security researcher and reverse engineer
The embargo is over, so here it is: https://coderush.me/hydroph0bia-part1/
I can't stress the "NEVER USE NVRAM AS TRUSTED STORAGE" part harder, but now we all have a very nice example of a thing to not ever do, or have your SecureBoot and FW updater signing being vulnerable to all people who can set non-volatile RT variables by calling a dedicated OS API.
The DWARF debug format is well-known for debugging executables,
but it is also an effective format for sharing reverse engineering information
across various tools, such as IDA, BinaryNinja, Ghidra, and Radare2.
In this blog post, I introduce a new high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
https://lief.re/blog/2025-05-27-dwarf-editor/
(Bonus: The blog post includes a DWARF file detailing my reverse engineering work on DroidGuard)
We're are happy to announce a new release of our #Rust bindings for
@HexRaysSA idalib.
What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: https://idalib.rs
Now this looks like a pretty kick ass project: FUZZUER: Enabling Fuzzing of
UEFI Interfaces on EDK-2 https://www.ndss-symposium.org/wp-content/uploads/2025-400-paper.pdf and source at https://github.com/BreakingBoot/FuzzUEr
PSA: If you want to test updating your UEFI KEK before everyone else, you can do `fwupdmgr enable-remote lvfs-testing` and then `fwupdmgr update` -- not all vendors are uploaded yet, and the CDN is still syncing -- so it might be a few hours before they're all visible.
See https://fwupd.github.io/libfwupdplugin/uefi-db.html for more details. The UEFI db update that uses the KEK update will follow soon. You also need fwupd 2.0.9 -- which is kinda new -- but now available in Fedora 42 if that helps.
We've been teasing it for a while, but the full features of Firmware Ninja are officially available on dev and will be in the 5.0 release later this month! Doing reverse engineering of embedded firmware? Check out how FWN can make your life better:
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
https://pagedout.institute/?page=issues.php
Wow, __builtin_dump_struct is an amazing clang feature, how did I never hear about this before?
$ cat test.c
#include <stdio.h>
struct nested {
int n;
};
struct foo {
int member_a;
unsigned long member_b;
char *str;
void *ptr;
struct nested nested;
};
int main(void) {
struct foo f = {
.member_a = 123,
.member_b = 0x4141414141414141,
.str = "foobar",
.ptr = &f,
.nested = {.n = 42}
};
__builtin_dump_struct(&f, printf);
}
$ clang -o test test.c && ./test
struct foo {
int member_a = 123
unsigned long member_b = 4702111234474983745
char * str = "foobar"
void * ptr = 0x7fff1df41b78
struct nested nested = {
int n = 42
}
}
The original version of this feature was introduced back in 2018 (though it was reimplemented since in 2022).
There are still some missing boot structures to fill, bot overall now go-boot can find and allocate memory for relocating a complex Linux kernel, RAM disk and switch to it.
Here shown the latest Arch Linux kernel and ram disk booted by a pure Go UEFI boot manager.
The Meta Bug. The story of a bug that affects itself by preventing its own resolution.
You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
Hi! The slides for my talk today at RE//verse 2025 (@REverseConf), "Reconstructing Rust Types: A Practical Guide for Reverse Engineers", are now published: https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025
It's been great to catch up with so many folks - if you're at the conference, come by and say hi!
The presentation was recorded, and the video will be published at a future date!
#reverseengineering #rust #rustlang #malware #infosec #REverse2025
We @binarly_io are pleased to announce a new release of our Rust bindings for @HexRaysSA IDA Pro (https://crates.io/crates/idalib) with support for the latest v9.1 release! Special thanks to @yegor for taking care of the changes needed to make everything compatible with this release!
GoBoot TamaGo unikernel booting on real x86-64 hardware!
I never experienced such control over what is running (and more importantly, on what is not) on my own laptop.
To me this is a game changer for pre-boot environment development.
We are thrilled to announce the winners of the 2024 Hex-Rays Plugin Contest!
🥇1st Place: hrtng
🥈2nd Place: aiDAPal
🥉3rd Place: idalib Rust bindings
Check out our reviews of the winners and other notable submissions here: https://hex-rays.com/blog/2024-plugin-contest-winners
Huge thank you to all participants for their innovative contributions. Your creativity continues to enhance the IDA community.
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at https://phrack.org
Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the incredible @pwissenlit 🫶
https://blog.quarkslab.com/being-overlord-on-the-steam-deck-with-1-byte.html
#fwupd 2.0.5 hot on the heels of the last release: https://github.com/fwupd/fwupd/releases/tag/2.0.5
It's got a lot of fixups for dbx deployment failures we saw in the real world. Some people wonder what we do with the LVFS JSON report metadata that gets uploaded, and this is the answer -- we see patterns, write known issue pages on the LVFS wiki and then fix the code for the next release. This release has 3 such fixes. :)
Well, this is not great: New speculative attacks on #Applesilicon CPUs: https://predictors.fail/
