rizin
QEMU
rizin | QEMU | |
---|---|---|
46 | 190 | |
2,466 | 9,385 | |
3.2% | 2.5% | |
9.8 | 10.0 | |
2 days ago | 3 days ago | |
C | C | |
GNU Lesser General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rizin
-
Refix: Fast, Debuggable, Reproducible Builds
Just for the record, for nicer inspection of files with such debug information, including compressed sections, and debuginfod support, Rizin[1] can be used, since starting from the 0.7.0 release[2] all of those were added.
[1] https://rizin.re
[2] https://github.com/rizinorg/rizin/releases/tag/v0.7.0
- LLM4Decompile: Decompiling Binary Code with LLM
-
Revng translates (i386, x86-64, MIPS, ARM, AArch64, s390x) binaries to LLVM IR
Rizin[1] is also able to uplift native code to the new RzIL, which is based on the BAP Core Theory[2] and is essentially an extension of SMT theories of bitvectors, bitvector-indexed arrays of bitvectors and effects[3].
[1] https://rizin.re/
[2] https://binaryanalysisplatform.github.io/bap/api/master/bap-...
[3] https://github.com/rizinorg/rizin/blob/dev/doc/rzil.md
-
The Hiew Hex Editor
Everything Hiew can do, Rizin[1] can do too, and is completely free and open source[2] under LGPL3 license. Moreover, it supports more architectures, platforms, and file formats, as well as GUI in Qt - Cutter[3][4]. If something is missing in Rizin but presented in Hiew, please let us know by opening the issue with details.
[1] https://rizin.re
[2] https://github.com/rizinorg/rizin
[3] https://cutter.re
[4] https://github.com/rizinorg/cutter
- Rizin – Free and Open Source Reverse Engineering Framework
-
Show HN: I spent 6 months building a new C debugger as a 17-year-old
This is precisely what we are trying to do at Rizin[1][2]. Though the primary goal of the tool/framework is static analysis. All that portability across OSes, their versions, platforms and architectures, etc is definitely hard. If anyone is interested in these subjects, all contributions are welcome. For example, check out our "RzDebug" label, marking debugging issues[3].
[1] https://rizin.re
[2] https://github.com/rizinorg/rizin
[3] https://github.com/rizinorg/rizin/labels/RzDebug
- Rizin release 0.6.2
-
If you're interested in eye-tracking, I'm interested in funding you
Okay, so, your comment about a "Dasher + Guitar Hero music theory/improvisation practice program" just sent me down a huge rabbit hole...
Well, rabbit hole(s) plural, I guess, most not directly related. :D
Largely because I made the "mistake" of looking at your HN profile & discovering you're also in NZ & we seem to have somewhat overlapping interests (and an affinity for "bacon" in account names, apparently), so, some thoughts[0]... :)
# Topic 1: Nissan Leaf VSP hacking
After reading your recent posts (https://ianrrees.github.io//2023/07/03/vsp-hacking.html & https://ianrrees.github.io//2023/08/05/voltage-glitch-inject...) on this topic & noting your remark about wanting to try reverse engineering a firmware image, I found the following thesis PDF (via a brief google search for `"reverse engineer" "firmware" "Renesas"`):
* "AUTOMOTIVE FIRMWARE EXTRACTION AND ANALYSIS TECHNIQUES" by Jan Van den Herrewegen https://etheses.bham.ac.uk/id/eprint/11516/1/VandenHerrewege...
Not really what I was anticipating finding but seems relevant to your interests--I don't think it was already in your resource list.
While the thesis addresses the Renesas 78K0 rather than the Renesas 78K0R, from a brief look at the "Flash Protection" PDF Application Note in your resource list it seems there's a large overlap.
Perhaps most significantly the author presents "novel methods" that combine bootloader binary analysis with constraint-based power glitching in an effort to improve on the results described in "Shaping the Glitch".
While I haven't read the entire 186 pages :D they theorize that using their approach extracting 8kB firmware might only take ~10 hours.
And, most helpfully, they even published their source code under the GPL here: https://github.com/janvdherrewegen/bootl-attacks
So, an interesting adjacent read even if it turns out not to be directly applicable to your situation.
Given I have an interest in & a little experience with firmware reversing my original thought was to maybe provide some hopefully helpful references that more generically related to firmware reversing but more specific is good too, I guess. :)
In terms of reverse engineering tooling, I've used Rizin/Cutter/radare2 previously: https://rizin.re https://cutter.re
On the CAN tooling/info front, you might be interested in taking a look at my "Adequate CAN" list which I originally wrote-up for a client a couple years ago: https://gitlab.com/RancidBacon/adequate-can
Some other probably outdated reverse engineering tooling links of mine: https://web.archive.org/web/20200119074540/http://www.labrad...
In terms of how to approach RE, other than just "getting started & digging in" & learning by doing, I've sometimes found it informative to read other people's firmware reverse engineering write-ups to learn about potentially useful approaches/tools.
Anyway, hopefully some of this is helpful!
[0] I have a tendency to be a little... "verbose" and/or "thorough" (depending on one's POV :) ) so I'll probably split this over a couple of comments, in case I run out of steam while writing and for topic separation.
- Rizin release v0.6.1
-
Veles – A new age tool for binary analysis
See our FAQ[1] on why we forked. As three years passed and both projects are actively developed, the divergence has grown a lot since. We aim for exposing the proper API instead of relying just commands, see e.g. our new Python bindings and rz-bindgen[2]. We have completely different concept of projects, new intermediate language - RzIL[3], and many other things. And under the new organization Cutter is a first-class citizen, not an afterthought as before.
[1] https://rizin.re/posts/faq/
[2] https://rizin.re/posts/gsoc-2022-rz-bindgen/
[3] https://github.com/rizinorg/rizin/blob/dev/doc/rzil.md
QEMU
-
QEMU Version 9.0.0 Released
My most-wanted QEMU feature: https://github.com/qemu/qemu/commit/a2260983c6553
Using `gic-version=3` on macOS you can now use more than 8 cores on ARM chips.
-
Autoconf makes me think we stopped evolving too soon
A better solution is just to write a plain ass shell script that tests if various C snippets compile.
https://github.com/oilshell/oil/blob/master/configure
https://github.com/oilshell/oil/blob/master/build/detect-pwe...
Not an unholy mix of m4, shell, and C, all in the same file.
---
These are the same style as a the configure scripts that Fabrice Bellard wrote for tcc and QEMU.
They are plain ass shell scripts, because he actually understands the code he writes.
https://github.com/qemu/qemu/blob/master/configure
https://github.com/TinyCC/tinycc/blob/mob/configure
OCaml’s configure script is also “normal”.
You don’t have to copy and paste thousands of lines of GNU stuff that you don’t understand.
(copy of lobste.rs comment)
-
WASM Instructions
Related:
A fast Pascal (Delphi) WebAssembly interpreter:
https://github.com/marat1961/wasm
WASM-4:
https://github.com/aduros/wasm4
Curated list of awesome things regarding WebAssembly (wasm) ecosystem:
https://github.com/mbasso/awesome-wasm
Also, it would be nice if there was a WASM (soft) CPU for QEMU, which (if it existed!) would go here:
https://github.com/qemu/qemu/tree/master/target
-
Revng translates (i386, x86-64, MIPS, ARM, AArch64, s390x) binaries to LLVM IR
> architectural registers are always updated
In tiny code, the guest registers (global TCG variables) are stored in the host's registers until you either call an helper which can access the CPU state or you return (`git grep la_global_sync`). This is the reason why QEMU is not so terribly slow.
But after a check, this also happens when you access the guest memory address space! https://github.com/qemu/qemu/blob/master/include/tcg/tcg-opc... (TCG_OPF_SIDE_EFFECTS is what matters)
But still, in the end, it's the same problem. What QEMU does, can be done in LLVM too. You could probably be more efficient in LLVM by using the exception handling mechanism (invoke and friends) to only serialize back to memory when there's an actual exception, at the cost of higher register pressure. More or less what we do here: https://rev.ng/downloads/bar-2019-paper.pdf
-
State of x86-64 emulation of non-MacOS binaries
Um, in case you don't know, UTM (based on QEMU) is out for quite a while.
-
Multipass: Ubuntu Virtual Machines Made Easy
Some of these tools include Oracle VM VirtualBox (that I've used since before the acquisition of Sun Microsystems by Oracle), VMWare Workstation Player, and QEMU, but last year, I found out about Multipass.
-
Libsodium: A modern, portable, easy to use crypto library
For C/C++ projects that use meson as the build system, there is an excellent way to manage dependencies:
https://mesonbuild.com/Wrapdb-projects.html
https://mesonbuild.com/Wrap-dependency-system-manual.html
meson will download and build the libraries automatically and give you a variable which you pass as a regular dependency into the built target:
https://github.com/qemu/qemu/tree/005ad32358f12fe9313a4a0191...
https://github.com/harfbuzz/harfbuzz/tree/main/subprojects
https://github.com/harfbuzz/harfbuzz/blob/37457412b3212463c5...
Or, if you're using proper operating systems, they're managed by the usual package manager, just like everything else.
-
Top 6 Virtual Machine Software in 2023
For all the users of the Linux platform, QEMU is the VM that you should go for. This software comes without any price tag and works as an emulator of various machines with utmost ease and completion; the software uses dynamic translations to emulate hardware peripherals and enhances its overall performance. If you are using QEMU as a virtualizer, then it will function exactly like the host system (provided you have the right set of hardware).
- Show HN: I'm 17 and wrote this guide on how CPUs run programs
-
UTM for Developers
In this tutorial, we set up macOS and Windows virtual machines on UTM, a macOS application that provides a GUI wrapper for QEMU, a powerful open-source emulator and virtualizer. UTM allows you to easily manage and run virtual machines without memorizing complex commands. It also has special handling for macOS, making it simpler to install compared to other virtual machine software.
What are some alternatives?
radare2 - UNIX-like reverse engineering framework and command-line toolset
UTM - Virtual machines for iOS and macOS
ghidra - Ghidra is a software reverse engineering (SRE) framework
TermuxArch - Experience the pleasure of the Linux command prompt in Android, Chromebook, Fire OS and Windows on smartphone, smartTV, tablet and wearable https://termuxarch.github.io/TermuxArch/
cutter - Free and Open Source Reverse Engineering Platform powered by rizin
Unicorn Engine - Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
r2ghidra - Native Ghidra Decompiler for r2
Vagrant - Vagrant is a tool for building and distributing development environments.
Kaitai Struct - Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby
xemu - Original Xbox Emulator for Windows, macOS, and Linux (Active Development)
rz-ghidra - Deep ghidra decompiler and sleigh disassembler integration for rizin
em-dosbox - An Emscripten port of DOSBox