Mastodawn

So I just fought the weirdest bug in a while: lately #Ghidra provides a #Python scripting interface based on #Jpype (PyGhidra).

I had this script where I thought I fixed a bug by referencing X.y.z instead of X.z. Except nothing changed, the buggy behavior is still there (the file output contains garbage).

I add logging, the logs appear and show everything is fine.

Add more logs, exceptions even (to stop at a specific state). They run and show all is fine.

After I restart Ghidra the bug is gone.

To be clear: there must be some kind of bytecode caching that affects my object reference but does not affect additional logging/exception throwing??

Any ideas?

N-gated Hacker News 5d ago

🎹🔧 Ah yes, a "gentle introduction" to the thrilling world of #hacking 40-year-old synth #firmware with Ghidra—because who doesn't want to spend their weekend squinting at ancient hex code? 😴 Just remember, you don't need the actual DX7 to follow along, because nothing says "fun" like emulating obscure 80s #tech. 🙃
https://ajxs.me/blog/Introduction_to_Reverse-Engineering_Vintage_Synth_Firmware.html #synths #Ghidra #retro #emulation #HackerNews #ngated

Introduction to Reverse-Engineering Vintage Synth Firmware - ajxs.me

A gentle introduction to reverse-engineering vintage synthesiser ROMs using the Ghidra disassembler.

buherator Oct 17

TIL if you want to change the config of the logging module in PyGhidra you have to reastart #Ghidra for the new config to take effect...

Bonus: There is a predefined `writer` stream object that you can use to log to the GUI console.

asher_davila

Oct 16

The recording of our @Defcon talk is now available. We shared our approach to reversing IoT and OT malware written in Go using a hybrid toolkit that blends AI with traditional analysis methods using #Radare2 , #Ghidra, and #BinaryNinja. Thanks to everyone who came out and stayed engaged through the technical hiccups that the venue had. We had to improvise and share a link for the slides on the spot.

https://youtu.be/TtPicirB6G4?si=rYtqB9rMUT-0Fh-T

#IoT #Reversing #AI #OT #Malware #ReverseEngineering

DEF CON 33 - Go Malware Meets IoT - Challenges, Blind Spots, and Botnets - Asher Davila

YouTube

NeuroWinter Oct 13

New post: Advantech printer driver heap bug, likely LPE. Details + repro: https://neurowinter.com/security/2025/10/09/Multiple-Expliots-in-Advantech-Printer-Driver/ #infosec #Windows #LPE #PrinterDriver #Advantech #ReverseEngineering #WinDbg #Ghidra #CWE190 #VulnerabilityResearch #Security

Advantech printer driver: heap corruption via Monochrome blit function (DrvRender_x64_ADVANTECH.dll)

Heap corruption in the Advantech TP-3250 printer driver due to 32-bit size arithmetic and unvalidated geometry in a CopyBits-style routine; reliable crash and likely local Privilege Escalation.

Alex Manson

Show thread

plaes Oct 13

Time to analyze these even/odd roms. After some bit fiddling with Python, I have a single "interleaved.bin" that can be loaded into Ghidra.
After loading it into Ghidra we can immediately see a first hint - address $0x04 contains a number: 0x7c8.

Beginning of the MC68k memory (first 0x100 bytes) contain a vector table and address 0x04 points to the "entry point".

And if we scroll to the address 0x7c8, we can see valid MC86k code.

#reverseengineering #flightsim #ghidra #hacking #m68k #md80

Show thread

psf Oct 12

As is becoming usual, when I don't understand what a new platform is doing, I reach for #ghidra first and ask questions later.

It has revealed the "save/restore screen" code emitted by TIGCC, as well as some hardware/OS version checks that I didn't know were there. That explains why my Hello World binary was larger than expected.

Further, it confirms that absolute addresses are stored as all-zeros, to be fixed up later (at program launch?) by the calculator OS's internal relocating-loader. (There is some mysterious binary junk at the end of the executable that looks like it might be a table involves somehow in these fixup's.)

#TiCalc #ti92

CyberKaida (サイバーかいだ)Oct 12

Malware analysis and threat hunting live!

https://twitch.tv/cyberkaida

#Ghidra #Malware #ThreatHunting #ReVa #VTuber

サイバーカイダ - Twitch

Malware analysis and threat hunting with Ghidra!

Twitch

CyberKaida (サイバーかいだ)Oct 5

Let's do some reverse engineering and threat hunting!

#Malware #ThreatHunting #Ghidra #ReverseEngineering #VTuber

https://twitch.tv/cyberkaida

サイバーカイダ - Twitch

Malware analysis and threat hunting with Ghidra!

Twitch

Begasus Sep 30

Outstanding update on Iaito, due to some missers from my side this went wrong on previous version, once the issue was sorted out things got back on par.
radare2/r2dec_js/r2ghidra and Iaito all updated for 32bit and 64bit, on riscv64 Iaito fails to build due to an issue with llvm12. Enjoy :)

radare2-6.0.4
r2dec_js-6.0.0
r2ghidra-6.0.2
iaito-6.0.4

#HaikuOS #haikuports #radare2 #Iaito #ghidra #reverseengineering #decompiler #opensource #software