Rust has kind of a steep learning curve but fortunately the Rust community has created some amazing resources for it. The approach I have taken is an iterative one using the following five resorces.
Alexander Hanel alexander-hanel
😶
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ida_kernwin | |
| """ | |
| mostly stolen from https://github.com/idapython/ examples/ex_actions.py | |
| """ | |
| class IconExample(ida_kernwin.action_handler_t): | |
| def __init__(self, passed): | |
| ida_kernwin.action_handler_t.__init__(self) |
In computer programming, an opaque predicate is a predicate—an expression that evaluates to either "true" or "false"—for which the outcome is known by the programmer a priori, but which, for a variety of reasons, still needs to be evaluated at run time
Opaque predicates appears to have been first used by Christian Collberg & Clark Thomborson back in 1997 source. The technique is discussed in their paper A Taxonomy of Obfuscating Transformations.
Rather than relying on garbage collection or user memory allocation (via allocate/free memory), Rust relys on the compiler to ensure memory is managed through ownership.
Ownership is a set of rules that governs how a Rust program manages memory.
Ownership helps with organizing how data is stored in the heap, minimizing duplication of data in the heap and cleaning up the heap. Data types (e.g. Scalar types) are not stored in the heap. Data types (e.g. integers) can be easily pushed/stored and popped/removed on the stack. Rust enforces single ownership.
use std::str;
extern crate base64;
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Created By: Alexander Hanel | |
| # Date: 20220425 | |
| # Version 2.0 | |
| # Purpose: Simple API logger for a subset of API's used by Java's JVM | |
| # C:\tt\pypyp>C:\Python37\python.exe jvm_logger.py -file "C:\Progra~1\Java\jdk1.8.0_191\bin\java.exe" -args " -jar C:\tt\pypyp\victim-app-0.0.1-SNAPSHOT.jar" | |
| import sys | |
| import _ptrace | |
| import argparse |
alexander-hanel
/ heart_sergei.py
Last active
May 11, 2022 09:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import string | |
| DEBUG = True | |
| if DEBUG: | |
| import hexdump | |
| SEGMENT = True | |
| def get_to_xrefs(ea): |
alexander-hanel
/ Re1_notes.md
Last active
July 13, 2023 20:56
Notes on RE1.
- Use a language of your choice to decode the base64 encoded data, disassemble the binary data using the capstone engine and save the text to a file named disassemble.txt
alexander-hanel
/ explore_binary_ninja.py
Last active
August 24, 2022 19:15
Explore Binary Ninja's Python API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| logging.basicConfig() | |
| logging.getLogger().setLevel(logging.DEBUG) | |
| file_name = "" | |
| try: | |
| import binaryninja | |
| logging.debug("BinaryNinja has been imported") |
- disassemble (x86, ARM, MIPS, etc)
- disassembler (capstone, etc)