Category Archives: Reversing

Posts about reverse code engineering (aka RCE, reversing, RE, reverse engineering)

German federals looking for trojan author – still

The German federals (BKA = Bundeskriminalamt, roughly the German equivalent to the FBI in the US) are still looking for someone with the qualifications to write what had been dubbed “Bundestrojaner” (literally: federal trojan) in 2008. This means that first … Continue reading

Posted in C/C++, EN, IT Security, Reversing, Software, Thoughts | Tagged , , | Comments Off

canyoucrackit.co.uk – yes we can ;)

So the British Government Communications Headquarters (GCHQ) wants to recruit smart people. Well, there should be enough around. Although they seem to look for some 1337 h4x0rz, not some serious people from all indicators. The original one (MD5: 1585DFECC90AE7549814DCE52CA4EDDA) filled … Continue reading

Posted in C/C++, EN, Germans have no notion of sarcasm, Programming, Reversing, Software | 1 Comment

Bundestrojaner gefunden?

Heute wurde ich, unabhängig voneinander, von mehreren Leuten auf die Geschichte mit dem angeblichen Fund des Bundestrojaners durch den CCC hingewiesen. Unabhängig davon, ob es sich um das handelt wovon alle Welt ausgeht, machte mich der bei F-Secure gezeigte Bildausschnitt … Continue reading

Posted in DE, Reversing, Software | 2 Comments

Eine neue Sau ist im Dorf …

… beziehungsweise wird durch’s Dorf getrieben: Hacker. Böse, fiese Hacker. Auf Begriffe muß man da nicht mehr achten (eigtl. sind Cracker gemeint). Glücklicherweise kommt ja jetzt das Cyber-Abwehrzentrum (was für ein Begriff, gell?) in Bonn. Das schlimme ist nur, daß … Continue reading

Posted in DE, Gedanken, Reversing | Comments Off

Two years later (update)

A new version of TortoiseCVS is available. Since I have largely parted with CVS, I just noticed now. Well, the issue reported in 2008 and closed as fixed is still not fixed. The respective piece of code looks exactly the … Continue reading

Posted in C/C++, EN, Programming, Reversing, Software | Tagged , | Comments Off

New IDA upgrade available (6.1)

Lovely. Hex-Rays released version 6.1 of IDA just today. I already requested my download and I am downloading as I type this. See the changes here. // Oliver PS: sadly it’s the first version where I don’t get a Linux … Continue reading

Posted in EN, Reversing, Software | Comments Off

F-Secure documentary about BRAIN

Watch it over here.

Posted in EN, IT Security, Reversing, Software | Comments Off

“The system cannot execute the specified program.”

There is a pretty interesting article over at winprogger.com about the problems connected with IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (set through /integritycheck ever since VS2005) and ERROR_INVALID_IMAGE_HASH (aka Win32 error code 577). Now, I’ve been fighting with this problem for two full days and … Continue reading

Posted in EN, IT Security, Programming, Reversing, Software | Tagged , , , | 4 Comments

Not a solution

A “solution” for the missing classic start menu in Windows 7 has been proposed to me by a friend. The license does not prohibit to look into it (only changing it is forbidden), so I loaded it quickly into IDA. … Continue reading

Posted in EN, Programming, Reversing, Software | Tagged , | Comments Off

Dear technical writer (@Microsoft)

You write in the documentation of NtDeviceIoControlFile. Deprecated. Builds descriptors for the supplied buffer(s) and passes the untyped data to the device driver associated with the file handle. NtDeviceIoControlFile is superseded by DeviceIoControl. Could you please be a little more … Continue reading

Posted in EN, Reversing | Comments Off

Annoyance in TortoiseCVS fixed

Quite a while ago I reported a bug in TortoiseCVS 1.10.x (the Unicode versions) which more or less affects everyone that is using an alternative file manager. I for one use SpeedCommander and can highly recommend it, although for non-German … Continue reading

Posted in /dev/null, Programming, Reversing | Tagged , | Comments Off

Conficker tools

A team of two German researchers has devised a method to detect Conficker (in its known variants) through the RSA keys which originally have been used by the Conficker authors against anyone attempting to fool Conficker into updating from an … Continue reading

Posted in EN, IT Security, Programming, Reversing | Comments Off

Yippie! IDA 5.4 Pro released …

My personal highlight is still the Bochs debugger, but I am sure I’ll take the chance and also look into the newly acquired kernel debugging features. Check out the highlights over here. // Oliver

Posted in EN, Reversing | Comments Off

IDA 5.4 Pro Beta released

Hex-Rays has released a beta of the upcoming version 5.4 of IDA. I was lucky enough to be allowed for the beta-test and the first new thing I noticed was that the command line field now had a button in … Continue reading

Posted in EN, Reversing | Comments Off

Schünemann will Internetzugänge effektiv abschaffen

Wie Heise berichtet, will der niedersächsische Innenminister (natürlich CDU) im Kampf gegen Kinderpornographie im Internet die Kunden von Internetzugängen zwingen eine Filtersoftware zu installieren. Und einige meinen nur der verehrte Dr. Schäuble säße allein in der Fraktion der Verfassungsgegner. Obwohl … Continue reading

Posted in DE, IT Security, Programming, Reversing | Comments Off

For all IDA friends …

The fix to the memory sync problem in the debugger (5.3) has been fixed. You’ll need to upload your key to get the fix.

Posted in EN, Reversing, Software | Comments Off

CreateRemoteThread, Vista and separate sessions

Recently I’ve hit a wall during development. I had written a nice workaround for a problem, based on code injection. In fact the code wasn’t injected by loading a DLL but instead by loading relocatable (32bit) code of less than … Continue reading

Posted in /dev/null, IT Security, Programming, Reversing | 24 Comments

Two weeks after beta: IDA Pro 5.3 released

Those who haven’t heard the news, get your update now. Here’s a link to the update-request page. NB: According to Ilfak, the debugger has seen major improvements. // Oliver PS: Don’t forget to get the new SDK and the support … Continue reading

Posted in EN, Reversing, Software | Comments Off

Yummy

I’ve upgraded to IDA Pro Advanced 5.2 recently and I really really like it. Good job as always, Ilfak! // Oliver

Posted in Reversing, Software | Comments Off

IDA 4.9 Freeware

… and no more excuses from those pirating IDA. Datarescue made a freeware version 4.9 of IDA available for download. In the scope of IDA Palace, I have mirrored the files on two more servers. One of the servers is … Continue reading

Posted in EN, IT Security, Programming, Reversing, Software | 3 Comments