MastodonTech.de

Pico le CrocoPlayed N0PS CTF last week-end. This is my write-up, with images.<a href="https://piaille.fr/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#android</a> <a href="https://piaille.fr/tags/writeup" class="mention hashtag" rel="nofollow noopener" target="_blank">#writeup</a> <a href="https://piaille.fr/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTF</a> <a href="https://piaille.fr/tags/native" class="mention hashtag" rel="nofollow noopener" target="_blank">#native</a> <a href="https://piaille.fr/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#java</a> <a href="https://piaille.fr/tags/reverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverse</a> <a href="https://piaille.fr/tags/jeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#jeb</a> <a href="https://piaille.fr/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a>1/4

The Sinister PorpoiseSo how many have you used dogbolt.com to take apart someone's code and see (or C) what they are doing?<a href="https://mastodon.online/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://mastodon.online/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a>

BegasusIt's out! r2dec-js a decompiler plugin for radare2 (version 5.9.8) was just released, I already did a recipe to build it on Haiku, but finished this up and merged it at haikuports. You can now use this in Terminal or in the Iaito application.<a href="https://mastodon-belgium.be/tags/HaikuOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#HaikuOS</a> <a href="https://mastodon-belgium.be/tags/radare2" class="mention hashtag" rel="nofollow noopener" target="_blank">#radare2</a> <a href="https://mastodon-belgium.be/tags/radare" class="mention hashtag" rel="nofollow noopener" target="_blank">#radare</a> <a href="https://mastodon-belgium.be/tags/r2dec" class="mention hashtag" rel="nofollow noopener" target="_blank">#r2dec</a>-js <a href="https://mastodon-belgium.be/tags/Iaito" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iaito</a> <a href="https://mastodon-belgium.be/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://mastodon-belgium.be/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a>

:radare2: radare :verified:"AI-Powered Reverse Engineering: Decompiling Binaries with AI" <a href="https://www.youtube.com/watch?v=f9-fop5dttg" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=f9-fop5dttg</a> by <a href="https://bird.makeup/users/secfatal" class="u-url mention" rel="nofollow noopener" target="_blank">@secfatal</a> <a href="https://infosec.exchange/tags/llm" class="mention hashtag" rel="nofollow noopener" target="_blank">#llm</a> <a href="https://infosec.exchange/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://infosec.exchange/tags/radare2" class="mention hashtag" rel="nofollow noopener" target="_blank">#radare2</a>

cryptaxI'm surprised at how badly <a href="https://mastodon.social/tags/Ghidra" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ghidra</a> decompiles this very simple function.It's a syscall 0x57 which is unlink (remove a file).I'm surprised it decompiles saying it *returns 0x57* ...<a href="https://mastodon.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://mastodon.social/tags/syscall" class="mention hashtag" rel="nofollow noopener" target="_blank">#syscall</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

hubertfSpiegeln, Spiegeln an der Wand, wer ist der beste Decompiler im Land? Heute mal etwas mit dem neuen ghidra, angr-manager und IDA-Free gespielt... ich denke ich bleibe erstmal bei ghidra. <a href="https://mastodon.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://mastodon.social/tags/ghidra" class="mention hashtag" rel="nofollow noopener" target="_blank">#ghidra</a> <a href="https://mastodon.social/tags/ida" class="mention hashtag" rel="nofollow noopener" target="_blank">#ida</a> <a href="https://mastodon.social/tags/angr" class="mention hashtag" rel="nofollow noopener" target="_blank">#angr</a> <a href="https://mastodon.social/tags/angrmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#angrmanager</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/ctf" class="mention hashtag" rel="nofollow noopener" target="_blank">#ctf</a>

Joxean Koret (@matalaz)RULECOMPILE - Undocumented Ghidra decompiler rule language<a href="https://msm.lt/re/ghidra/rulecompile/" rel="nofollow noopener" translate="no" target="_blank">https://msm.lt/re/ghidra/rulecompile/</a><a href="https://mastodon.social/tags/Ghidra" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ghidra</a> <a href="https://mastodon.social/tags/Decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#Decompiler</a>

Eliot LashStiver, author of the <a href="https://social.coop/tags/Fernflower" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fernflower</a> <a href="https://social.coop/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> for <a href="https://social.coop/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#Java</a>, has passed away. His decompiler is used in tools such as <a href="https://social.coop/tags/IntelliJ" class="mention hashtag" rel="nofollow noopener" target="_blank">#IntelliJ</a> IDEA and <a href="https://social.coop/tags/minecraft" class="mention hashtag" rel="nofollow noopener" target="_blank">#minecraft</a> MCP for <a href="https://social.coop/tags/modding" class="mention hashtag" rel="nofollow noopener" target="_blank">#modding</a> projects. <a href="https://blog.jetbrains.com/idea/2024/11/in-memory-of-stiver/" rel="nofollow noopener" translate="no" target="_blank">https://blog.jetbrains.com/idea/2024/11/in-memory-of-stiver/</a><a href="https://social.coop/tags/MinecraftMod" class="mention hashtag" rel="nofollow noopener" target="_blank">#MinecraftMod</a> <a href="https://social.coop/tags/JVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#JVM</a> <a href="https://social.coop/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseEngineering</a> <a href="https://social.coop/tags/JetBrains" class="mention hashtag" rel="nofollow noopener" target="_blank">#JetBrains</a> <a href="https://social.coop/tags/IntelliJIDEA" class="mention hashtag" rel="nofollow noopener" target="_blank">#IntelliJIDEA</a>

Christian Ullenboom<a href="https://blog.jetbrains.com/idea/2024/11/in-memory-of-stiver/" rel="nofollow noopener" translate="no" target="_blank">https://blog.jetbrains.com/idea/2024/11/in-memory-of-stiver/</a> <a href="https://mas.to/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#java</a> <a href="https://mas.to/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://mas.to/tags/jvm" class="mention hashtag" rel="nofollow noopener" target="_blank">#jvm</a>

cryptaxI got decai (radare2's AI-assisted decompiler) to work with a local model, and tried it over a basic Caesar implementation in C and in Dart.To be honest, I think the conclusion is that the model I selected is not good enough ;) but <a href="https://mastodon.social/tags/r2ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#r2ai</a> and <a href="https://mastodon.social/tags/decai" class="mention hashtag" rel="nofollow noopener" target="_blank">#decai</a> are really great tools. Read my post to understand how to install, configure and use. Or RTFM :P<a href="https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9" rel="nofollow noopener" translate="no" target="_blank">https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9</a>many thanks to <a href="https://mastodon.social/@Pancake" class="u-url mention" rel="nofollow noopener" target="_blank">@Pancake</a> for his patience! "it's not working on my laptop", "try this then" etc<a href="https://mastodon.social/tags/radare2" class="mention hashtag" rel="nofollow noopener" target="_blank">#radare2</a> <a href="https://mastodon.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://mastodon.social/tags/dart" class="mention hashtag" rel="nofollow noopener" target="_blank">#dart</a> <a href="https://mastodon.social/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a>

Erik C. ThauvinVineflower 1.10.0 Released<a href="https://mastodon.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> <a href="https://mastodon.social/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#java</a> <a href="https://mastodon.social/tags/kotlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#kotlin</a><a href="https://github.com/Vineflower/vineflower/releases/tag/1.10.0?utm_medium=erik.in&utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank">https://github.com/Vineflower/vineflower/releases/tag/1.10.0?utm_medium=erik.in&utm_source=mastodon</a>

Renaud Lifchitz :verified:The rev.ng <a href="https://infosec.exchange/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> goes open <a href="https://infosec.exchange/tags/source" class="mention hashtag" rel="nofollow noopener" target="_blank">#source</a> <a href="https://rev.ng/blog/open-sourcing-renvg-decompiler-ui-closed-beta" rel="nofollow noopener" translate="no" target="_blank">https://rev.ng/blog/open-sourcing-renvg-decompiler-ui-closed-beta</a>

Renaud Lifchitz :verified:LLM4Decompile – Quand l’ <a href="https://infosec.exchange/tags/IA" class="mention hashtag" rel="nofollow noopener" target="_blank">#IA</a> se met à <a href="https://infosec.exchange/tags/d%C3%A9compiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#décompiler</a> du <a href="https://infosec.exchange/tags/binaire" class="mention hashtag" rel="nofollow noopener" target="_blank">#binaire</a> <a href="https://korben.info/llm4decompile-modele-decompilation-open-source-revolutionnaire.html" rel="nofollow noopener" translate="no" target="_blank">https://korben.info/llm4decompile-modele-decompilation-open-source-revolutionnaire.html</a>

datenwolfDoes anyone here have access to a IDA-Pro <a href="https://chaos.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> than can munch ARMv7LE? I got some binary blob here, that technically is subject to GPL-2, but hardware companies do as hardware companies do…I already have a good idea of what it does (some of it by conjecture, some of it by following the instruction stream). Ghidra does decompile it, but in places it comes up with "weird" interpretations, which I simply don't see in the machine code.Find blob and info here: <a href="https://dl.datenwolf.net/Dei4Hai3/binblob.zip" rel="nofollow noopener" translate="no" target="_blank">https://dl.datenwolf.net/Dei4Hai3/binblob.zip</a>

Joxean Koret (@matalaz)Optionally, if I have enough time and it proves to be really useful: use <a href="https://mastodon.social/tags/symbolic" class="mention hashtag" rel="nofollow noopener" target="_blank">#symbolic</a> <a href="https://mastodon.social/tags/execution" class="mention hashtag" rel="nofollow noopener" target="_blank">#execution</a> to determine if <a href="https://mastodon.social/tags/decompiled" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiled</a> code corresponds to original sources code. It doesn't look trivial at all, as codes written by humans tends to be much more verbose, logical, etc, than codes generated by compilers.In summary: it's hard to compare, say, humans written Abstract Syntax Trees against the <a href="https://mastodon.social/tags/AST" class="mention hashtag" rel="nofollow noopener" target="_blank">#AST</a> given by an optimising <a href="https://mastodon.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a> taking as input code optimised by a <a href="https://mastodon.social/tags/compiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#compiler</a>.

cryptaxI've published a blog post on reverse engineering Dart. This is the programming language used by Flutter.This is a specific point on a non-standard way Dart assembly performs routine calls. It explains why decompilers just don't get it right when it comes to Dart...<a href="https://medium.com/@cryptax/darts-custom-calling-convention-8aa96647dcc6" rel="nofollow noopener" target="_blank">https://medium.com/@cryptax/darts-custom-calling-convention-8aa96647dcc6</a><a href="https://mastodon.social/tags/Dart" class="mention hashtag" rel="nofollow noopener" target="_blank">#Dart</a> <a href="https://mastodon.social/tags/reverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverse</a>-engineering <a href="https://mastodon.social/tags/Flutter" class="mention hashtag" rel="nofollow noopener" target="_blank">#Flutter</a> <a href="https://mastodon.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a> <a href="https://mastodon.social/tags/ABI" class="mention hashtag" rel="nofollow noopener" target="_blank">#ABI</a> <a href="https://mastodon.social/tags/assembly" class="mention hashtag" rel="nofollow noopener" target="_blank">#assembly</a> <a href="https://mastodon.social/tags/disassembler" class="mention hashtag" rel="nofollow noopener" target="_blank">#disassembler</a> <a href="https://mastodon.social/tags/decompiler" class="mention hashtag" rel="nofollow noopener" target="_blank">#decompiler</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#decompiler