/r/RELounge
What happens when a discovery leaves IDA upon your own computer and meets the real world?
/r/RELounge
2,818 Subscribers
Where to download android specific .so files?
Do I have to download Android Studio, and use the SDK/NDK tool chain to compile the specific version of the library binaries, or can I just download what I need online?
If I need a specific .so file from a specific Android version, is there an easier way to obtain said file? And if I do need to use Android Studio, or the SDK/NDK tool chain, can someone point me in the right direction?
What if I need a specific .so file to reverse something that uses Android, but I have no .apk?
I know that most .so files are open source, but I can only find downloads for the .so files for Linux distros, in rpm packages for example. I cannot find open source .so files for Android versions.
Just like you would download a Linux package and get the .so file from there, I want to know if there is an equivalent for Android? Because it seems like I have to do it the long way, i.e., downloading Android Studio and setting up a make-believe project to use the .so files from that. Or using the commandline toolchain for Android NDK/SDK?
I just want to know if there is a way I can just pull the Android equivalent .so files online, or if I have to do it the long way. Similar to how you pull packages for specific Linux distros.
13:04 UTC
BBS port?
Hello, I just opened a satellite receiver and found this port named bbs. What does this port do?
09:42 UTC
Compare APKs version differences
Hello, I'm looking for tools to compare two APK files. My goal is to pinpoint changes in the source code at the individual class file level. I need a tool that can identify modifications in the source code itself. Any recommendations for tools or libraries that can streamline this process? Thanks in advance for your advice !
20:27 UTC
WinDBG Stops
WinDBG stops after I give it a dump file to analyze. It used to work before and now it completely stops. it used to be so fast and generate a bunch of answers. Any suggestions will be appreciated.
21:35 UTC
Best approaches to decompile 30-year-old MS-DOS binaries?
Many years ago, I created a number of programs, which luckily I have been able to retrieve as binaries from the internet. These include:
- a 64k intro called Obez (with realtime 3D Phong rendering) released in 1995, made with Turbo-Pascal, TASM, pmode, probably other tools https://github.com/thbar/demomaking?tab=readme-ov-file#obez-1995
- a demo called Nikki (released in 1996) captured here https://www.youtube.com/watch?v=t8o-uuq73UU and stored here https://github.com/thbar/demomaking/tree/master/nikki, made in Watcom C++ and Assembly
- a bomberman clone, dated from 1995 https://github.com/thbar/demomaking/tree/master/dyna-k made in Turbo-Pascal and Assembly as well
I have long lost the source code, and I'm looking into decompiling all or part of these binaries.
The Obez one is probably the most tricky, because it used compression techniques etc.
What would be the best tools available today to approach this? I know about IDA Pro etc. Maybe there are interesting approaches involving LLM?
Thanks for your ideas :-)
22:27 UTC
How to verify DLL patch is *not* malicious?
Howdy all. Our work is pushing Windows 11 on all machines. I'm reponsible for maintenance of our older products that use versions of SW that are not supported on Windows 11. Specifically Xilinx ISE 14.7. There is a way to get these tools to work on Win10, but that same trick doesn't work on Win11. Turns out somebody has found a patch for one DLL (libPortability.dll) to make it work on Win11. But our IS/Security team won't let us use a random DLL found on the interwebs. I tried it out on a virtual machine (with no network access) and it works. So I need some way to *prove* it isn't malicious.
I have done a binary comparison of the files. They are different by only 8 bytes. Doesn't seem like enough to be malicious, but I need more than that. I've tried decompiling using Ghidra, but I can't seem to figure out how to "diff" the decompiled output in a meaningful way. The decompiled output of two DLLs is radically different. But just a binary compare shows only 9 bytes different.
I have a few ideas to proceed, but I'm not sure of the technical steps.
Given an offset in the DLL (where the binary differences are), how do I map that to a virtual address in Ghidra (or other tool)?
How can I map an DLL entry point (ordinal) to the target virtual addresses that have changed? Is there some tool that can walk the call chains from entry points?
I've googled quite a bit the last couple of days, but have found little to no detail on how to proceed here.
20:50 UTC
[Help Request] - Understanding MetroDroid
Good Evening All,
I'm not sure of this is the best place to post this, but I'm hoping somebody might be able to assist me.
I'm currently working on trying to understand, how MetroDroid, is able to determine an Expiration Date, based off of a Card Dump.
I've tried going through the code, but I'm just not really all that technical, when it comes down to it. And I feel like I might just be missing something simple.
The card I'm looking at, has this information:
It's a Ventra - Mifare Ultralight - EV1 - Single-Use
[=] block# | data |lck| ascii
[=] ---------+-------------+---+------
[=] 0/0x00 | 04 2E 9F 3D | | ...=
[=] 1/0x01 | CA A1 13 90 | | ....
[=] 2/0x02 | E8 48 00 00 | | .H..
[=] 3/0x03 | 00 00 00 00 | 0 | ....
[=] 4/0x04 | 0A 04 00 B4 | 0 | ....
[=] 5/0x05 | 30 01 3F 00 | 0 | 0.?.
[=] 6/0x06 | 00 00 00 DE | 0 | ....
[=] 7/0x07 | 00 00 3F 39 | 0 | ..?9
[=] 8/0x08 | 20 84 5A FF | 0 | .Z.
[=] 9/0x09 | 01 00 00 00 | 0 | ....
[=] 10/0x0A | FF 00 00 00 | 0 | ....
[=] 11/0x0B | 00 00 65 66 | 0 | ..ef
[=] 12/0x0C | 00 00 00 00 | 0 | ....
[=] 13/0x0D | 00 00 00 00 | 0 | ....
[=] 14/0x0E | 00 00 00 00 | 0 | ....
[=] 15/0x0F | 00 00 5F 5A | 0 | .._Z
[=] 16/0x10 | 00 00 00 FF | 0 | ....
[=] 17/0x11 | 00 05 00 00 | 0 | ....
[=] 18/0x12 | 00 00 00 00 | 0 | ....
[=] 19/0x13 | 00 00 00 00 | 0 | ....
[=] ---------------------------------When I scan it with the app, I get this information:
What I'm curious of, is what determines the $0.00 and the Valid until 5/19/24 12:00 AM
This is the data I can get from MetroDroid by Exporting the information
{
"tagId": "042e9fcaa11390",
"scannedAt": {
"timeInMillis": 1708651483860,
"tz": "America/Chicago"
},
"mifareUltralight": {
"cardModel": "EV1_MF0UL11",
"pages": [
{
"data": "042e9f3d"
},
{
"data": "caa11390"
},
{
"data": "e8480000"
},
{
"data": "00000000"
},
{
"data": "0a0400b4"
},
{
"data": "30013f00"
},
{
"data": "000000de"
},
{
"data": "00003f39"
},
{
"data": "20845aff"
},
{
"data": "01000000"
},
{
"data": "ff000000"
},
{
"data": "00006566"
},
{
"data": "00000000"
},
{
"data": "00000000"
},
{
"data": "00000000"
},
{
"data": "00005f5a"
},
{
"data": "000000ff"
},
{
"data": "00050000"
},
{
"data": "00000000"
},
{
"data": "00000000"
}
]
}
}Honestly, any help would be greatly appreciated.
If any further information is needed from the Card itself, please let me know and I'll provide what I can.
I have a `Proxmark3 Easy` to get the data that I did.
03:48 UTC
Advice/Help needed in attempting RE the closed-source YSMenu for NDS flashcarts
Hi guys,
I recently started to revamp my wife's childhood DS Lite for her, and one of the changes was to get a flashcart. I ended up picking up a cheap R4i cart, which I loaded YSMenu from this post here: https://gbatemp.net/download/retrogamefan-multi-cart-update.35737/
I've been able to make some graphical edits, but would love to do some others that are not provided in the configuration .ini file, such as removing a time stamp from the menu.
The original project was from another developer, Mr. Yasu, in the 00's: http://hp.vector.co.jp/authors/VA013928/ Unfortunately the original files were on a now defunct subdomain but I've found a copy I believe are original. zip file The project was then forked by retrogamefan in order to build support for using different flashcarts and providing updated game fixes (also done by Jhon591 at ds-scene.net) . They kept the entire thing closed-source unfortunately.
I've taken a peek at the files with HxD (See here), and Ghidra (see here), but nothing I've found helpful to me. Maybe someone else will have a better idea what to look for. In Ghidra I've been setting the language (when importing) to ARM7 small endian.
One potential idea I had was to perhaps decode a utility program made by retrogamefan that allows people to edit some of the .dat files (infolib.dat, extinfo.dat, and savlib.dat) to see if that could allow me to figure out what they've used to create the others. Program: https://gbatemp.net/download/ttdt.36159/ I have been able to load ttdt in Ollydbg, but I don't know yet what I've found: img
That said, I am suspecting that the stuff I want to edit is in either system.u2l or system.l2u and not in a .dat file. I have not found a lot of info on either format.
All in all, I am not a regular RE person and just a tinkerer. It would be great if someone could offer suggestions or even lend their expertise to help me out.
04:47 UTC
VR/RE jobs outside gov/ctr (USA)
I am starting to look for a new role, and I am really sick of working in and around the government. Has anyone recently switched from a gov role or a contractor role to a commercial role?
I have been working in this field specifically in embedded systems RE/CNO dev for 7+ years now. Started on the MIL side in the IC.
My biggest problem is figuring out a solid mapping between RE roles ive had for the DOD and those on the commercial side. Seems like there arent many jobs really looking for the same skillset, but I am hoping im wrong.
Any help would be huge.
P.S typed on phone, at work, on burner account. Sorry if grammar is bad
15:30 UTC
Extract u-boot from Unifi Dream Machine Pro firmware
I have a broken UDMP that i would really like to repair.
I have access to the U-Boot console via JTAG. It is showing errors in loading the USB controller, the Ethernet and the XHCI Controller, which causes the kernel to fail to load.
The guy i got it off said it happened during a failed firmware update, so my gut feeling is that a re-flash of the bootloader may bring it back to life as I find it hard to believe that all the onboard components can fail at once.
I have downloaded the UDMP firmware from unifi and run binwalk over it as well as strings.
I can find multiple references to u-boot from strings and head but am stuck at how to actually extract u-boot from the firmware so i can re-flash it back onto my device. as it just shows me the text it found and the location, i dont know how to expand on that to find a useful section to extract
Its a long shot, but thanks for your help in advance!
binwalk output:
richa@raspberrypi:~ $ binwalk 4f64-udmpro-1.9.0-7d413a95296646e1aa685674a2bc1db8.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Ubiquiti firmware header, header size: 264 bytes, ~CRC32: 0x54244190, version: "UDM.alpinev2.v1.9.0.928880d.210301.1532"
699 0x2BB Flattened device tree, size: 5111470 bytes, version: 17
943 0x3AF gzip compressed data, has original file name: "Image", from Unix, last modified: 2021-03-01 17:04:20
4928963 0x4B35C3 Flattened device tree, size: 24370 bytes, version: 17
4953971 0x4B9773 Flattened device tree, size: 26307 bytes, version: 17
4980911 0x4C00AF Flattened device tree, size: 24358 bytes, version: 17
5005907 0x4C6253 Flattened device tree, size: 25972 bytes, version: 17
5032515 0x4CCA43 Flattened device tree, size: 26118 bytes, version: 17
5059267 0x4D32C3 Flattened device tree, size: 24341 bytes, version: 17
5084247 0x4D9457 Flattened device tree, size: 26282 bytes, version: 17
5112233 0x4E01A9 Squashfs filesystem, little endian, version 4.0, compression:gzip, size: 626379969 bytes, 71665 inodes, blocksize: 131072 bytes, created: 2021-03-01 17:18:35
631829337 0x25A8F359 Unix path: /home/winder/projects/data/customers/ubiquiti/multi_dt/preboot_v2/stage3/i2c_wrapper.c
631829609 0x25A8F469 Unix path: /home/winder/projects/data/customers/ubiquiti/multi_dt/preboot_v2/stage3/pci_devices.c
632021553 0x25ABE231 Flattened device tree, size: 25342 bytes, version: 17
632050225 0x25AC5231 Flattened device tree, size: 23763 bytes, version: 17
632074801 0x25ACB231 Flattened device tree, size: 25252 bytes, version: 17
632103473 0x25AD2231 Flattened device tree, size: 25121 bytes, version: 17
632132145 0x25AD9231 Flattened device tree, size: 25041 bytes, version: 17
632160817 0x25AE0231 Flattened device tree, size: 24538 bytes, version: 17
632708865 0x25B65F01 CRC32 polynomial table, little endian
632763775 0x25B7357F Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/iofic/al_hal_iofic.c
632763933 0x25B7361D Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/udma/al_hal_udma_main.c
632764867 0x25B739C3 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/udma/al_hal_udma_config.c
632765538 0x25B73C62 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/udma/al_hal_udma_iofic.c
632769766 0x25B74CE6 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/eth/al_hal_eth_main.c
632770259 0x25B74ED3 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//include/udma/al_hal_udma.h
632772052 0x25B755D4 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/eth/al_hal_eth_kr.c
632772400 0x25B75730 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/eth/al_hal_eth_epe.c
632772652 0x25B7582C Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/ssm/al_hal_ssm.c
632772801 0x25B758C1 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/ssm/al_hal_ssm_raid.c
632774716 0x25B7603C Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/serdes/al_hal_serdes_hssp.c
632775536 0x25B76370 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/serdes/al_hal_serdes_25g.c
632779009 0x25B77101 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pcie/al_hal_pcie.c
632782428 0x25B77E5C Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pcie/al_hal_pcie_interrupts.c
632782674 0x25B77F52 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/ddr/al_hal_ddr.c
632786410 0x25B78DEA Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/ddr/al_hal_ddr_pmu.c
632786907 0x25B78FDB Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_muio_mux.c
632787406 0x25B791CE Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_spi.c
632788063 0x25B7945F Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_nand_dma.c
632788252 0x25B7951C Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_bootstrap.c
632788630 0x25B79696 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_gpio.c
632789338 0x25B7995A Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_i2c.c
632789961 0x25B79BC9 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/pbs/al_hal_addr_map.c
632791030 0x25B79FF6 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/ring/al_hal_pll.c
632791490 0x25B7A1C2 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/sys_services/al_hal_timer.c
632792134 0x25B7A446 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/sys_fabric/al_hal_sys_fabric_utils.c
632792711 0x25B7A687 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/sys_fabric/al_hal_iommu.c
632793162 0x25B7A84A Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//drivers/ring/al_hal_cmos.c
632794615 0x25B7ADF7 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//services/eth/al_init_eth_lm.c
632798926 0x25B7BECE Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//services/eth/al_eth_group_lm.c
632800446 0x25B7C4BE Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//services/pcie/al_init_pcie.c
632802076 0x25B7CB1C Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//services/iomap_dynamic/al_hal_iomap_dynamic.c
632802476 0x25B7CCAC Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//services/tpm/al_tpm.c
632802824 0x25B7CE08 Unix path: /home/builder/workspace/Bootloaders/BL_al_boot_multi/src/HAL//services/tpm/al_tpm_if_i2c.c
632863681 0x25B8BBC1 Flattened device tree, size: 1748 bytes, version: 17
632925601 0x25B9ADA1 Intel x86 or x64 microcode, pf_mask 0x11a296a, 1A5C-01-10, size 2048
632976829 0x25BA75BD Flattened device tree, size: 13809110 bytes, version: 17
632977073 0x25BA76B1 gzip compressed data, has original file name: "Image", from Unix, last modified: 2020-10-22 16:39:57
646602945 0x268A60C1 Flattened device tree, size: 24344 bytes, version: 17
646627925 0x268AC255 Flattened device tree, size: 26281 bytes, version: 17
646654841 0x268B2B79 Flattened device tree, size: 24332 bytes, version: 17
646679809 0x268B8D01 Flattened device tree, size: 25922 bytes, version: 17
646706369 0x268BF4C1 Flattened device tree, size: 26092 bytes, version: 17
646733093 0x268C5D25 Flattened device tree, size: 24315 bytes, version: 17
646758045 0x268CBE9D Flattened device tree, size: 26256 bytes, version: 17
646786018 0x268D2BE2 Signed Ubiquiti end header, RSA 2048 bit, header size: 264 bytes
10:11 UTC
Nuitka Reverse Engineering
So I am new to the Reverse Engineering world, and I have an exe which is written using Python and used Nuitka to make it exe. Any idea how should I work with it?
I know it is very hard to get the full source code. I am okay with even a bit of it.
Remark: What Nuitka does is that it changes the Python code to C code, then compiles it, which makes it more complex to reverse engineer. (I tried to reverse engineer it as C code but didn't work) But I am still new, so maybe I did something wrong.
Any help or idea is appreciated
08:09 UTC
Hytera/Motorola stolen IP/RE
I came across the issue of Hytera being found guilty of stolen IP from Motorola DMR product line. I see that one of the stolen IP items was source code, among other IP items. Most of the content I come across has generalities of what was stolen. Anyone come across any specific of the tech specs that were taken? What specific source code, for what models of radios, microcontroller architecture, etc. Cheers.
16:07 UTC
Flash game reverse engineering?
It's an odd question to ask since it's 2023 and flash is... well, not supported anymore unless using plugins or something.
But there's the curiousity of the possibility of doing such a thing with flash games nowadays. For extracting assets and stuff but only to study how they are made and how their code works.
Basically, learning purposes, because there is very cool stuff out there in old flash games and I find it interesting to know how people achieved such things.
12:59 UTC
Is a jailbroken iPhone is necessary to extract the ipa of a pre-installed app like iMessage?
Link to my research notes: https://docs.google.com/document/d/1Y-2SZX4s1E1Mq9yWHZMMBzW3BJTfUuMl-YYXoZlY73w/edit?usp=sharing
From my research, I have come to the understanding that in order to extract the ipa file of an installed app in a non-jailbroken iphone, the available options are to either use apple configurator, imazing, or itunes. I have also studied the ipa extraction process for a jailbroken iphone, but given that my I am on an A14 chip iphone 12 pro max running ios 16.0.3, it is almost impossible to downgrade to ios 15 for a jailbreak, and a PPL bypass has not been discovered yet for A12+ ios 16+ iphones. Due to these unfortunate limitations, I am trying to set up a proper debugging environment in a non-jailbroken iphone if possible using this approach: https://googleprojectzero.blogspot.com/2021/05/fuzzing-ios-code-on-macos-at-native.html
The question is whether a jailbroken iphone is necessary to extract the ipa file of a pre-installed app, such as imessage. The ultimate goal is to extract the compiled ios binary executable from the corresponding ipa->app bundle to run it as a macos process for debugging.
20:46 UTC
Extracting firmware form i2c eeprom with an arduino.
So i have an old laser printer that is basically fired and does’t work anymore. So I took upon myself a challenge to extract its firmware. On the main board I found an i2c eeprom. I connected it to an arduino and read its contents but when I try to run binwalk on it nothing happens. Why is that? Do you need to do something more than just read the contents of the chip?
13:35 UTC
Heroes and Generals and how it almost died
Hey there!
Maybe you played Heroes and Generals yourself, maybe you didn't. Long story short: Game publisher chosen to shutdown the servers...
As mentioned in https://www.reddit.com/r/HeroesandGenerals/comments/13ipas7/self_hosted_servers/ there are still many people who like to continue playing.
We made plans on how to accomplish that. One of the possible solutions is to rewrite the server logic on our own but is a lot of work.
Mainly looking for people who are willing to contribute as C++ dev and "information gathering" (hope you know ghidra or other tools ^.^).
Willing to join? We have a discord channel at https://discord.gg/gnnfKKuumg
POC is also running but only up to the login page (not the game itself yet).
20:15 UTC
[IDA Pro] Remove blank lines from decompiler and reload .cfg
I am having 2 issues with IDA Pro. First, I often add blank lines to the pseudocode window to separate code blocks, but I can't figure out how to remove them without using Ctrl+Z.
Second, I edited the hexrays.cfg file to increase the indentation from 2 to 4, but it didn't change, even after closing and opening the app. Is there a way of reloading the config?
Thanks in advance.
17:20 UTC
You know you've screwed up when you start getting errors with typos from Intel
Pin: pin-3.24-98612-6bd5931f2
Copyright 2002-2022 Intel Corporation.
A: C:\tmp_proj\pinjen\workspace\pypl-pin-nightly\GitPin\Source\pin\vm\jit_outlined_funcs.cpp: LEVEL_VM::AssertTargetIaddrValid: 599: assertion failed: tragetAddrValid
What did I do, Jen?
22:30 UTC
Can I retrieve content of encrypted file using reverse engineering
16:45 UTC
[HIRING] Somebody to Reverse Engineering an Android App
I'm currently in search of somebody who can assist me in reverse engineering an Android APK.
The primary goal is to rewrite an AES encryption function. It involves reverse engineering an APK (original app and decompiled code would be provided).
These are the headers that I need a script to generate them locally:
X-Book-Security-Token: 4d6a55774e5463304d7a45344e6a6730
X-Book-Identifier-Type: MZyGb/ylkFYYpEqgx5HAIw==
X-Book-User-Identifier: EMBEQb01fnjUF9QzhSHU1TfdYXguyD2YPY8wmDlpZRo=The headers are somehow associated with each other, I suspect it has an ID or something appended to it during generation.
I suspect the functions below handle the encryption process:
public final String mo178266b(String str, String str2, String str3, String str4) {
C75446pfv.m13004a((Object) str, "");
C75446pfv.m13004a((Object) str2, "");
C75446pfv.m13004a((Object) str3, "");
C75446pfv.m13004a((Object) str4, "");
try {
SecretKeyFactory instance = SecretKeyFactory.getInstance(str4);
char[] charArray = str3.toCharArray();
C75446pfv.m13022e((Object) charArray, "");
byte[] bytes = m187477d(m187475b(str2)).getBytes(pxn.f11244g);
C75446pfv.m13022e((Object) bytes, "");
SecretKeySpec secretKeySpec = new SecretKeySpec(instance.generateSecret(new PBEKeySpec(charArray, bytes, 4096, 128)).getEncoded(), "AES");
byte[] decode = Base64.decode(str, 2);
Cipher instance2 = Cipher.getInstance("AES/CBC/PKCS5Padding");
instance2.init(2, secretKeySpec, m187476c(m187475b(str2)));
byte[] doFinal = instance2.doFinal(decode);
C75446pfv.m13022e((Object) doFinal, "");
return new String(doFinal, pxn.f11244g);
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
/* renamed from: a */
public final String mo178264a(byte[] bArr) {
C75446pfv.m13004a((Object) bArr, "");
StringBuilder sb = new StringBuilder();
for (byte b : bArr) {
String hexString = Integer.toHexString(b & UnsignedBytes.MAX_VALUE);
C75446pfv.m13022e((Object) hexString, "");
if (hexString.length() == 1) {
sb.append('0');
}
sb.append(hexString);
}
String sb2 = sb.toString();
C75446pfv.m13022e((Object) sb2, "");
return sb2;
} public final char[] mo178270d(String str, String str2, String str3, String str4) {
C75446pfv.m13004a((Object) str, "");
C75446pfv.m13004a((Object) str2, "");
C75446pfv.m13004a((Object) str3, "");
C75446pfv.m13004a((Object) str4, "");
try {
String c = mo178268c(str, str4, str2, str3);
byte[] bytes = (str4 + "|" + c).getBytes(pxn.f11244g);
C75446pfv.m13022e((Object) bytes, "");
String encodeToString = Base64.encodeToString(bytes, 2);
C75446pfv.m13022e((Object) encodeToString, "");
char[] charArray = encodeToString.toCharArray();
C75446pfv.m13022e((Object) charArray, "");
return charArray;
} catch (Exception e) {
e.printStackTrace();
char[] charArray2 = "".toCharArray();
C75446pfv.m13022e((Object) charArray2, "");
return charArray2;
}
}The payment for this project is negotiable and will be determined based on the complexity of the task.
If you have the expertise and are interested in working on this project, please feel free to reach out by commenting here or sending me a private message.
19:36 UTC
CGM app blacklists most phones for no reason
XDA Thread: https://forum.xda-developers.com/t/cgm-app-blacklists-the-majority-of-phones-and-android-versions.4569881/
Greetings.
I and most of my diabetic friends I know have Medtronic braded CGMs for controlling our diabetes. The device is attached to the body and is used to monitor glucose levels in your body.
The problem is that it blacklists the majority of Android phones. There's only a handful of devices it is allowed to work on, and this is the list.
I own a Nokia G20 and as a result, I am unable to use my phone with my CGM. Even if I manually install the APK on it, the app still refuses to run on my phone.
I tried reverse engineering the APK file with a tool to try to remove this restriction, but since I lack the understanding of Android app development, reverse engineering and Java, I was unable to do anything significant, although I did find a folder containing the code for whitelisting various devices.
The only option I have for using my CGM is to replace my current phone (which is pretty expensive, plus the effort of copying all of my files and applications over is not really worth it) or to get an older secondary phone for the sole reason of using it for my CGM (which I did). I end up frequently losing my secondary phone, and having ungodly levels of blood glucose because of it. It would mean a lot for us, diabetics if someone were to reverse engineer this piece of software and bypass the restrictions for the app to run on every android smartphone.
Thanks in advance.
14:30 UTC
U-boot variables on a Luma Mesh Router: Product_test_mode and port 5001 creates a connection!
Edit: Title should say port 10000
The Luma mesh system has a product test mode variable in u-boot. Is this being past to the booting system, or is this being used by U-boot in some way?
Second thing, if I use curl to connect to localhost:10000, it creates a connection that looks like a terminal window. Where's the best place to start looking for the code that's running that?
19:51 UTC
Youtube Channel for Android Reverse Engineering (LaurieWired)
I am launching a YouTube channel focused on the field of reverseengineering, with a specific emphasis on cross-platform and mobilemalware.
https://www.youtube.com/@lauriewired
I've created in-depth tutorials, walkthroughs, and analysis of real-world malware samples, aimed at educating and informing security professionals, hobbyists, and anyone with an interest in the field.
To kick things off, I have prepared five videos that will provide a comprehensive start to the world of Android Malware, with more soon to come.
19:04 UTC
Reverse engineering windows network driver for linux 6.0.0 64bit
can you help? additional details can be provided.
*cant connect to internet on machine *access to a windows machine with cd drive and blank cd/dvd *can discover wireless adapter on linux machine, can discover wireless networks, can “connect” to wireless networks, but doesnt actually let me use the internet.
17:47 UTC
Friendly Reverse Engineering Service
Are you in need of expert reverse engineering services? Look no further! Our team specializes in de-obfuscating code, bypassing integrity checks, and creating bots. With years of experience and a deep understanding of the latest techniques in reverse engineering, you can trust us to get the job done right. Our services are fast, reliable, and affordable. Don't let complex code stand in the way of your success. Message me today to learn more and get started.
16:30 UTC
I'm trying to get a job, however, I have to be able to "use existing frameworks to develop novel solutions and reverse-engineer designs." but I don't even know where to start or what this even means.
11:09 UTC
Second lang to go for after Python?
Wdyt on newcomers just starting to get the python language using web frameworks, Soup, Bs, Selenium drivers, Json's and authentication, just becoming efficent enough to do reverse engineering and making their own exploit's with python code ? Is it better to learn c++ or asm afterwards.
Note: I'm talking about network exploiting, system exploiting etc.
21:17 UTC
Installing Triton in fresh linux VM step-by-step guide (hairpull-free edition)
This is a step-by-step guide to installing Triton on an out-of-the box linux distro. I put it together primarily for my own future reference to avoid the same obstacles I ran into initially, but hope it might help someone else too.
If you're trying to use it on Windows with the AppVeyor binaries, I’ve covered some pitfalls you might run into with those at the bottom.
If you’re unfamiliar with Triton, it’s an open source Python and C++ library for symbolic/concolic execution, taint analysis, code lifting, and a laundry list of other features they can explain a lot better than I can. Check out Jonathan’s blog at shell-storm and the examples that come with it to get an idea of what you can do with it:
https://github.com/JonathanSalwan/Triton
I also highly recommend the last few chapters of https://practicalbinaryanalysis.com/ (Practical Binary Analysis) for more info (you can find a free pdf of it if you look around a bit)
Linux installation
Building Triton requires several dependencies that aren't explicitly mentioned in the installation instructions, and in some cases getting it up and running requires some additional steps afterward.
I haven't installed the LLVM or other tie-ins this go around, but I'll try to circle back and update this when I get around to dealing with them
Go grab a clean linux image from somewhere like https://www.osboxes.org/ubuntu/ and set it up.
It doesn't have to be Ubuntu.
If you're using VMWare, the download may only have the .vmkd drive image without the settings file, but you can create a new VM with it following along here: https://kb.vmware.com/s/article/2010196
If installing to a VM, open this page in a browser on your VM since it will be easier to copy and paste.
After you get that all setup, booted, and logged in, open up a terminal (Ctrl-Alt-T usually)and go ahead and update everything:
$ sudo apt update
$ sudo apt -y upgrade
Let it do its thing, and restart if it asks you to.
(If you get a grub update on a VM, you probably want to select the core hd (eg. /dev/hda) by either clicking it if it lets you, or moving the cursor there and hitting spacebar to [*] it)
Next up:
$ sudo apt -y install python3 python3-dev build-essential libboost-all-dev git z3 libz3-dev
You need cmake 3.20+.
The newest version in your repository is likely 3.18 currently.
On Unbuntu, it’s straightforward to get:
$sudo snap install cmake --classic
On Debian you can either install snap or go to https://cmake.org/download/, download the linux binaries, and try to figure out how to install those.
Installing snap is a lot easier:
$ sudo apt -y install snapd
$ sudo snap install core
$ sudo snap install cmake --classic
$ cmake --version
It should be at least version 3.20. If it says “command not found”, try:
$ sudo ln /snap/bin/* /usr/bin
$ cmake --version
Installing capstone:
$ git clone -b next https://github.com/capstone-engine/capstone
$ cd capstone
$ ./make.sh
$ sudo ./make.sh install
$ cd ..
Here comes our boi:
$ git clone https://github.com/JonathanSalwan/Triton
$ cd Triton
$ mkdir build
$ cd build
$ cmake ..
$ make -j3
$ sudo make install
Look at the last line of the installation output to see where the triton python lib went
Eg.: -- Installing: /usr/local/lib/python3.10/site-packages/triton.so
Make sure normal users can execute it (the permissions were wrong on mine)
$sudo chmod +x /usr/local/lib/python3.10/site-packages/triton.so
If you look at the 2nd " -- Installing" line earlier in the output you'll also see a file like "/usr/local/lib/libtriton.so" which you’ll probably need to do the same thing to
Now we have to make sure python can find it.
Run the following and see if the base dir to triton.so is listed
Eg.: "/usr/local/lib/python3.10/site-packages/"
$ python3 -c "import sys; print(sys.path)"
If not, we're going to need to add it, again replacing the site-packages path with
wherever you're triton.so went:
$ SITEDIR=$(python3 -m site --user-site)
$ mkdir -p "$SITEDIR"
$ echo "/usr/local/lib/python3.10/site-packages/" > "$SITEDIR/triton.pth"
And that should do it.
Go try to import it and make sure you don't get any errors:
$ python3
*Python 3.10.6 (main, Oct 12 2022, 11:40:04) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.*
>>> from triton import *
>>> ctx = TritonContext()
>>>
Then go run the example files and make sure they work correctly
Windows notes
I haven't tried building from source for Windows yet, but if you use the pre-compiled AppVeyor binaries, be sure to look at exactly what version of python was specified in the build directives, because the triton.pyd file ends up with pythonXY.dll hardcoded as a dependency (python36.dll in the most recent release as of writing.)
So you either need that version of python installed, or you might be able to get away with copying your newer pythonXY.dll over to whatever .dll name it's looking for if they're compatible (or patching triton’s IAT), and your system PATH (not PYTHONPATH here) needs to point to the directory that holds the pythonXY.dll it needs (which should have already been configured correctly when installing python, but double check if something isn't working.)
Then you need to make sure the folder that triton.pyd is in is reachable from PYTHONPATH.
It works pretty much the same as in linux (just a lot harder on the eyes):
C:\>FOR /F "delims=" %A IN ('py -3 -m site --user-site') DO set SITEDIR="%~A"
C:\>mkdir %SITEDIR%
C:\>echo "C:\path_to_triton.pyd_directory\" > %SITEDIR%\triton.pth
Be sure the path to the dir that contains triton.pyd goes in the .pth file, not the path to triton.pyd itself (eg. "C:\libs\", not "C:\libs\triton.pyd")
Also, of course make sure your version of python and triton are both x86 or x64. The unpacked x86 and x64 binaries have the same names, and you can't just rename them to keep up with it because their PyInit_ exports have to match the filenames.
If you're trying to work with both setups in the same Windows image you're going to have to make sure both the system PATH and PYTHONPATH are pointing in the correct places for whichever you're working on at the time. You're better off just keeping them on separate clean images and can get Windows VMs free directly from Microsoft:
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
They have time-trial limits on them, so just install what you need to, take a snapshot, then store all your plugins and whatever you're working on in a shared folder so you can reset later without missing a beat (that's pretty much what they tell you to do in the wall of text default desktop background that comes with them, so that's apparently fine with them.)
That's about all I've got for now. Hope it helps someone having similar issues.
19:36 UTC