Search the Community
Showing results for tags 'engineering'.
-
OpenREIL is open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language). REIL was initially developed by Zynamics as part of their BinNavi framework, proprietary code analysis software written in Java. To learn more about REIL read the following documents: «REIL ? The Reverse Engineering Intermediate Language» (link) «The REIL language» (part 1, part 2, part 3, part 4) «Applications of the Reverse Engineering Language REIL» (PDF) «REIL: A platform-independent intermediate representation of disassembled code for static code analysis» (PDF) However, after Zynamics was acquired by Google they abandoned BinNavi, so, I decided to develop my own implementation of REIL. I made it relatively small and portable in comparison with original, the translator itself is just a single library written in C++, it can be statically linked with any program for static or dynamic code analysis. The higher level API of OpenREIL is written in Python, so, it can be easily utilized in plugins and scripts for your favourite reverse engineering tool (almost all modern debuggers and disassemblers has Python bindings). OpenREIL is not a 100% compatible with Zynamics REIL, it has the same ideology and basics, but there's some changes in IR instruction set and representation of the traget hardware platform features. OpenREIL is based on my custom fork of libasmir ? IR translation library from old versions of BAP framework. I removed some 3-rd party dependencies of libasmir (libbfd, libopcodes) and features that irrelevant to translation itself (binary files parsing, traces processing, etc.), than I did some minor refactoring/bugfixes, switched to Capstone for instruction length disassembling and implemented BAP IR ? REIL translation logic on the top of libasmir. Because libasmir uses VEX (production-quality library, part of Valgrind), full code translation sequence inside of OpenREIL is looks as binary ? VEX IR ? BAP IR ? REIL. It's kinda ugly from engineering point of view, but it allows us to have a pretty robust and reliable support of all general instructions of x86. Current version of OpenREIL still has no support of other architectures, but I'm working on x86_64 and ARMv5. Please note, that currently OpenREIL is a far away from stable release, so, I don't recommend you to use it for any serious purposes. Link : https://github.com/Cr4sh/openreil
-
- code
- engineering
-
(and 3 more)
Tagged with:
-
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder. At the SyScan conference next month in Singapore, security researcher Jacob Torrey plans to present a new scheme he calls Hardened Anti-Reverse Engineering System, or HARES. Torrey’s method encrypts software code such that it’s only decrypted by the computer’s processor at the last possible moment before the code is executed. This prevents reverse engineering tools from reading the decrypted code as it’s being run. The result is tough-to-crack protection from any hacker who would pirate the software, suss out security flaws that could compromise users, and even in some cases understand its basic functions. “This makes an application completely opaque,” says Torrey, who works as a researcher for the New York State-based security firm Assured Information Security. “It protects software algorithms from reverse engineering, and it prevents software from being mined for vulnerabilities that can be turned into exploits.” A company like Adobe or Autodesk might use HARES as a sophisticated new form of DRM to protect their pricey software from being illegally copied. On the other hand, it could also mean the start of a new era of well-armored criminal or espionage malware that resists any attempt to determine its purpose, figure out who wrote it, or develop protections against it. As notable hacker the Grugq wrote on twitter when Torrey’s abstract was posted to SyScan’s schedule, HARES could mean the “end of easy malware analysis. ” To keep reverse engineering tools in the dark, HARES uses a hardware trick that’s possible with Intel and AMD chips called a Translation Lookaside Buffer (or TLB) Split. That TLB Split segregates the portion of a computer’s memory where a program stores its data from the portion where it stores its own code’s instructions. HARES keeps everything in that “instructions” portion of memory encrypted such that it can only be decrypted with a key that resides in the computer’s processor. (That means even sophisticated tricks like a “cold boot attack,” which literally freezes the data in a computer’s RAM, can’t pull the key out of memory.) When a common reverse engineering tool like IDA Pro reads the computer’s memory to find the program’s instructions, that TLB split redirects the reverse engineering tool to the section of memory that’s filled with encrypted, unreadable commands. “You can specifically say that encrypted memory shall not be accessed from other regions that aren’t encrypted,” says Don Andrew Bailey, a well-known security researcher for Lab Mouse Security, who has reviewed Torrey’s work. Many hackers begin their reverse engineering process with a technique called “fuzzing.” Fuzzing means they enter random data into the program in the hopes of causing it to crash, then analyze those crashes to locate more serious exploitable vulnerabilities. But Torrey says that fuzzing a program encrypted with HARES would render those crashes completely unexplainable. “You could fuzz a program, but even if you got a crash, you wouldn’t know what was causing it,” he says. “It would be like doing it blindfolded and drunk.” “IMAGINE TRYING TO FIGURE OUT WHAT STUXNET DID IF YOU COULDN’T LOOK AT IT.” Torrey says he intends HARES to be used for protection against hacking—not for creating mysterious malware that can’t be dissected. But he admits that if HARES works, it will be adopted for offensive hacking purposes, too. “Imagine trying to figure out what Stuxnet did if you couldn’t look at it,” he says. “I think this will change how [nation-state] level malware can be reacted to.” HARES’s protections aren’t quite invincible. Any program that wants to use its crypto trick needs to somehow place a decryption key in a computer’s CPU when the application is installed. In some cases, a super-sophisticated reverse engineer could intercept that key and use it to read the program’s hidden commands. But snagging the key would require him or her to plan ahead, with software that’s ready to look for it. And in some cases where software comes pre-installed on a computer, the key could be planted in the CPU ahead of time by an operating system maker like Apple or Microsoft to prevent its being compromised. “There are some concerns with this from a technical point of view,” says Bailey. “But it’s way better than anything we have out there now.” Another way to crack HARES’ encryption, says Torrey, would be to take advantage of a debugging feature in some chips. That feature allows a hardware device between the chip and the motherboard to read every command the processor executes. But taking advantage of that feature requires a five-figure-priced JTAG debugger, not a device most reverse engineers tend to have lying around. “It’s pretty high level stuff,” he says. “Obviously nation states will have these things, but probably not very many others.” Torrey notes that it may someday be possible to encrypt a program’s code in a way that its instructions can run without ever being decrypted—making software that’s truly unhackable. But such a system, known as “fully homomorphic encryption,” is still largely theoretical. It currently makes computer processes take millions of times longer than they would without encryption. HARES slows down the programs it protects by only about 2 percent. “Fully homomorphic encryption is the holy grail, but it’s an academic math problem,” Torrey says. “This is something you can stick on your existing computer to protect your existing software.” Torrey developed HARES’s TLB split trick with funding in 2013 from Darpa’s Cyber Fast Track program. He plans to release the project’s code not at March’s SyScan conference, but possibly the next month at the Infiltrate security conference in Miami. Torrey says that he wouldn’t be surprised, however, if coders determine from his March talk how to use HARES’s tricks and begin writing malware that’s far harder to decode. Give hackers an unencrypted hint or two, and they have a way of figuring out your secrets. Source
-
- engineering
- hares
-
(and 3 more)
Tagged with:
-
//deleted
- 3 replies
-
- engineering
- lulzerr
-
(and 2 more)
Tagged with:
-
" Decipher the unspoken vocabulary of body language. A tilt of the head, the crossing of legs, the buttoning and unbuttoning of a jacket, and other gestures can speak volumes about what a person is thinking or feeling. By learning to spot hidden emotional, social, and sexual messages, you can tell how a person is reacting to you, respond appropriately, andinfluence the outcome of any situation. Detect and send messages of friendliness and flirtation. Gain and maintain the upper hand in negotiations and arguments. Determine whether someone is lying, recognize boredom, and overcome defensiveness. By interpreting nonverbal behavior, you can improve your control over job interviews, business meetings, parties, chance encounters, and other everyday situations. " Am citit o buna parte din ea,si pot zice ca e bine structurata si contine informatii destul de utile pentru viata de zi cu zi dar si pentru un bun 'social engineer' download: how_to_read_a_person_like_a_book.pdf
- 7 replies
-
- book
- engineering
-
(and 3 more)
Tagged with: