We're are happy to announce a new release of our #Rust bindings for
@HexRaysSA idalib.

What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: https://idalib.rs

H/T to our contributors @yegor & @raptor

https://github.com/binarly-io/idalib.git

Now this looks like a pretty kick ass project: FUZZUER: Enabling Fuzzing of
UEFI Interfaces on EDK-2 https://www.ndss-symposium.org/wp-content/uploads/2025-400-paper.pdf and source at https://github.com/BreakingBoot/FuzzUEr

PSA: If you want to test updating your UEFI KEK before everyone else, you can do `fwupdmgr enable-remote lvfs-testing` and then `fwupdmgr update` -- not all vendors are uploaded yet, and the CDN is still syncing -- so it might be a few hours before they're all visible.

See https://fwupd.github.io/libfwupdplugin/uefi-db.html for more details. The UEFI db update that uses the KEK update will follow soon. You also need fwupd 2.0.9 -- which is kinda new -- but now available in Fedora 42 if that helps.

We've been teasing it for a while, but the full features of Firmware Ninja are officially available on dev and will be in the 5.0 release later this month! Doing reverse engineering of embedded firmware? Check out how FWN can make your life better:

https://binary.ninja/2025/04/02/firmware-ninja.html

Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
https://pagedout.institute/?page=issues.php

Wow, __builtin_dump_struct is an amazing clang feature, how did I never hear about this before?

$ cat test.c
#include <stdio.h>

struct nested {
  int n;
};
struct foo {
  int member_a;
  unsigned long member_b;
  char *str;
  void *ptr;
  struct nested nested;
};

int main(void) {
  struct foo f = {
    .member_a = 123,
    .member_b = 0x4141414141414141,
    .str = "foobar",
    .ptr = &f,
    .nested = {.n = 42}
  };
  __builtin_dump_struct(&f, printf);
}
$ clang -o test test.c && ./test
struct foo {
  int member_a = 123
  unsigned long member_b = 4702111234474983745
  char * str = "foobar"
  void * ptr = 0x7fff1df41b78
  struct nested nested = {
    int n = 42
  }
}

The original version of this feature was introduced back in 2018 (though it was reimplemented since in 2022).

There are still some missing boot structures to fill, bot overall now go-boot can find and allocate memory for relocating a complex Linux kernel, RAM disk and switch to it.

Here shown the latest Arch Linux kernel and ram disk booted by a pure Go UEFI boot manager.

The Meta Bug. The story of a bug that affects itself by preventing its own resolution.

https://obdev.at/blog/the-meta-bug

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

Hi! The slides for my talk today at RE//verse 2025 (@REverseConf), "Reconstructing Rust Types: A Practical Guide for Reverse Engineers", are now published: https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025

It's been great to catch up with so many folks - if you're at the conference, come by and say hi!

The presentation was recorded, and the video will be published at a future date!

#reverseengineering #rust #rustlang #malware #infosec #REverse2025

We @binarly_io are pleased to announce a new release of our Rust bindings for @HexRaysSA IDA Pro (https://crates.io/crates/idalib) with support for the latest v9.1 release! Special thanks to @yegor for taking care of the changes needed to make everything compatible with this release!

rotfl https://hackerone.com/reports/2293343

GoBoot TamaGo unikernel booting on real x86-64 hardware!

I never experienced such control over what is running (and more importantly, on what is not) on my own laptop.

To me this is a game changer for pre-boot environment development.

We are thrilled to announce the winners of the 2024 Hex-Rays Plugin Contest!

🥇1st Place: hrtng
🥈2nd Place: aiDAPal
🥉3rd Place: idalib Rust bindings

Check out our reviews of the winners and other notable submissions here: https://hex-rays.com/blog/2024-plugin-contest-winners

Huge thank you to all participants for their innovative contributions. Your creativity continues to enhance the IDA community.

Hackers rejoice!

We are releasing the Phrack 71 PDF for you today!

Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!

The CFP is still open, you can find it and the PDF link at https://phrack.org

Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the incredible @pwissenlit 🫶

https://blog.quarkslab.com/being-overlord-on-the-steam-deck-with-1-byte.html

#fwupd 2.0.5 hot on the heels of the last release: https://github.com/fwupd/fwupd/releases/tag/2.0.5

It's got a lot of fixups for dbx deployment failures we saw in the real world. Some people wonder what we do with the LVFS JSON report metadata that gets uploaded, and this is the answer -- we see patterns, write known issue pages on the LVFS wiki and then fix the code for the next release. This release has 3 such fixes. :)

Well, this is not great: New speculative attacks on #Applesilicon CPUs: https://predictors.fail/

#apple #speculativeattack

A smart person looked at GitHub's auth and ouch.

https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/

#github #authentication

CrashXTS (CVE-2025-21210): a practical randomization attack against BitLocker (AES-XTS)

It's possible to find and corrupt a specific 16-byte block to leak unencrypted hibernation images.

https://dfir.ru/2025/01/20/cve-2025-21210-aka-crashxts-a-practical-randomization-attack-against-bitlocker/