• NSA, Ghidra, and Unicorns

      NSA, Ghidra, and Unicorns

      This time, the PVS-Studio team's attention was attracted by Ghidra, a big bad reverse-engineering framework allowing developers to analyze binary files and do horrible things to them. The most remarkable fact about it is not even that it's free and easily extensible with plugins but that it was developed and uploaded to GitHub for public access by NSA. On the one hand, you bet NSA has enough resources for keeping their code base clean. On the other hand, new contributors, who are not well familiar with it, may have accidentally introduced bugs that could stay unnoticed. So, we decided to feed the project to our static analyzer and see if it has any code issues.
      Read more →
    • Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras


        This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
        Read more →
      • Writing a laptop driver for fun and profit, or How to commit to kernel even if you're not that smart

        • Translation

        Where it all began


        Let’s start with our problem statement. We have 1 (one) laptop. A new, gamer laptop. With some RGB-backlight on its keyboard. It looks like this:

        image
        Picture taken from lenovo.com

        There’s also a program installed on this laptop. That’s the thing that controls our backlight.

        One problem – the program runs under Windows, and we want everything to work on our favourite Linux. Want LEDs to flash and those pretty colours to blink on and off and such. A natural question arises, can we do all that without reverse-engineering and writing our own drivers?

        A natural answer arises, no. Let’s open IDA and get cracking.

        Read more →
      • Bypassing LinkedIn Search Limit by Playing With API

        • Translation
        [Because my extension got a lot of attention from the foreign audience, I translated my original article into English].

        Limit


        Being a top-rated professional network, LinkedIn, unfortunately, for free accounts, has such a limitation as Commercial Use Limit (CUL). Most likely, you, same as me until recently, have never encountered and never heard about this thing.

        image

        The point of the CUL is that when you search people outside your connections/network too often, your search results will be limited with only 3 profiles showing instead of 1000 (100 pages with 10 profiles per page by default). How ‘often’ is measured nobody knows, there are no precise metrics; the algorithm decides it based on your actions – how frequently you’ve been searching and how many connections you’ve been adding. The free CUL resets at midnight PST on the 1st of each calendar month, and you get your 1000 search results again, for who knows how long. Of course, Premium accounts have no such limit in place.

        However, not so long ago, I’ve started messing around with LinkedIn search for some pet-project, and suddenly got stuck with this CUL. Obviously, I didn’t like it that much; after all, I haven’t been using the search for any commercial purposes. So, my first thought was to explore this limit and try to bypass it.

        [Important clarification — all source materials in this article are presented solely for informational and educational purposes. The author doesn't encourage their use for commercial purposes.]
        Read more →
      • Reverse engineering a high-end soldering station



          (This is the translation of the original article performed by baragol)

          We had a bunch of photographs of the main PCB, a YouTube video with drain-voltage waveforms of MOSFETs, a forum post with a breakdown of the capacitance values of LC circuit capacitors and also a number of unboxing videos showing the heating-up of the soldering tip. The only thing that really worried me was the video with the measurement of the peak power consumption during the heating-up. There is nothing in the world more helpless and irresponsible and depraved than burned cartridge newly bought for 60 bucks from Amazon. But let me start from the beginning.
          Read more →
        • How I discovered an easter egg in Android's security and didn't land a job at Google

          • Translation
          Google loves easter eggs. It loves them so much, in fact, that you could find them in virtually every product of theirs. The tradition of Android easter eggs began in the very earliest versions of the OS (I think everyone there knows what happens when you go into the general settings and tap the version number a few times).

          But sometimes you can find an easter egg in the most unlikely of places. There’s even an urban legend that one day, a programmer Googled “mutex lock”, but instead of search results landed on foo.bar, solved all tasks and landed a job at Google.

          Reconstruction
          image

          The same thing (except without the happy ending) happened to me. Hidden messages where there definitely couldn’t be any, reversing Java code and its native libraries, a secret VM, a Google interview — all of that is below.
          Read more →
        • AdBlock has stolen the banner, but banners are not teeth — they will be back

          More
          Ads
        • Writing a wasm loader for Ghidra. Part 1: Problem statement and setting up environment


          This week, NSA (National Security Agency) all of a sudden made a gift to humanity, opening sources of their software reverse engineering framework. Community of the reverse engineers and security experts with great enthusiasm started to explore the new toy. According to the feedback, it’s really amazing tool, able to compete with existing solutions, such as IDA Pro, R2 and JEB. The tool is called Ghidra and professional resources are full of impressions from researchers. Actually, they had a good reason: not every day government organizations provide access to their internal tools. Myself as a professional reverse engineer and malware analyst couldn’t pass by as well. I decided to spend a weekend or two and get a first impression of the tool. I had played a bit with disassembly and decided to check extensibility of the tool. In this series of articles, I'll explain the development of Ghidra add-on, which loads custom format, used to solve CTF task. As it’s a large framework and I've chosen quite complicated task, I’ll break the article into several parts.

          By the end of this part I hope to setup development environment and build minimal module, which will be able to recognize format of the WebAssembly file and will suggest the right disassembler to process it.
          Read more →
        • Making Git for Windows work in ReactOS

            Good day to you! image


            My name is Stanislav and I like to write code. This is my first english article on Habr which I made due to several reasons:



            This article is an english version of my very first article on russian.


            Let me introduce the main figures in this story who actually fixed the bug preventing Git from running in ReactOS — the French developer Hermès Bélusca-Maïto (or just Hermes with hbelusca nickname) and of course me (with x86corez nickname).


            The story begins with the following messages from the ReactOS Development IRC channel:


            Jun 03 18:52:56 <hbelusca> Anybody want to work on some small problem? If so, can someone figure out why this problem https://jira.reactos.org/browse/CORE-12931 happens on ReactOS? :D
            Jun 03 18:53:13 <hbelusca> That would help having a good ROS self-hosting system with git support.
            Jun 03 18:53:34 <hbelusca> (the git assertion part only).
            Read more →
          • Chemistry lesson: how to expose a microchip's crystal for photography

            Introduction


            If you have dabbled into microchip photographing before, then this article will probably not offer much to you. But if you want to get into it, but don’t know where to start, then it’s exactly for you.


            Before we start, a fair warning: while the procedure is quite entertaining, at first it’ll probably be physically painful. The chemicals used during the process are toxic, so please handle them carefully – that way it’ll still hurt, but less so. Also, if you have even a slight amount of common sense, conduct the procedure in a fully-equipped chemical laboratory under supervision of trained professionals: we’ve had to deal with people who tried to do it at home immediately after reading the guide. And finally: if you don’t know whether you need to pour acid into water or water into acid without a Google search and don’t realize what this lack of knowledge will entail – stop reading this immediately and go to a chemistry 101 course in a local college or something.


            Read more →