@_vient_ profile picture
vient @_vient_

Reverse Engineer | C/C Developer | Bushwhackers CTF team

Joined September 2012
  • Tweets 178
  • Following 403
  • Followers 232
11 Photos and videos
vient retweeted
Eldar Zaitov@kyprizel
18 Jan 2022
Yandex School of Information Security is back: academy.yandex.ru/schools/sh…
4
10
vient@_vient_
29 Dec 2021
How to make Hex-Rays decompile functions with frames larger than 1MB: 1. Open hexrays.dll/hexx64.dll in IDA, decompile all 2. Search for number 4294967287 (error Stack frame too big) 3. Look for two comparisons with 0x100000 nearby, patch this limit to whatever you want
1
1
4
vient@_vient_
29 Dec 2021
Still waiting to see this limit as an option in hexrays.cfg...
1
vient@_vient_
6 Jan 2022
As revealed from conversation with support, I was the only one to have (read: have license and report) this problem so far. Maybe it is indeed such a rare scenario to have stack frame larger than 1MB, dunno
vient@_vient_
31 Dec 2021
Wrote a small Hex-Rays plugin to support x86 MOVBE instruction (fused MOV BSWAP): github.com/vient/ida_movbe_l… Even with MicroAVX sources on hand it still took like 8 hours to just insert intrinsic calls in Hex-Rays, official docs are very good 🤥
Before, MOVBE inserted as inline assembly, Hex-Rays loses data flow

ALT Before, MOVBE inserted as inline assembly, Hex-Rays loses data flow

After, with intrinsics inserted everything is smooth

ALT After, with intrinsics inserted everything is smooth
2
vient@_vient_
29 Jun 2020
It's pretty easy to write processor extensions for IDA (see github.com/0xAlexei/WindowsD…), on 0CTF it occured to me that they can be used to "patch" the binary to ease reverse. Example: you want to replace short JMP (2 bytes) at address X with long one (5 bytes) - you have a problem.

3
6
more replies
vient@_vient_
29 Jun 2020
Of course it only patches instructions in IDA, but if you only need static, that's enough. For example, CFG from code1_.bin before (flattened) and after loading the extension:
1
vient@_vient_
29 Jul 2020
... aaand I just discovered that all instructions can be found in ida_allins module. But which prefix do you use for x86 instructions? X86? X8664? PC? Right, of course it's NN — ida_allins.NN_jmp is 0x56.
2
vient retweeted
PaulCh@__paulch
25 Jul 2020
Seems like I have finally started a blog! Hunting for bugs in VirtualBox (First Take) blog.paulch.ru/2020-07-26-hu…

1
75
211
vient@_vient_
17 Jun 2020
Made a context menu launcher for IDA which automatically chooses 32 or 64-bit version based on `file` output run in WSL: gist.github.com/vient/db5af9… Usage: right click on file, Open with IDA. Set your IDA_DIR env or change it in ida_launcher.bat

Add IDA to context menu. Download as ZIP, unpack to safe place (don't delete after!) and run...

Add IDA to context menu. Download as ZIP, unpack to safe place (don't delete after!) and run setup.bat. You will get "Open with IDA" in context menu. Requires WSL installe...

gist.github.com
2
1
2
vient@_vient_
17 Jun 2020
There are 2 problems: * There is blinking windows (cmd?) on launch. I tried "start /B ..." in context command, did not help. * IDA is started as "least priority" window, so you need to Shift Alt Tab to it. Does anybody know how to fix any of them?
1
vient@_vient_
17 Jun 2020
So I "solved" first problem by using this abomination as a `command`: cmd /c start "" /MIN cmd /c ""path_to_launcher.bat" "%1"" And second one by sleeping a bit in script (yeah, ping 127.1 actually). Sadly, there is now minimized cmd.exe for a second after clicking.
vient@_vient_
13 Apr 2020
> Planning the journey? Very fun, Microsoft.
1
3
vient retweeted
Solar Designer@solardiz
1 Dec 2019
Memory corruption vulnerabilities in VNC protocol implementations, research by @__paulch: ics-cert.kaspersky.com/repor… x.com/__paulch/status/119460…

PaulCh@__paulch
13 Nov 2019
Today at @ZeroNights I presented research about memory corruption vulnerabilities in VNC. Full report in English will be available at ics-cert.kaspersky.com on the 22-th of November.
20
36
vient retweeted
Aria Desires@Gankra_
29 Aug 2019
Hey, I made a gallery of the things I've made while breaking Firefox's rendering code! Check it out! gankra.github.io/glitch/
7
42
271
vient retweeted
Vladimir Dashchenko@VDashchenko
11 Nov 2019
Kaspersky ICS CERT invites you to join the IoT Vulnerability Research and Exploitation Training at Security Analyst Summit 2020, April 6-9, Barcelona, Spain. Book your early-bird ticket now: thesascon.com/training or just ping me in DM!
7
5
vient retweeted
Robert Xiao@nneonneo
24 Sep 2019
Just published my writeup for CPU Adventure at DSCTF, wherein me, @zwad3, @thebluepichu and @jay_f0xtr0t reverse engineered a program written for a completely unknown, custom CPU with no access to the CPU, emulator or any documentation: robertxiao.ca/hacking/dsctf-…

[DSCTF 2019] CPU Adventure – Unknown CPU Reversing

or: reverse-engineering a custom, unknown CPU from a single programtl;dr: We reverse-engineered a program written for a completely custom, unknown CPU architecture, without any documentation for th…

robertxiao.ca
5
81
241
Load more