Pull to refresh
360.63
Rating

Reverse engineering *

Disassemble and understand how it works

Show first
  • New
  • Top
Rating limit
  • All
  • ≥0
  • ≥10
  • ≥25
  • ≥50
  • ≥100

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program

Information Security *Development for iOS *Development of mobile applications *Reverse engineering *
Translation

I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Read more to learn the specifics of 0-day vulnerabilities.

Read more
Total votes 46: ↑46 and ↓0 +46
Views 100K
Comments 7

How to see and save Instagram requests on an android device

Reverse engineering *
Sandbox

Once I was asked to save a traffic dump of an Instagram app while viewing one particular user profile. Simply saving the traffic dump on the router didn't make sense because the app used TLS to communicate with the server. Existing solutions didn't work because they worked with an older version of Instagram.

Below I will describe how I managed to do it myself using mitmproxy, ghidra and frida.

Read more
Rating 0
Views 880
Comments 0

GDB Tutorial for Reverse Engineers: Breakpoints, Modifying Memory and Printing its Contents

Information Security *Reverse engineering *
Tutorial

GDB is THE debugger for Linux programs. It’s super powerful. But its user-friendliness or lack thereof can actually make you throw your PC out of the window. But what’s important to understand about GDB is that GDB is not simply a tool, it’s a debugging framework for you to build upon. In this article, I’m gonna walk you through GDB setup for reverse engineering and show you all of the necessary commands and shortcuts for your debugging workflow.

Читать далее
Total votes 1: ↑1 and ↓0 +1
Views 2.5K
Comments 0

How to Start Reverse Engineering in 2021

Information Security *Reverse engineering *

Reverse engineering might seem so complex, that not everyone has the bravery required to tackle it. But is it really that hard? Today we are gonna dive into the process of learning how to reverse engineer.

First of all, try to answer yourself, what are you hoping to achieve with reverse engineering? Because reverse engineering is a tool. And you should choose the right tool for your task. So when reverse engineering might be useful?

Read more
Total votes 3: ↑3 and ↓0 +3
Views 10K
Comments 0

NSA, Ghidra, and Unicorns

PVS-Studio corporate blog Open source *Java *Reverse engineering *

NSA, Ghidra, and Unicorns

This time, the PVS-Studio team's attention was attracted by Ghidra, a big bad reverse-engineering framework allowing developers to analyze binary files and do horrible things to them. The most remarkable fact about it is not even that it's free and easily extensible with plugins but that it was developed and uploaded to GitHub for public access by NSA. On the one hand, you bet NSA has enough resources for keeping their code base clean. On the other hand, new contributors, who are not well familiar with it, may have accidentally introduced bugs that could stay unnoticed. So, we decided to feed the project to our static analyzer and see if it has any code issues.
Read more →
Rating 0
Views 534
Comments 0

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

Information Security *Cryptography *IT Infrastructure *Reverse engineering *Video equipment

This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
Read more →
Total votes 19: ↑18 and ↓1 +17
Views 72K
Comments 15

Writing a laptop driver for fun and profit, or How to commit to kernel even if you're not that smart

Reverse engineering *Development for Linux *Computer hardware
Translation

Where it all began


Let’s start with our problem statement. We have 1 (one) laptop. A new, gamer laptop. With some RGB-backlight on its keyboard. It looks like this:

image
Picture taken from lenovo.com

There’s also a program installed on this laptop. That’s the thing that controls our backlight.

One problem – the program runs under Windows, and we want everything to work on our favourite Linux. Want LEDs to flash and those pretty colours to blink on and off and such. A natural question arises, can we do all that without reverse-engineering and writing our own drivers?

A natural answer arises, no. Let’s open IDA and get cracking.

Read more →
Total votes 5: ↑5 and ↓0 +5
Views 1.4K
Comments 0

Technical analysis of the checkm8 exploit

Digital Security corporate blog Information Security *Reverse engineering *

Most likely you've already heard about the famous exploit checkm8, which uses an unfixable vulnerability in the BootROM of most iDevices, including iPhone X. In this article, we'll provide a technical analysis of this exploit and figure out what causes the vulnerability.

Read more →
Total votes 22: ↑22 and ↓0 +22
Views 72K
Comments 4

Bypassing LinkedIn Search Limit by Playing With API

JavaScript *API *Reverse engineering *Data storage *Social networks and communities
Translation
[Because my extension got a lot of attention from the foreign audience, I translated my original article into English].

Limit


Being a top-rated professional network, LinkedIn, unfortunately, for free accounts, has such a limitation as Commercial Use Limit (CUL). Most likely, you, same as me until recently, have never encountered and never heard about this thing.

image

The point of the CUL is that when you search people outside your connections/network too often, your search results will be limited with only 3 profiles showing instead of 1000 (100 pages with 10 profiles per page by default). How ‘often’ is measured nobody knows, there are no precise metrics; the algorithm decides it based on your actions – how frequently you’ve been searching and how many connections you’ve been adding. The free CUL resets at midnight PST on the 1st of each calendar month, and you get your 1000 search results again, for who knows how long. Of course, Premium accounts have no such limit in place.

However, not so long ago, I’ve started messing around with LinkedIn search for some pet-project, and suddenly got stuck with this CUL. Obviously, I didn’t like it that much; after all, I haven’t been using the search for any commercial purposes. So, my first thought was to explore this limit and try to bypass it.

[Important clarification — all source materials in this article are presented solely for informational and educational purposes. The author doesn't encourage their use for commercial purposes.]
Read more →
Total votes 10: ↑9 and ↓1 +8
Views 14K
Comments 3

Reverse engineering a high-end soldering station

Reverse engineering *Circuit design *Manufacture and development of electronics *DIY


(This is the translation of the original article performed by baragol)

We had a bunch of photographs of the main PCB, a YouTube video with drain-voltage waveforms of MOSFETs, a forum post with a breakdown of the capacitance values of LC circuit capacitors and also a number of unboxing videos showing the heating-up of the soldering tip. The only thing that really worried me was the video with the measurement of the peak power consumption during the heating-up. There is nothing in the world more helpless and irresponsible and depraved than burned cartridge newly bought for 60 bucks from Amazon. But let me start from the beginning.
Read more →
Total votes 24: ↑23 and ↓1 +22
Views 14K
Comments 1

How I discovered an easter egg in Android's security and didn't land a job at Google

Development of mobile applications *Development for Android *Google API *Reverse engineering *Interview
Translation
Google loves easter eggs. It loves them so much, in fact, that you could find them in virtually every product of theirs. The tradition of Android easter eggs began in the very earliest versions of the OS (I think everyone there knows what happens when you go into the general settings and tap the version number a few times).

But sometimes you can find an easter egg in the most unlikely of places. There’s even an urban legend that one day, a programmer Googled “mutex lock”, but instead of search results landed on foo.bar, solved all tasks and landed a job at Google.

Reconstruction
image

The same thing (except without the happy ending) happened to me. Hidden messages where there definitely couldn’t be any, reversing Java code and its native libraries, a secret VM, a Google interview — all of that is below.
Read more →
Total votes 20: ↑19 and ↓1 +18
Views 27K
Comments 0

Writing a wasm loader for Ghidra. Part 1: Problem statement and setting up environment

Information Security *Assembler *Reverse engineering *
Sandbox

This week, NSA (National Security Agency) all of a sudden made a gift to humanity, opening sources of their software reverse engineering framework. Community of the reverse engineers and security experts with great enthusiasm started to explore the new toy. According to the feedback, it’s really amazing tool, able to compete with existing solutions, such as IDA Pro, R2 and JEB. The tool is called Ghidra and professional resources are full of impressions from researchers. Actually, they had a good reason: not every day government organizations provide access to their internal tools. Myself as a professional reverse engineer and malware analyst couldn’t pass by as well. I decided to spend a weekend or two and get a first impression of the tool. I had played a bit with disassembly and decided to check extensibility of the tool. In this series of articles, I'll explain the development of Ghidra add-on, which loads custom format, used to solve CTF task. As it’s a large framework and I've chosen quite complicated task, I’ll break the article into several parts.

By the end of this part I hope to setup development environment and build minimal module, which will be able to recognize format of the WebAssembly file and will suggest the right disassembler to process it.
Read more →
Total votes 18: ↑17 and ↓1 +16
Views 9.3K
Comments 1

Making Git for Windows work in ReactOS

Фонд ReactOS corporate blog Open source *System Programming *Reverse engineering *Development for Windows *

Good day to you! image


My name is Stanislav and I like to write code. This is my first english article on Habr which I made due to several reasons:



This article is an english version of my very first article on russian.


Let me introduce the main figures in this story who actually fixed the bug preventing Git from running in ReactOS — the French developer Hermès Bélusca-Maïto (or just Hermes with hbelusca nickname) and of course me (with x86corez nickname).


The story begins with the following messages from the ReactOS Development IRC channel:


Jun 03 18:52:56 <hbelusca> Anybody want to work on some small problem? If so, can someone figure out why this problem https://jira.reactos.org/browse/CORE-12931 happens on ReactOS? :D
Jun 03 18:53:13 <hbelusca> That would help having a good ROS self-hosting system with git support.
Jun 03 18:53:34 <hbelusca> (the git assertion part only).
Read more →
Total votes 44: ↑43 and ↓1 +42
Views 4.2K
Comments 1

Chemistry lesson: how to expose a microchip's crystal for photography

Reverse engineering *Manufacture and development of electronics *Chemistry Electronics for beginners
Sandbox

Introduction


If you have dabbled into microchip photographing before, then this article will probably not offer much to you. But if you want to get into it, but don’t know where to start, then it’s exactly for you.


Before we start, a fair warning: while the procedure is quite entertaining, at first it’ll probably be physically painful. The chemicals used during the process are toxic, so please handle them carefully – that way it’ll still hurt, but less so. Also, if you have even a slight amount of common sense, conduct the procedure in a fully-equipped chemical laboratory under supervision of trained professionals: we’ve had to deal with people who tried to do it at home immediately after reading the guide. And finally: if you don’t know whether you need to pour acid into water or water into acid without a Google search and don’t realize what this lack of knowledge will entail – stop reading this immediately and go to a chemistry 101 course in a local college or something.


Read more →
Total votes 25: ↑24 and ↓1 +23
Views 1.3K
Comments 0

Authors' contribution