JonasOct 5

I'm not at all a proponent of LLM, quite the opposite actually, but this would be the first positive outcome (among an endless sea of negative ones) : opening the heart at scale of every software and rendering proprietary and closed-source software model totally obsolete. A huge win for open source software in the long run.

via @justicerage

https://infosec.exchange/@justicerage/115135949145885711

Ivan Kwiatkowski (@[email protected])

Attached: 2 images Reverser friends, Gepetto has made huge leaps in the last weeks. I now consider it to be a decent IDA Pro agent. With zero interaction (gpt-5), it solved a crackme all on its own. I opened IDA, typed in the prompt, and it did everything. Prompt if you want to try it out: Analyze this crackme, starting from the main function, and using all the tools at your disposal, try to figure out what is the expected password. Rename everything you can in the process. File: https://crackmes.one/crackme/68b6a36b8fac2855fe6fba66

Infosec Exchange
Show threadF4GRX SébastienOct 5
@magnetic_tape @justicerage crackme appeared somewhere in the training corpus.
Show threadJonasOct 6
@f4grx
Haha that could be it
@justicerage
Show threadIvan KwiatkowskiOct 6
@magnetic_tape @f4grx Definitely not. I expose reverse-engineering tooling to the LLM and it is able to autonomously browse the code to understand what it does. This works on any binary, personally I use this for malware analysis
Show threadJonasOct 6
@justicerage
If that put and ends on 50 years of closed-source aka "(un)security by obscurity" model that's a good thing (greatly lessened by the destruction of natural resources by LLMs and power/water-hungry datacenters though)
@f4grx
Show threadIvan Kwiatkowski

@magnetic_tape @f4grx It "just" speeds up reverse-engineering. A lot. But conceptually, it won't end closed-source software any more than IDA Pro did in the past 20 years.

Reading ASM was always an option.

Oct 7 at 8:12pmWeb
Show threadJonasOct 8
@justicerage
I was not saying it will but it could, as reading assembly is for some people quite a high price of entry to RE
@f4grx