| GitHub | https://github.com/yeggor |
The embargo is over, so here it is: https://coderush.me/hydroph0bia-part1/
I can't stress the "NEVER USE NVRAM AS TRUSTED STORAGE" part harder, but now we all have a very nice example of a thing to not ever do, or have your SecureBoot and FW updater signing being vulnerable to all people who can set non-volatile RT variables by calling a dedicated OS API.
The DWARF debug format is well-known for debugging executables,
but it is also an effective format for sharing reverse engineering information
across various tools, such as IDA, BinaryNinja, Ghidra, and Radare2.
In this blog post, I introduce a new high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
https://lief.re/blog/2025-05-27-dwarf-editor/
(Bonus: The blog post includes a DWARF file detailing my reverse engineering work on DroidGuard)
We're are happy to announce a new release of our #Rust bindings for
@HexRaysSA idalib.
What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: https://idalib.rs
PSA: If you want to test updating your UEFI KEK before everyone else, you can do `fwupdmgr enable-remote lvfs-testing` and then `fwupdmgr update` -- not all vendors are uploaded yet, and the CDN is still syncing -- so it might be a few hours before they're all visible.
See https://fwupd.github.io/libfwupdplugin/uefi-db.html for more details. The UEFI db update that uses the KEK update will follow soon. You also need fwupd 2.0.9 -- which is kinda new -- but now available in Fedora 42 if that helps.
We've been teasing it for a while, but the full features of Firmware Ninja are officially available on dev and will be in the 5.0 release later this month! Doing reverse engineering of embedded firmware? Check out how FWN can make your life better:
Wow, __builtin_dump_struct is an amazing clang feature, how did I never hear about this before?
Nikolaj Schlej
Romain THOMAS
xorpse
Tamas K Lengyel
Richard Hughes
Binary Ninja
PagedOut$ cat test.c
#include <stdio.h>
struct nested {
int n;
};
struct foo {
int member_a;
unsigned long member_b;
char *str;
void *ptr;
struct nested nested;
};
int main(void) {
struct foo f = {
.member_a = 123,
.member_b = 0x4141414141414141,
.str = "foobar",
.ptr = &f,
.nested = {.n = 42}
};
__builtin_dump_struct(&f, printf);
}
$ clang -o test test.c && ./test
struct foo {
int member_a = 123
unsigned long member_b = 4702111234474983745
char * str = "foobar"
void * ptr = 0x7fff1df41b78
struct nested nested = {
int n = 42
}
}
The original version of this feature was introduced back in 2018 (though it was reimplemented since in 2022).
There are still some missing boot structures to fill, bot overall now go-boot can find and allocate memory for relocating a complex Linux kernel, RAM disk and switch to it.
Here shown the latest Arch Linux kernel and ram disk booted by a pure Go UEFI boot manager.
The Meta Bug. The story of a bug that affects itself by preventing its own resolution.
There are still some missing boot structures to fill, bot overall now go-boot can find and allocate memory for relocating a complex Linux kernel, RAM disk and switch to it.
Here shown the latest Arch Linux kernel and ram disk booted by a pure Go UEFI boot manager.
Andrea Barisani
Little Snitch