Each year in Brussels, Belgium there is a conference called FOSDEM. It is organized on the last weekend of February. There seem to be some interesting talks about security and program developement this year. The development track is almost fully dedicated to various CVSes. The choice of CVS is an object of faith like the choice of the editor so it doesn’t hurt to go and see what others use…
I’ll also attend the the talk about valgrind by Julian Seward. I loved the tool from the first time I used it.
See you there 🙂
I realized that it is quite easy to make FindCrypt work with big endian programs. For that we just need to know the size of each constant array element and swap them if required. So here is the second version of FindCrypt. It introduces the following improvements:
- it works with both little and big endian programs
- it knows to reuse old slots in the bookmarks if run repeatedly
- it is fully automatic and scans each new created database. manual scan is still available
Future possible improvement: a tool which would extract constant arrays from the source code of any project. This tool can be written on perl or python and will be quite simple (we only have to handle constant array definitions in C). More sophisticated tool could also take care of type definitions like “typedef long LONG”…
For your convenience, here are links to both versions: findcrypt.zip and findcrypt2.zip
Compare them to see the differences, there aren’t many!
While analyzing a program quite often we want to know if it uses any crypto algorithm. Knowing the algorithm name would be useful too. Here is the plugin which can help us answer these questions.
Continue reading FindCrypt
The last week Ero Carrera in his blog linked to this spectacular site:
Continue reading Text and graphics
A decompiler is commonly viewed as a tool to recover the source code of a program, the same way as a disassembler is a tool to convert a binary executable program to an assembler text.
This is true in some cases but only in some.
Continue reading Return to the sources?
I restored the old configuration and the blog will continue its normal operation now. The hotfix can not be downloaded from the site anymore but its source code is still available.
Thank you all for the support! I’d like to say thank you once more to the guys who mirrored the files!
P.S. Next week we will talk about some decompilation problems.
The new version is suitable for automated setup (for example, in logon scripts).
Continue reading Silent WMF Hotfix Installer
It seems that many users installed the hotfix for the WMF vulnerability on their machines.
Continue reading WMF Vulnerability Checker
This week a new vulnerability was found in Windows:
Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix – I badly needed it.
Continue reading Windows WMF Metafile Vulnerability HotFix
So far this is the absolute record for the binary size of one division/remainder/multiplication operation:
Continue reading The longest arithmetic operation