| Website | https://washi.dev |
| GitHub | https://github.com/Washi1337 |
| https://twitter.com/washi_dev | |
| BlueSky | https://bsky.app/profile/washi-dev.bsky.social |
After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering.
As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings).
馃憠https://blog.washi.dev/posts/recovering-nativeaot-metadata/
#AsmResolver 6.0.0-beta.3 just got pushed to NuGet!
More bugs were found and squashed. We are closing in on a full release with most of the public API being stable.
Get it on GitHub or NuGet 馃憠 https://github.com/Washi1337/AsmResolver/releases/tag/v6.0.0-beta.3
#AsmResolver 6.0.0-beta.2 has been released
This is a maintenance release that addresses many regressions introduced by the refactors in 6.0.0-beta.1.
Get it on NuGet or GitHub
馃憠 https://github.com/Washi1337/AsmResolver/releases/tag/v6.0.0-beta.2
I just published my writeups for all challenges of #flareon11:
馃憠 https://blog.washi.dev/posts/flareon11/
馃憠 https://washi1337.github.io/ctf-writeups/writeups/flare-on/2024/
Hope you like them as much as I liked writing them!
#AsmResolver 5.5.1 is out!
This is a maintenance release, adding #dotnet 8.0 targets and fixes issues related to type signatures, CIL optimizations, as well as some rare edge cases in .NET metadata directory parsing.
Get it on GitHub/NuGet:
馃憠 https://github.com/Washi1337/AsmResolver/releases/tag/v5.5.1
Did you know you could write entire #csharp programs just by using the "await" keyword?
OK, well not really, but I spent some weekends developing AwaitFuscator: A (dumb) #obfuscator that turns your #dotnet program into nothing but "await" expressions!
"Noo! Ghidra has such a bad UI! IDA is much better!"
Explain to me: In what world does a hex view need column selection that crosses multiple columns (and beyond) and disappears upon scrolling?
The decompiler may be good but I genuinely don't see how people put up with IDA's UI.
I wrote a quick post with my thoughts on the recent VMProtect leaks, and why I think it is a bad thing in general:
馃憠 https://blog.washi.dev/posts/on-the-vmp-leak-and-why-it-is-bad/
You may have seen the recent word about the VMProtect source being leaked to various openly accessible places like GitHub. For obvious reasons I won鈥檛 link it here, but from the brief looks that I got, it indeed looks sophisticated enough that it could be the real deal. People embraced this news as a great thing, an early 2023 Christmas gift to the reversing community:
Ever tried #reversing #dotnet binaries compiled with #nativeaot? I decided to publish some of my (hacky) #ghidra scripts that may help you out with mundane tasks like finding strings.
馃憠https://github.com/Washi1337/ghidra-nativeaot
The scripts could probably use some work but at least it's a start馃槂
Helper scripts for analyzing NativeAOT compiled .NET binaries with Ghidra - GitHub - Washi1337/ghidra-nativeaot: Helper scripts for analyzing NativeAOT compiled .NET binaries with Ghidra
benjojo