📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> luis's Blog

Created: Tuesday, April 1 2008 00:55.00 CDT Modified: Tuesday, April 1 2008 01:02.09 CDT
This is an imported entry. View original. Direct Link
Blog is moving
Author: luis # Views: 1315

I am moving the blog to its new home. The move was done primarily to support my new book. (yes, my amazon associates account is in the link). Amazon has not updated the author list.

book cover

Created: Thursday, April 19 2007 05:23.00 CDT Modified: Thursday, April 19 2007 05:36.19 CDT
This is an imported entry. View original. Direct Link
Back from the dead and I have scope images with me...
Author: luis # Views: 1722

These images were taken with an oscilloscope. The bit stream shown uses a simple protocol to send data over RF. The wide image was made by cut/pasting various ones together. I used the parallax USB scope. While the supported bandwidth seems low, it is quite good at the low rate bit streams used in simple RF devices.



The images are part of the talk Im doing at CansecWest this evening.

Other Wireless New Ways to Get Pwned
The talk doesnt cover 802.11 or Bluetooth. Rather the talk focuses on RF devices such as wireless presenters, mice, and a little about keyboards. The attacks are done in hardware by sniffing and injecting communication between chips.

Created: Monday, July 24 2006 16:41.00 CDT Modified: Monday, July 24 2006 16:45.02 CDT
This is an imported entry. View original. Direct Link
Moving Along ...
Author: luis # Views: 1848

I figured out what I was doing wrong in regards to my AbstractValue and stack emulation. My AbstractValue type was trying to do too many things. I removed the internal array storage and it can now only hold one value. Pointers can hold references to an array of AbstractValues. These changes force the creation of buffers outside of the class, which avoids the circular creation problem greatly simplifying the class.

The ideal time to refactor seems difficult to gauge. Although when you absolutely need to refactor, the code will definitely let you know. Things are moving fast as I am decoding various opcodes. Btw, this site has the best x86 opcode reference.

I will soon put up the promised pdb internals as well as some ideas Im working on regarding C++ RE.

Created: Friday, July 21 2006 13:49.00 CDT Modified: Friday, July 21 2006 13:52.47 CDT
This is an imported entry. View original. Direct Link
Author: luis # Views: 931

Ive been working on the static analysis code for BlackHat using TDD and C#. I started emulating the stack as part of a customer test that related to tracking tainted values. The customer test involves dereferencing argv, which is user supplied and tainted.

I have been using a type AbstractValue consisting of a Byte[] for storage. Now I need to also hold a taint property (Boolean) for each cell in the buffer representing argv. I changed the storage to an array of AbstractValues. It compiled, but trying to run it killed sharpdevelop and nuint-gui. It turned out to be a stack overflow caused by recursion in the constructor.

I have the feeling Im doing too much with this type, storing values, pointer representation, and buffer emulation.

Subclasses seems like the next step, but then several places in the code would have to check to see what type something is before dealing with it. Matt would probably know what to do, but he cant give me any concrete direction.

Ill call him later and make another post about his thoughts and the solution (if I come up with one).

Created: Tuesday, July 11 2006 04:15.00 CDT Modified: Tuesday, July 11 2006 04:34.08 CDT
This is an imported entry. View original. Direct Link
Author: luis # Views: 937

This is going to be a busy summer. I am helping my friend Matt with some training at BlackHat. The training covers binary static analysis concepts and implementation. Matt cant write any implementation code for various reasons, but he is driving the development with slides from the class and test binaries. I will be writing all the code for the class. Im using it as an opportunity to learn C# and test driven development. Matts blog has some preparatory material for the class, which I used to learn the basics of C# and TDD. I will be adding some material here as well.

I am also speaking at defcon. The first talk is entitled: Bridging the Gap between Static and Dynamic Reversing. The talk will cover ways to use static disassembly and runtime debugging together to yield better results. In order to make this easier, Ill be releasing a couple of IDA Pro plugins.

pdbgen - This plugin takes symbolic information from IDA and generates custom pdb files. Microsoft does not document the internal format of pdb files. I will be publishing some internal details here as I discover them.

REdress - This plugin will reinsert debug information into ELF files. The name comes from fenris written by Michal Zalewski. In fenris he included a program called dress(opposite of strip) to reinsert library information into files using detection methods similar to FLIRT.

For the other two talks, I will also be working with Matt. The first one is a very condensed version of the training. The second talk is on pair programming and tdd. For people that want to participate in pair programming sessions on the code should attend both talks and take a look at some of the preparatory material here.

See ya in Vegas!


Archived Entries for luis
Subject # Views Created On
400     Tuesday, July 11 2006
0     Tuesday, July 4 2006

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit