OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Friday, July 17 2009 09:58.44 CDT

Modified: Friday, July 17 2009 10:36.19 CDT

Direct Link, View / Make / Edit Comments

Some news on Aslan and BLOG issues

Author:

Piotr

# Views: 11718

For those who are interested:

The OPENRCE FEED reader seems to be not working correctly and posts from my original blog (outside one) are imported to OPENRCE usually with long delay. I have noticed Pedram about it but this issue stays unresolved.

I have recently updated my website with few articles and a little update for Aslan 4514N.

If anyone is interested here is my current blog:
http://blog.piotrbania.com

And here you can subscribe:
http://blog.piotrbania.com/feeds/posts/default

Some short post about Aslan and its new feature is available here:
http://blog.piotrbania.com/2009/07/aslan-4514n-binary-code-integrator.html

peace

Created: Wednesday, May 27 2009 10:28.00 CDT

Modified: Wednesday, May 27 2009 10:45.13 CDT

This is an imported entry. View original.

Direct Link

Some graphs

Author:

Piotr

# Views: 4865

While playing with MmmBop sometimes i was recording the transfers between basic blocks. I tried to produce some graphs from it to make a nice visualization, however it appears in a various cases ie. tElock, PESpin i have recorded so many egdes that GraphViz was unable to produce a correct graph. Tried few other things like Tulip, but it havent really worked either. One thing that actually worked was Walrus3D but the graphs are not really a good visualization for this example - IMHO. Anyway may be you will like following ones:

MmmBop tracing the unpacking process of UPX packed binary:

MmmBop tracing the unpacking process of tElock packed binary (Walrus as renderer here):

Created: Monday, May 25 2009 18:22.00 CDT

Modified: Monday, May 25 2009 18:22.39 CDT

This is an imported entry. View original.

Direct Link

PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

Author:

Piotr

# Views: 4688

ABSTRACT

Nowadays most of the malware applications are either packed or protected. This techniques are applied especially to evade signature based detectors and also to complicate the job of reverse engineers or security analysts. The time one must spend on unpacking or decrypting malware layers is often very long and in fact remains the most complicated task in the overall process of malware analysis. In this report author proposes MmmBop as a relatively new concept of using dynamic binary instrumentation techniques for unpacking and bypassing detection by self-modifying and highly aggressive packed binary code. MmmBop is able to deal with most of the known and unknown packing algorithms and it is also suitable to successfully bypass most of currently used anti-reversing tricks. [...]

Paper can be found at:
http://piotrbania.com/all/articles/pbania-dbi-unpacking2009.pdf

Created: Monday, May 18 2009 14:34.00 CDT

Modified: Monday, May 18 2009 14:37.15 CDT

This is an imported entry. View original.

Direct Link

Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)

Author:

Piotr

# Views: 4605

SpiderPig is a project created for performing and visualizing data flow analysis of a selected binary program. SpiderPig was created in the purpose of providing a tool which would be able to help vulnerability and security researchers with tracing and analyzing any necessary data and its further propagation. Such tasks are very often crucial in the vulnerability discovering/identifying process and typically require a lot of time consuming manual work. Following paper discusses methods and techniques implemented in SpiderPig in order to perform semi-automatic data flow analysis.

Paper is available here:
http://piotrbania.com/all/spiderpig/pbania-spiderpig2008.pdf

Simple video demo and some other things available on project website:
http://piotrbania.com/all/spiderpig/

Big thanks to Matt "skape" Miller and Julien Vanegue!

Created: Saturday, October 18 2008 20:08.00 CDT

Modified: Saturday, October 18 2008 20:42.10 CDT

This is an imported entry. View original.

Direct Link

The FALL

Author:

Piotr

# Views: 5809

Yesterday i saw a movie called "The FALL" and after seeing it i still wonder how come i havent found it before (since it appears it was already released(?) in 2006). It seems i have liked it so badly that i actually decided to drop a short note about it here. To be honest it is still haunting me :)

The Fall is one of the movies that you cant compare to any other. The movie was filmed in 28 different countries across the world for about 4 years and regarding what i have read the director spent his own money to finally realize it. The imaginery, photos, painting, music is a really gorgeus i cant even find a proper words to describe it. I even have no idea if the landscapes were real or just generated by computers. I should speak about the plot here but I dont want to spoil your potencial fun.

It is surely not a movie for everyone, but why not to give it a try?

Links:
1) Official trailer
2) Official movie website

Archived Entries for Piotr

Subject	# Views	Created On
Incoming...	2260	Monday, October 6 2008
Presenting Kon-Boot v1.0	2017	Tuesday, July 15 2008
Blah	2306	Thursday, March 20 2008
SpiderPig and The Childs.	3007	Tuesday, September 18 2007
Huh that was cool.	2652	Monday, September 17 2007
SpiderPig Memory Tracer	2814	Saturday, September 8 2007
Just two weeks more	3265	Saturday, June 16 2007
Gaara Disinfectors	2905	Sunday, June 3 2007
Gaara Disinfectors	2563	Sunday, June 3 2007
Car is almost done!	2369	Saturday, June 2 2007
GAARA Disinfector	2688	Saturday, June 2 2007
Car is almost done :)	1936	Saturday, June 2 2007
The Launch, Gaara and Aslan.	1316	Saturday, June 2 2007
The Piotr Bania Chronicles :)	2159	Saturday, June 2 2007
More on GAARA	3498	Friday, June 1 2007
ASLAN (4514N) PROJECT WEBSITE	1741	Friday, June 1 2007
Calculator Virus	1857	Thursday, May 31 2007
China Crafts Cyberweapons	1982	Wednesday, May 30 2007
How long your response from [email protected] takes?	3676	Monday, May 21 2007
Calculator things! First world's resident epo calc virus or sth :)	1691	Monday, May 21 2007
Some Winamp bugz.	2031	Friday, April 6 2007
Spring	2200	Sunday, April 1 2007
Boring. Boring.	3390	Wednesday, March 7 2007
Apple QuickTime Player Remote Heap Overflow	2288	Monday, March 5 2007
Some news	2689	Friday, February 16 2007
Bypassing Breakpoints with File "Streams"	2798	Tuesday, February 6 2007
www.tracingbug.com	2097	Friday, January 19 2007
Adobe Reader Remote Heap Memory Corruption	2312	Tuesday, January 9 2007
The Things They Didn't Tell You About the Debugging APIs	3154	Tuesday, December 26 2006
Beek :)	2115	Monday, December 25 2006
Best wishes.	2398	Friday, December 22 2006
Nice sounds	1659	Monday, December 11 2006
Integrated files	2577	Wednesday, November 15 2006
Guess who's back, back again!	1769	Tuesday, November 14 2006
Little request	1673	Friday, October 6 2006
Blump	1856	Tuesday, September 12 2006
DEFCON14	1879	Saturday, July 1 2006
Screenshots from something ;]	1386	Saturday, June 24 2006
Holiday, Holydays	1726	Saturday, June 24 2006
Galleries	2157	Sunday, May 28 2006
Hey whats up!?	1968	Friday, May 12 2006
DISIT - OPEN SOURCE DISASSEMBLER ENGINE	1826	Tuesday, January 31 2006
Disassembler	1741	Sunday, January 22 2006
New design :)	2058	Saturday, January 21 2006
MS06-002 is gay	2345	Tuesday, January 10 2006
Little off-topic	1479	Friday, January 6 2006
WMF's everywhere...	2221	Wednesday, January 4 2006
Deviation :)	1613	Tuesday, December 20 2005
Wooooh :)	1839	Monday, December 19 2005
The Brothers Karamazov	1889	Sunday, December 4 2005
Some updates	1487	Monday, November 28 2005
More on generic unpacking	1968	Thursday, November 24 2005
Depackit Visualization	1954	Wednesday, November 23 2005
Some photos :0	1939	Friday, November 18 2005
Some small util	1799	Friday, November 11 2005
Hello Tony Montana	1774	Friday, November 4 2005
Trick or ?	1795	Thursday, November 3 2005
Uhh sad	2187	Wednesday, November 2 2005
Delay / Wondering	2029	Tuesday, November 1 2005
/* Coney Island Dreaming */	1845	Thursday, October 20 2005
Exploiting Windows Device Drivers WHITEPAPER	1690	Sunday, October 16 2005
Damn	1861	Thursday, October 13 2005
Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems	2035	Thursday, September 22 2005
TAPiON ver.0.1c is now available	2058	Friday, September 16 2005
Wazz up?	1938	Monday, September 12 2005
TAPiON STABLE RELEASE	1731	Friday, September 9 2005
Help needed	1727	Monday, September 5 2005
dEPACKiT - GENERIC UNPACKING ENGINE!	4388	Sunday, September 4 2005
Debugger "On-Attach" detection method TWO	2017	Saturday, September 3 2005
Tapion Polymorphic Decryptor Generator BETA	1914	Thursday, September 1 2005
Some news	1640	Tuesday, August 30 2005
Debugger "On-Attach" detection method	1720	Wednesday, August 24 2005
Plump :)	1980	Friday, August 19 2005
Simple RDA (RANDOM DECRYPTION ALGORITHM) example	2254	Tuesday, August 16 2005
Playing with RDTSC	2226	Monday, August 15 2005
New stuff	1684	Sunday, August 14 2005
Badf00d Polymorphic Engine	1929	Tuesday, August 9 2005

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit