knowing that it happened. This also fixed an issue where the navigation history drop-down menu did not represent the locations that would be used if the next/previous buttons were pressed. (GT-3485) GUI. Updated Ghidra tables to defer updating while analysis is running. (GT-3604) GUI. Updated Font Size options to allow the user to set any font size. (GT-3606, Issue #160, #1541) GUI. Added ability to overlay text on an icon. (GP-41) GUI. Updated Ghidra options to allow users to clear default key binding values. (GP-61, Issue #1681) GUI. ToggleDirectionAction button now shows in snapshot windows. (GP-93) GUI. Added a new action to the Symbol Tree to allow users to convert a Namespace to a Class. (GP-225, Issue #2301) Importer. Updated the XML Loader to parse symbol names for namespaces. (GT-3293) Importer:ELF. Added support for processing Android packed ELF Relocation Tables. (GT-3320, Issue #1192) Importer:ELF. Added ELF import opinion for ARM BE8. (GT-3642, Issue #1187) Importer:ELF. Added support for ELF RELR relocations, such as those produced for Android. (GP-348) Importer:MachO. DYLD Loader can now load x86_64 DYLD from macOS. (GT-3611, Issue #1566) Importer:PE. Improved parsing of Microsoft ordinal map files produced with DUMPBIN /EXPORTS (see Ghidra/Features/Base/data/symbols/README.txt). (GT-3235) Jython. Upgraded Jython to version 2.7.2. (GP-109) Listing. In the PCode field of the Listing, accesses of varnodes in the unique space are now always shown with the size of the access. Fixed bug which would cause the PCode emulator to reject valid pcode in rare instances. (GP-196) Listing:Data. Improved handling and display of character sequences embedded in operands or integer values. (GT-3347, Issue #1241) Multi-User:Ghidra Server. Added ability to specify initial Ghidra Server user password (-a0 mode only) for the svrAdmin add and reset commands. (GT-3640, Issue #321) Processors. Updated AVR8 ATmega256 processor model to reflect correct memory layout specification. (GT-933) Processors. Implemented semantics for vstmia/db vldmia/db, added missing instructions, and fixed shift value for several instructions for the ARM/Thumb NEON instruction set. (GT-2567) Processors. Added the XMEGA variant of the AVR8 processor with general purpose registers moved to a non-memory-mapped register space. (GT-2909) Processors. Added support for x86 SALC instruction. (GT-3367, Issue #1303) Processors. Implemented pcode for 6502 BRK instruction. (GT-3375, Issue #1049) Processors. Implemented x86 PTEST instruction. (GT-3380, Issue #1295) Processors. Added missing instructions to ARM language module. (GT-3394) Processors. Added support for RDRAND and RDSEED instructions to x86-32. (GT-3413) Processors. Improved x86 breakpoint disassembly. (GT-3421, Issue #872) Processors. Added manual index file for the M6809 processor. (GT-3449, Issue #1414) Processors. Corrected issues related to retained instruction context during a language upgrade. In some rare cases this retained context could interfere with the instruction re-disassembly. This context-clearing mechanism is controlled by a new pspec property: resetContextOnUpgrade. (GT-3531) Processors. Updated PIC24/PIC30 index file to match latest manual. Added support for dsPIC33C. (GT-3562) Processors. Added missing call-fixup to handle call side-effects for 32 bit gcc programs for get_pc_thunk.ax/si. (GP-10) Processors. Added ExitProcess to PEFunctionsThatDoNotReturn. (GP-35) Processors. External Disassembly field in the Listing now shows Thumb disassembly when appropriate TMode context has been established on a memory location. (GP-49) Processors. Changed RISC-V jump instructions to the more appropriate goto instead of call. (GP-54, Issue #2120) Processors. Updated AARCH64 to v8.5, including new MTE instructions. (GP-124) Processors. Added support for floating point params and return for SH4 processor calling conventions. (GP-183, Issue #2218) Processors. Added semantic support for many AARCH64 neon instructions. Addresses for register lanes are now precalculated, reducing the amount of p-code generated. (GP-343) Processors. Updated RISCV processor to include reorganization, new instructions, and fixes to several instructions. (GP-358, Issue #2333) Program API. Improved multi-threaded ProgramDB access performance. (GT-3262) Scripting. Improved ImportSymbolScript.py to import functions in addition to generic labels. (GT-3249, Issue #946) Scripting. Python scripts can now call protected methods from the GhidraScript API. (GT-3334, Issue #1250) Scripting. Updated scripting feature with better change detection, external jar dependencies, and modularity. (GP-4) Scripting. Updated the GhidraDev plugin (v2.1.1) to support Python Debugging when PyDev is installed via the Eclipse dropins directory. (GP-186, Issue #1922) Sleigh. Error messages produced by the SLEIGH compiler have been reformatted to be more consistent in layout as well as more descriptive and more consistent in providing line number information. (GT-3174) Bugs Analysis. Function start patterns found at 0x0, function signatures applied from the Data Type Manager at 0x0, and DWARF debug symbols applied at 0x0 will no longer cause stack traces. In addition, DWARF symbols with zero length address range no longer stack trace. (GT-2817, Issue #386, #1560) Analysis. Constant propagation will treat an OR with zero (0) as a simple copy. (GT-3548, Issue #1531) Analysis. Corrected Create Structure from Selection, which failed to use proper data organization during the construction process. This could result in improperly sized components such as pointers and primitive types. (GT-3587) Analysis. Fixed an issue where stored context is initializing the set of registers constantly. (GP-25) Analysis. Fixed an RTTI Analyzer regression when analyzing RTTI0 structures with no RTTI4 references to them. (GP-62, Issue #2153) Analysis. Fixed an issue where the RTTI analyzer was not filling out RTTI3 structures in some cases. (GP-111) API. Fixed NullPointerException when attempting to delete all bookmarks from a script. (GT-3405) API. Updated the Class Searcher so that Extension Points found in the Ghidra/patch directory get loaded. (GT-3547, Issue #1515) Build. Updated dependency fetch script to use HTTPS when downloading CDT. (GP-69, Issue #2173) Build. Fixed resource leak in Ghidra jar builder. (GP-342) Byte Viewer. Fixed Byte Viewer to correctly load the middle-mouse highlight color options change. (GT-3471, Issue #1464, #1465) Data Types. Fixed decoding of static strings that have a character set with a smaller character size than the platform's character size. (GT-3333, Issue #1255) Data Types. Correctly handle Java character sets that do not support the encoding operation. (GT-3407, Issue #1358) Data Types. Fixed bug that caused Data Type Manager Editor key bindings to get deleted. (GT-3411, Issue #1355) Data Types. Updated the DataTypeParser to handle data type names containing templates. (GT-3493, Issue #1417) Data Types. Corrected pointer data type isEquivalent() method to properly check the equivalence of the base data type. The old implementation could cause a pointer to be replaced by a conflicting pointer with the same name whose base datatype is not equivalent. This change has a negative performance impact associated with it and can cause additional conflict datatypes due to the rigid datatype relationships. (GT-3557) Data Types. Improved composite conflict resolution performance and corrected composite merge issues when composite bitfields and/or flexible arrays are present. (GT-3571) Data Types. Fixed bug in SymbolPathParser naive parse method that caused a less-than-adequate fall-back parse when angle bracket immediately followed the namespace delimiter. (GT-3620) Data Types. Corrected size of long for AARCH64 per LP64 standard. (GP-175) Decompiler. Fixed bug causing the Decompiler to miss symbol references when they are stored to the heap. (GT-3267) Decompiler. Fixed bug in the Decompiler that caused Deleting op with descendants exception. (GT-3506) Decompiler. Decompiler now correctly compensates for integer promotion on shift, division, and remainder operations. (GT-3572) Decompiler. Fixed handling of 64-bit implementations of alloca_probe in the Decompiler. (GT-3576) Decompiler. Default Decompiler options now minimize the risk of losing code when renaming or retyping variables. (GT-3577) Decompiler. The Decompiler no longer inherits a variable name from a subfunction if that variable incorporates additional data-flow unrelated to the subfunction. (GT-3580) Decompiler. Fixed the Decompiler Override Signature action to be enabled on the entire C-code statement. (GT-3636, Issue #1589) Decompiler. Fixed frequent ClassCast and IllegalArgument exceptions when performing Auto Create Structure or Auto Create Class actions in the Decompiler. (GP-119) Decompiler. Fixed a bug in the Decompiler that caused different variables to be assigned the same name in rare instances. (GP-243, Issue #1995) Decompiler. Fixed a bug in the Decompiler that caused PTRSUB off of non-pointer type exceptions. (GP-244, Issue #1826) Decompiler. Fixed a bug in the Decompiler that caused load operations from volatile memory to be removed as dead code. (GP-245, Issue #393, #1832) Decompiler. Fixed a bug causing the Decompiler to miss a stack alias if its offset was, itself, stored on the stack. (GP-246) Decompiler. Fixed a bug causing the Decompiler to lose Equate references to constants passed to functions that were called indirectly. (GP-247) Decompiler. Addressed various situations where the Decompiler unexpectedly removes active instructions as dead code after renaming or retyping a stack location. If the location was really an array element or structure field, renaming forced the Decompiler to treat the location as a distinct variable. Subsequently, the Decompiler thought that indirect references based before the location could not alias any following stack locations, which could then by considered dead. As of the 9.2 release, the Decompiler's renaming action no longer switches an annotation to forcing if it wasn't already. A retyping action, although it is forcing, won't trigger alias blocking for atomic data-types (this is configurable). (GP-248, Issue #524, #873) Decompiler. Fixed decompiler memory issues reported by a community security researcher. (GP-267) Decompiler. Fix for Decompiler error: Pcode: XML comms: Missing symref attribute in <high> tag. (GP-352, Issue #2360) Decompiler. Fixed bug preventing the Decompiler from seeing Equates attached to compare instructions. (GP-369, Issue #2386) Demangler. Fixed the GnuDemangler to parse the full namespace for operator symbols. (GT-3474, Issue #1441, #1448) Demangler. Fixed numerous GNU Demangler parsing issues. Most notable is the added support for C++ Lambda functions. (GT-3545, Issue #1457, #1569) Demangler. Updated the GNU Demangler to correctly parse and apply C++ strings using the unnamed type syntax. (GT-3645) Demangler. Fixed duplicate namespace entry returned from getNamespaceString() on DemangledVariable. (GT-3646, Issue #1729) Demangler. Fixed a GnuDemangler ClassCastException when parsing a typeinfo string containing operator text. (GP-160, Issue #1870, #2267) Demangler. Added stdlib.h include to the GNU Demangler to fix a build issue on some systems. (GP-187, Issue #2294) DWARF. Corrected DWARF relocation handling where the address image base adjustment was factored in twice. (GT-3330) File Formats. Fixed a potential divide-by-zero exception in the EXT4 file system. (GT-3400, Issue #1342) File Formats. Fixed date and time parsing of dates in cdrom iso9660 image files. (GT-3451, Issue #1403) Graphing. Fixed a ClassCastException sometimes encountered when performing Select -> Scoped Flow -> Forward Scoped Flow. (GP-180) GUI. Fixed inconsistent behavior with the interactive python interpreter's key bindings. (GT-3282) GUI. Fixed Structure Editor bug that prevented the F2 Edit action from editing the correct table cell after using the arrow keys. (GT-3308, Issue #703) GUI. Updated the Structure Editor so the Delete action is put into a background task to prevent the UI from locking. (GT-3352) GUI. Fixed IndexOutOfBoundsException when invoking column filter on Key Bindings table. (GT-3445) GUI. Fixed the analysis log dialog to not consume all available screen space. (GT-3610) GUI. Fixed issue where Location column, when used in the column filters, resulted in extraneous dialogs popping up. (GT-3623) GUI. Fixed Data Type Preview copy action so that newlines are preserved; updated table export to CSV to escape quotes and commas. (GT-3624) GUI. Fixed tables in Ghidra to copy the text that is rendered. Some tables mistakenly copied the wrong value, such as the Functions Table's Function Signature Column. (GT-3629, Issue #1628) GUI. Structure editor name now updates in title bar and tab when structure is renamed. (GP-19) GUI. Fixed an issue where drag-and-drop import locks the Windows File Explorer source window until the import dialog is closed by the user. (GP-27) GUI. Fixed an issue in GTreeModel where fireNodeChanged had no effect. This could result in stale node information and truncation of the text associated with a node in a GTree. (GP-30) GUI. Fixed an issue where the file chooser directory list truncated filenames with ellipses on HiDPI Windows. (GP-31) GUI. Fixed an uncaught exception when double-clicking on UndefinedFunction_ in Decompiler window. (GP-40) GUI. Updated error handling to only show one dialog when a flurry of errors is encountered. (GP-65, Issue #2185) GUI. Fixed an issue where Docking Windows are restored incorrectly if a snapshot is present. (GP-92) GUI. Fixed a File Chooser bug causing a NullPointerException for some users. (GP-171, Issue #1706) GUI. Fixed an issue that caused the script progress bar to appear intermittently. (GP-179, Issue #1819) GUI. Fixed a bug that caused Call Tree nodes to go missing when showing more than one function with the same name. (GP-213, Issue #1682) GUI:Project Window. Fixed Front End copy action to allow for the copy of program names so that users can paste those names into external applications. (GT-3403, Issue #1257) Headless. Headless Ghidra now properly honors the -processor flag, even if the specified processor is not a valid opinion. (GT-3376, Issue #1311) Importer. Corrected an NeLoader flags parsing error. (GT-3381, Issue #1312) Importer. Fixed the File -> Add to Program... action to not show a memory conflict error when the user is creating an overlay. (GT-3491, Issue #1376) Importer. Updated the XML Importer to apply repeatable comments. (GT-3492, Issue #1423) Importer. Fixed issue in Batch Import where only one item of a selection was removed when attempting to remove a selection of items. (GP-138) Importer. Corrected various issues with processing crushed PNG images. (GP-146, Issue #1854, #1874, #1875, #2252) Importer. Fixed RuntimeException occurrence when trying to load NE programs with unknown resources. (GP-182, Issue #1596, #1713, #2012) Importer. Fixed batch import to handle IllegalArgumentExceptions thrown by loaders. (GP-227, Issue #2328) Importer:ELF. Corrected ELF relocation processing for ARM BE8 (mixed-endian). (GT-3527, Issue #1494) Importer:ELF. Corrected ELF relocation processing for R_ARM_PC24 (Type: 1) that was causing improper flow in ARM disassembly. (GT-3654) Importer:ELF. Corrected ELF import processing of DT_JMPREL relocations and markup of associated PLT entries. (GP-252, Issue #2334) Importer:PE. Fixed an IndexOutOfBoundsException in the PeLoader that occurred when the size of a section extends past the end of the file. (GT-3433, Issue #1371) Listing:Comments. Fixed bug in Comment field that prevented navigation when clicking on an address or symbol where tabs were present in the comment. (GT-3440) Memory. Fixed bug where sometimes random bytes are inserted instead of 0x00 when expanding a memory block. (GT-3465) Processors. Corrected the offset in SuperH instructions generated by sign-extending a 20-bit immediate value composed of two sub-fields. (GT-3251, Issue #1161) Processors. Fixed AVR8 addition/subtraction flag macros. (GT-3276) Processors. Corrected XGATE ROR instruction semantics. (GT-3278) Processors. Corrected semantics for SuperH movi20 and movi20s instructions. (GT-3337, Issue #1264) Processors. Corrected SuperH floating point instruction token definition. (GT-3340, Issue #1265) Processors. Corrected SuperH movu.b and movu.w instruction semantics. (GT-3345, Issue #1271) Processors. Corrected AVR8 lpm and elpm instruction semantics. (GT-3346, Issue #631) Processors. Corrected pcode for the 6805 BSET instruction. (GT-3366, Issue #1307) Processors. Corrected ARM constructors for instructions vnmla, vnmls, and vnmul. (GT-3368, Issue #1277) Processors. Corrected bit-pattern for ARM vcvt instruction. (GT-3369, Issue #1278) Processors. Corrected TriCore abs instructions. (GT-3379, Issue #1286) Processors. Corrected x86 BT instruction semantics. (GT-3423, Issue #1370) Processors. Fixed issue where CRC16C LOAD/STOR with abs20 were not mapped correctly. (GT-3529, Issue #1518) Processors. Fixed M68000 MOVE USP,x and MOVE x,USP opcodes. (GT-3594, Issue #1593) Processors. Fixed the ARM/Thumb TEQ instruction pcode to be an XOR. (GP-23, Issue #1802) Processors. Emulation was broken by a regression in version 9.1.2. Emulation and Sleigh Pcodetests now work correctly. (GP-24, Issue #1579) Processors. Fixed carry flag issue for 6502 CMP, CPX, and CPY instructions. (GP-34) Processors. Corrected the SuperH high-order bit calculation for the rotr instruction. (GP-47) Processors. Corrected ELF ARM relocation processing for type 3 (R_ARM_REL32) and added support for type 42 (R_ARM_PREL31). (GP-164, Issue #2261, #2276) Scripting. Moved Jython cache directory out of tmp. (GP-36) Scripting. Fixed a NoClassDefFoundError when compiling GhidraScript under JDK14. (GP-59, Issue #2152) Scripting. Fixed issues with null result when searching for the script directory. (GP-103, Issue #2187) Scripting. Fixed scripting issue where, if there were non-ASCII characters in the user path, Jython would not work. (GP-204, Issue #1890) Sleigh. Corrected IndexOutOfBoundsException in SLEIGH when doing simple assignment in disassembly actions block. (GT-3382, Issue #745) Symbol Tree. Fixed the Symbol Tree so that clicking an already-selected symbol node will still trigger a Listing navigation. (GT-3436, Issue #453) Symbol Tree. Fixed the Symbol Tree to not continuously rebuild while performing Auto-analysis. (GT-3542) Version Tracking. Fixed Version Tracking Create Manual Match action. (GT-3305, Issue #2215) Version Tracking. Fixed a NullPointerException encountered when changing the Version Tracking options for the Listing Code Comparison when no data was loaded. (GT-3437, Issue #1143) Version Tracking. Fixed Version Tracking exception triggered in the Exact Functions Instructions Match correlator encountered when the two functions being compared differed in their number of instructions. (GT-3438, Issue #1352) Sursa: https://ghidra-sre.org/releaseNotes_9.2.html
    1 point
  7. Nu se poate din punct de vedere fizic. Exista tehnologii de incarcare "wireless", in general de la distante mici, prin inductie, dar exista si dispozitive care se pot incarca de la undele electromagnetice din camp (e.g. radio). Se poate, tehnologia exista si se foloseste pentru senzori LowPower, dar acea incarcare e EXTREM de mica. Fie telefonul nu arata corect cata baterie are (cel mai probabil), fie (desi cred ca e cam mult) acel APK, daca avea privilegiile necesare, putea schimba in orice procent incarcarea bateriei (doar afisare, nu avea cum sa o incarce).
    1 point
  8. E cu dus si intors. Sa zicem sa sunt programator si dezvolt un crypter si vreau sa-l monetizez. Creez un website si un serviciu semi-automatizat. Totul e ok pana aici. Apoi postez pe hackforums si alte forumuri de genul, iar datele de contact sunt Jabber cu OTR. Adica asta vedem in fiecare zi la developerii legit, Jabber cu OTR. Sa fim seriosi acum! E cat se poate de clar ca oamenii vindeau si ofereau suport altora care se ocupau cu chestii ilegale. X user de pe forum programeaza un banking malware pe care il monetizeaza. El nu e responsabil, ci cei care l-au cumparat si-l folosesc, nu? Hai ma, ce naiba!
    1 point
  9. Conferinta: Eveniment Linkedin: 170 de participanti Eveniment Facebook: 68 de participanti Zoom participanti inregistrati: 204 Zoom participanti unici: 186 (fara speakers) Zoom participanti maxim online: 95 (fara speakers) Zoom medie participanti: 70-75 (intre 90+ si 50+) CTF: 15 challenges 80 users registered 45 teams registered 32 right submissions 137 wrong submissions Multumim tuturor celor care au participat, au contribuit sau au transmis mai departe despre eveniment si ne revedem anul viitor! Mie mi se pare ca a iesit bine pentru o prima editie.
    1 point
  10. subscriu, asa se fac miliardele $$$
    1 point
  11. Buna ziua, ma poate ajuta cineva in realizarea unui proiect practic cu tema: SISTEM DE ALARMA CU FASCICUL LASER SI PUSH-NOTIFICATIONS?
    0 points
×
×
  • Create New...