http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Thu, 05 Oct 2006 04:55:03 -0500 https://www.openrce.org/blog/view/481/Toorcon_Decompression_and_Tool_Releases AlanBradley <email-suppressed@example.com> I just recently gave <a href="http://www.openrce.org/repositories/users/AlanBradley/Tron-TC8.pdf">a talk</a> at <a href="http://www.toorcon.org/2006/conference.html">Toorcon 8</a> on a couple of tools recently posted to OpenRCE. <a href="http://www.openrce.org/downloads/details/233/ADHD">ADHD</a> is a kernel driver that obscures some of the ways a debugger can be detected in Userland. <a href="http://www.openrce.org/downloads/details/234/Tron">Tron</a> is a kernel driver that you can load into a WinXP system in order to create hidden views of arbitrary userland memory. <a href="http://www.openrce.org/downloads/details/235/CLU">CLU</a> is an IDA plugin that works with Tron to allow you to set invisible software breakpoints. Finally, <a href="http://www.openrce.org/repositories/users/AlanBradley/DrvrLdr.Tron.zip">DrvrLdr.Tron </a> is a command-line driver loader that can be used to load and unload Tron, ADHD and other kernel drivers.<br /> <br /> However, the catch was that this was no ordinary talk. Driven by DMCA concerns, and also a desire to do an interesting &quot;proof of concept&quot; on anonymity, the entire talk was <a href="http://wiki.noreply.org/noreply/TheOnionRouter/AnonymousPublicSpeech">given anonymously</a> using Ventrilo, VNC, a voice disguiser, Tor, and EVDO.<br /> <br /> We had concerns over the feasibility of getting the whole thing to run over <a href="http://en.wikipedia.org/wiki/EVDO">EVDO</a>. However, it turns out the EVDO *did* work, which means it should be possible to give this type of talk anywhere. Hey, maybe I can even go on a virtual world tour. That might be nice. Maybe we can drum up some press attention.<br /> <br /> Anyways, hopefully you enjoy these tools! I should be doing an article on some use cases of them in the coming weeks.