OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Friday, July 17 2009 09:58.44 CDT

Modified: Friday, July 17 2009 10:36.19 CDT

Direct Link, View / Make / Edit Comments

Some news on Aslan and BLOG issues

Author:

Piotr

# Views: 12150

For those who are interested:

The OPENRCE FEED reader seems to be not working correctly and posts from my original blog (outside one) are imported to OPENRCE usually with long delay. I have noticed Pedram about it but this issue stays unresolved.

I have recently updated my website with few articles and a little update for Aslan 4514N.

If anyone is interested here is my current blog:
http://blog.piotrbania.com

And here you can subscribe:
http://blog.piotrbania.com/feeds/posts/default

Some short post about Aslan and its new feature is available here:
http://blog.piotrbania.com/2009/07/aslan-4514n-binary-code-integrator.html

peace

Created: Wednesday, May 27 2009 10:28.00 CDT

Modified: Wednesday, May 27 2009 10:45.13 CDT

This is an imported entry. View original.

Direct Link

Some graphs

Author:

Piotr

# Views: 4984

While playing with MmmBop sometimes i was recording the transfers between basic blocks. I tried to produce some graphs from it to make a nice visualization, however it appears in a various cases ie. tElock, PESpin i have recorded so many egdes that GraphViz was unable to produce a correct graph. Tried few other things like Tulip, but it havent really worked either. One thing that actually worked was Walrus3D but the graphs are not really a good visualization for this example - IMHO. Anyway may be you will like following ones:

MmmBop tracing the unpacking process of UPX packed binary:

MmmBop tracing the unpacking process of tElock packed binary (Walrus as renderer here):

Created: Monday, May 25 2009 18:22.00 CDT

Modified: Monday, May 25 2009 18:22.39 CDT

This is an imported entry. View original.

Direct Link

PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

Author:

Piotr

# Views: 4779

ABSTRACT

Nowadays most of the malware applications are either packed or protected. This techniques are applied especially to evade signature based detectors and also to complicate the job of reverse engineers or security analysts. The time one must spend on unpacking or decrypting malware layers is often very long and in fact remains the most complicated task in the overall process of malware analysis. In this report author proposes MmmBop as a relatively new concept of using dynamic binary instrumentation techniques for unpacking and bypassing detection by self-modifying and highly aggressive packed binary code. MmmBop is able to deal with most of the known and unknown packing algorithms and it is also suitable to successfully bypass most of currently used anti-reversing tricks. [...]

Paper can be found at:
http://piotrbania.com/all/articles/pbania-dbi-unpacking2009.pdf

Created: Monday, May 18 2009 14:34.00 CDT

Modified: Monday, May 18 2009 14:37.15 CDT

This is an imported entry. View original.

Direct Link

Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)

Author:

Piotr

# Views: 4702

SpiderPig is a project created for performing and visualizing data flow analysis of a selected binary program. SpiderPig was created in the purpose of providing a tool which would be able to help vulnerability and security researchers with tracing and analyzing any necessary data and its further propagation. Such tasks are very often crucial in the vulnerability discovering/identifying process and typically require a lot of time consuming manual work. Following paper discusses methods and techniques implemented in SpiderPig in order to perform semi-automatic data flow analysis.

Paper is available here:
http://piotrbania.com/all/spiderpig/pbania-spiderpig2008.pdf

Simple video demo and some other things available on project website:
http://piotrbania.com/all/spiderpig/

Big thanks to Matt "skape" Miller and Julien Vanegue!

Created: Saturday, October 18 2008 20:08.00 CDT

Modified: Saturday, October 18 2008 20:42.10 CDT

This is an imported entry. View original.

Direct Link

The FALL

Author:

Piotr

# Views: 5904

Yesterday i saw a movie called "The FALL" and after seeing it i still wonder how come i havent found it before (since it appears it was already released(?) in 2006). It seems i have liked it so badly that i actually decided to drop a short note about it here. To be honest it is still haunting me :)

The Fall is one of the movies that you cant compare to any other. The movie was filmed in 28 different countries across the world for about 4 years and regarding what i have read the director spent his own money to finally realize it. The imaginery, photos, painting, music is a really gorgeus i cant even find a proper words to describe it. I even have no idea if the landscapes were real or just generated by computers. I should speak about the plot here but I dont want to spoil your potencial fun.

It is surely not a movie for everyone, but why not to give it a try?

Links:
1) Official trailer
2) Official movie website

Archived Entries for Piotr

Subject	# Views	Created On
Incoming...	2295	Monday, October 6 2008
Presenting Kon-Boot v1.0	2055	Tuesday, July 15 2008
Blah	2359	Thursday, March 20 2008
SpiderPig and The Childs.	3055	Tuesday, September 18 2007
Huh that was cool.	2701	Monday, September 17 2007
SpiderPig Memory Tracer	2848	Saturday, September 8 2007
Just two weeks more	3311	Saturday, June 16 2007
Gaara Disinfectors	2944	Sunday, June 3 2007
Gaara Disinfectors	2610	Sunday, June 3 2007
Car is almost done!	2419	Saturday, June 2 2007
GAARA Disinfector	2731	Saturday, June 2 2007
Car is almost done :)	1968	Saturday, June 2 2007
The Launch, Gaara and Aslan.	1362	Saturday, June 2 2007
The Piotr Bania Chronicles :)	2191	Saturday, June 2 2007
More on GAARA	3539	Friday, June 1 2007
ASLAN (4514N) PROJECT WEBSITE	1780	Friday, June 1 2007
Calculator Virus	1892	Thursday, May 31 2007
China Crafts Cyberweapons	2026	Wednesday, May 30 2007
How long your response from [email protected] takes?	3709	Monday, May 21 2007
Calculator things! First world's resident epo calc virus or sth :)	1719	Monday, May 21 2007
Some Winamp bugz.	2071	Friday, April 6 2007
Spring	2233	Sunday, April 1 2007
Boring. Boring.	3427	Wednesday, March 7 2007
Apple QuickTime Player Remote Heap Overflow	2330	Monday, March 5 2007
Some news	2723	Friday, February 16 2007
Bypassing Breakpoints with File "Streams"	2833	Tuesday, February 6 2007
www.tracingbug.com	2119	Friday, January 19 2007
Adobe Reader Remote Heap Memory Corruption	2352	Tuesday, January 9 2007
The Things They Didn't Tell You About the Debugging APIs	3196	Tuesday, December 26 2006
Beek :)	2149	Monday, December 25 2006
Best wishes.	2431	Friday, December 22 2006
Nice sounds	1699	Monday, December 11 2006
Integrated files	2613	Wednesday, November 15 2006
Guess who's back, back again!	1800	Tuesday, November 14 2006
Little request	1715	Friday, October 6 2006
Blump	1901	Tuesday, September 12 2006
DEFCON14	1915	Saturday, July 1 2006
Screenshots from something ;]	1415	Saturday, June 24 2006
Holiday, Holydays	1771	Saturday, June 24 2006
Galleries	2197	Sunday, May 28 2006
Hey whats up!?	2002	Friday, May 12 2006
DISIT - OPEN SOURCE DISASSEMBLER ENGINE	1863	Tuesday, January 31 2006
Disassembler	1777	Sunday, January 22 2006
New design :)	2091	Saturday, January 21 2006
MS06-002 is gay	2390	Tuesday, January 10 2006
Little off-topic	1515	Friday, January 6 2006
WMF's everywhere...	2256	Wednesday, January 4 2006
Deviation :)	1649	Tuesday, December 20 2005
Wooooh :)	1876	Monday, December 19 2005
The Brothers Karamazov	1924	Sunday, December 4 2005
Some updates	1531	Monday, November 28 2005
More on generic unpacking	2005	Thursday, November 24 2005
Depackit Visualization	1992	Wednesday, November 23 2005
Some photos :0	1973	Friday, November 18 2005
Some small util	1836	Friday, November 11 2005
Hello Tony Montana	1813	Friday, November 4 2005
Trick or ?	1834	Thursday, November 3 2005
Uhh sad	2236	Wednesday, November 2 2005
Delay / Wondering	2064	Tuesday, November 1 2005
/* Coney Island Dreaming */	1881	Thursday, October 20 2005
Exploiting Windows Device Drivers WHITEPAPER	1729	Sunday, October 16 2005
Damn	1903	Thursday, October 13 2005
Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems	2086	Thursday, September 22 2005
TAPiON ver.0.1c is now available	2095	Friday, September 16 2005
Wazz up?	1984	Monday, September 12 2005
TAPiON STABLE RELEASE	1770	Friday, September 9 2005
Help needed	1766	Monday, September 5 2005
dEPACKiT - GENERIC UNPACKING ENGINE!	4458	Sunday, September 4 2005
Debugger "On-Attach" detection method TWO	2097	Saturday, September 3 2005
Tapion Polymorphic Decryptor Generator BETA	1953	Thursday, September 1 2005
Some news	1678	Tuesday, August 30 2005
Debugger "On-Attach" detection method	1804	Wednesday, August 24 2005
Plump :)	2014	Friday, August 19 2005
Simple RDA (RANDOM DECRYPTION ALGORITHM) example	2291	Tuesday, August 16 2005
Playing with RDTSC	2264	Monday, August 15 2005
New stuff	1727	Sunday, August 14 2005
Badf00d Polymorphic Engine	1965	Tuesday, August 9 2005

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit