🇺🇦 Nate Warfield🌻

I accomplished a new milestone in my reverse engineering today. A colleague asked me to figure out how the “getfw” tool used in some Cisco images to decrypt firmware out of their downloadable images works so he could use Python to extract them at-scale.

So I threw it in IDA, narrowed in on a function called “fwdec” then dropped the assembly into ChatGPT … wait wut?

https://alperovitch.sais.jhu.edu/an-experiment-in-malware-reverse-engineering/

My good friend @jags recently showed that ChatGPT is extremely useful for RE newbs like me so I ran with it.

It was able to explain the assembly code was loading strings into memory and those strings?

OpenSSL decryption commands; including the passphrase, actually 2 passphrases (one from 2017, one from 2018). Worked like a charm once my colleague plugged it into his code and 100% of the images were decrypted.

Yeah, it’s not reversing stuxnet but considering it took me - with nearly zero IDA skills - under an hour to figure it out I thought it was pretty damn cool.

An Experiment in Malware Reverse Engineering – The Alperovitch Institute

Feb 3, 2023 at 1:33amWeb
Show threadJ. A. Guerrero-SaadeFeb 3, 2023
@n0x08 this is what I’ve been obsessing over! If it hadn’t been for ChatGPT I’m not sure we could’ve gotten twenty students of completely different backgrounds and technical skills to go through that course. I’m really glad you had a similar experience!
Show threadVissFeb 3, 2023

@jags @n0x08 yesterday, as a test and just for fun, i asked chatgpt to write me a python code snippett that I wrote myself backin 2010, when I was doing a bunch of redis research. i told it to write a script that did a bunch of stuff, in plain english.

it gave me code that worked, first try, and did exactly what I asked. i was gobsmacked.

then i asked it to make changes, and it did, successfully.

Show thread🇺🇦 Nate Warfield🌻Feb 3, 2023
@Viss @jags I got it to to write me a powershell clipboard monitor to swap BTC wallet addresses and a Python port scanner for an F5 (Python2, no scapy). It’s neat.
Show threadVissFeb 3, 2023
@n0x08 @jags i told it to take a script it had just written and said "multithread that", and .. it just "did".
Show threadJ. A. Guerrero-SaadeFeb 3, 2023
@Viss @n0x08 one of my favorites is dropping in buggy code and telling it to fix the bug. It’s decent at finding small bugs. It’s even better at fixing if you give it the error code within the same context thread.
Show threadJ. A. Guerrero-SaadeFeb 3, 2023
@n0x08 @Viss if you like the results generating python, try Golang! The formatting is so strict that the code output is basically fire ready.
Show threadVissFeb 3, 2023
@jags @n0x08 im taking over dev for orbital soon as these consulting gigs conclude, and i was very much not looking forward to that - but now? .. [evil cackling]
Show threadJ. A. Guerrero-SaadeFeb 3, 2023
@Viss @n0x08 it’s a serious game changer. Gotta wade past the ambulance chasers crying about it being ‘used by threat actors’ (as if threat actors aren’t doing just fine with open source tools) and see how insanely empowering it is for defenders.
Show thread🇺🇦 Nate Warfield🌻Feb 3, 2023
@jags @Viss not to give too much away but if I pull it off I’ll have a fantastic LABScon abstract about that 😉
Show threadJ. A. Guerrero-SaadeFeb 3, 2023
@n0x08 @Viss your mind is in the right place 😅
Show thread🇺🇦 Nate Warfield🌻Feb 3, 2023
@jags that article completely revitalized my desire to learn RE; there’s so many dumb questions I have that it ELI5’s for me. Game changing. Though it had some dumb issues, like it initially just “forgot” a character being MOV’d so the password was wrong 😆
Show threadGabriel KerneisFeb 3, 2023
@n0x08 @jags you may enjoy the following article that develops similar thoughts about ChatGPT as a teaching assistant: https://interconnected.org/home/2023/01/27/copilot
AI-generated code helps me learn and makes experimenting faster

Posted on Friday 27 Jan 2023. 795 words, 7 links. By Matt Webb.

Interconnected, a blog by Matt Webb
Show threadDaniel CuthbertFeb 3, 2023
@n0x08 @jags this is where i find ChatGPT to be frankly amazing and I do the same with code blocks that I sorta have an idea how I want to write it but not 100% sure
Show threadkeen456 keen456Feb 6, 2023
@n0x08 @jags Thanks for sharing this- it's one of the most fascinating uses I've seen.