rizin VS gcc

Just for the record, for nicer inspection of files with such debug information, including compressed sections, and debuginfod support, Rizin[1] can be used, since starting from the 0.7.0 release[2] all of those were added.

[1] https://rizin.re

[2] https://github.com/rizinorg/rizin/releases/tag/v0.7.0

Rizin[1] is also able to uplift native code to the new RzIL, which is based on the BAP Core Theory[2] and is essentially an extension of SMT theories of bitvectors, bitvector-indexed arrays of bitvectors and effects[3].

[1] https://rizin.re/

[2] https://binaryanalysisplatform.github.io/bap/api/master/bap-...

[3] https://github.com/rizinorg/rizin/blob/dev/doc/rzil.md

Everything Hiew can do, Rizin[1] can do too, and is completely free and open source[2] under LGPL3 license. Moreover, it supports more architectures, platforms, and file formats, as well as GUI in Qt - Cutter[3][4]. If something is missing in Rizin but presented in Hiew, please let us know by opening the issue with details.

[1] https://rizin.re

[2] https://github.com/rizinorg/rizin

[3] https://cutter.re

[4] https://github.com/rizinorg/cutter

This is precisely what we are trying to do at Rizin[1][2]. Though the primary goal of the tool/framework is static analysis. All that portability across OSes, their versions, platforms and architectures, etc is definitely hard. If anyone is interested in these subjects, all contributions are welcome. For example, check out our "RzDebug" label, marking debugging issues[3].

[1] https://rizin.re

[2] https://github.com/rizinorg/rizin

[3] https://github.com/rizinorg/rizin/labels/RzDebug

Okay, so, your comment about a "Dasher + Guitar Hero music theory/improvisation practice program" just sent me down a huge rabbit hole...

Well, rabbit hole(s) plural, I guess, most not directly related. :D

Largely because I made the "mistake" of looking at your HN profile & discovering you're also in NZ & we seem to have somewhat overlapping interests (and an affinity for "bacon" in account names, apparently), so, some thoughts[0]... :)

# Topic 1: Nissan Leaf VSP hacking

After reading your recent posts (https://ianrrees.github.io//2023/07/03/vsp-hacking.html & https://ianrrees.github.io//2023/08/05/voltage-glitch-inject...) on this topic & noting your remark about wanting to try reverse engineering a firmware image, I found the following thesis PDF (via a brief google search for `"reverse engineer" "firmware" "Renesas"`):

* "AUTOMOTIVE FIRMWARE EXTRACTION AND ANALYSIS TECHNIQUES" by Jan Van den Herrewegen https://etheses.bham.ac.uk/id/eprint/11516/1/VandenHerrewege...

Not really what I was anticipating finding but seems relevant to your interests--I don't think it was already in your resource list.

While the thesis addresses the Renesas 78K0 rather than the Renesas 78K0R, from a brief look at the "Flash Protection" PDF Application Note in your resource list it seems there's a large overlap.

Perhaps most significantly the author presents "novel methods" that combine bootloader binary analysis with constraint-based power glitching in an effort to improve on the results described in "Shaping the Glitch".

While I haven't read the entire 186 pages :D they theorize that using their approach extracting 8kB firmware might only take ~10 hours.

And, most helpfully, they even published their source code under the GPL here: https://github.com/janvdherrewegen/bootl-attacks

So, an interesting adjacent read even if it turns out not to be directly applicable to your situation.

Given I have an interest in & a little experience with firmware reversing my original thought was to maybe provide some hopefully helpful references that more generically related to firmware reversing but more specific is good too, I guess. :)

In terms of reverse engineering tooling, I've used Rizin/Cutter/radare2 previously: https://rizin.re https://cutter.re

On the CAN tooling/info front, you might be interested in taking a look at my "Adequate CAN" list which I originally wrote-up for a client a couple years ago: https://gitlab.com/RancidBacon/adequate-can

Some other probably outdated reverse engineering tooling links of mine: https://web.archive.org/web/20200119074540/http://www.labrad...

In terms of how to approach RE, other than just "getting started & digging in" & learning by doing, I've sometimes found it informative to read other people's firmware reverse engineering write-ups to learn about potentially useful approaches/tools.

Anyway, hopefully some of this is helpful!

[0] I have a tendency to be a little... "verbose" and/or "thorough" (depending on one's POV :) ) so I'll probably split this over a couple of comments, in case I run out of steam while writing and for topic separation.

See our FAQ[1] on why we forked. As three years passed and both projects are actively developed, the divergence has grown a lot since. We aim for exposing the proper API instead of relying just commands, see e.g. our new Python bindings and rz-bindgen[2]. We have completely different concept of projects, new intermediate language - RzIL[3], and many other things. And under the new organization Cutter is a first-class citizen, not an afterthought as before.

[1] https://rizin.re/posts/faq/

[2] https://rizin.re/posts/gsoc-2022-rz-bindgen/

[3] https://github.com/rizinorg/rizin/blob/dev/doc/rzil.md

> It's true, this was a CVE in Rust and not a CVE in C++, but only because C++ doesn't regard the issue as a problem at all. The problem definitely exists in C++, but it's not acknowledged as a problem, let alone fixed.

Can you find a link that substantiates your claim? You're throwing out some heavy accusations here that don't seem to match reality at all.

Case in point, this was fixed in both major C++ libraries:

https://github.com/gcc-mirror/gcc/commit/ebf6175464768983a2d...

https://github.com/llvm/llvm-project/commit/4f67a909902d8ab9...

So what C++ community refused to regard this as an issue and refused to fix it? Where is your supporting evidence for your claims?

Somewhat related: In 2020 gcc bumped the requirement for bootstrapping to be a C++11 compiler [0]. Would have been fun to see the kernel finally adopt C++14 as the author suggested.

I don't think that Linus will allow this since he just commented that he will allow rust in drivers and major subsystems [1].

I do found it pretty funny that even Linus is also not writing any rust code, but is reading rust code.

I would have hoped see more answers or see something in here from actual kernel developers.

0: https://github.com/gcc-mirror/gcc/commit/5329b59a2e13dabbe20...

> They’re saying that a lot of the restrictions makes things much harder than other languages. Hence the general problem rust has where a lot of trivial tasks in other languages are extremely challenging.

Like what? So far the discussion has revolved around rewriting a linked list, which people generally shouldn't ever need to do because it's included in the standard lib for most languages. And it's a decidedly nontrivial task to do as well as the standard lib when you don't sacrifice runtime overhead to be able to handwave object lifecycle management.

- C++: https://github.com/gcc-mirror/gcc/blob/master/libstdc%2B%2B-...

- Rust: https://doc.rust-lang.org/beta/src/alloc/collections/linked_...

> No need to get defensive, no one is arguing that rust doesn’t do a lot of things well.

That's literally what bsaul is arguing in another comment. :)

> You’re talking up getting a safe implementation in C, but what matters is “can I get the same level of safety with less complexity in any language”, and the answer is yes: Java and c# implementations of a thread safe linked list are trivial.

Less perceived complexity. In Java and C# you're delegating the responsibility of lifecycle management to garbage collectors. For small to medium scale web apps, the added complexity will be under the hood and you won't have to worry about it. For extreme use cases, the behavior and overhead of the garbage collector does became relevant.

If you factor in the code for the garbage collector that Java and C# depend on, the code complexity will tilt dramatically in favor of C++ or Rust.

However, it's going to be non-idiomatic to rewrite a garbage collector in Java or C# like it is to rewrite a linked list in Rust. If we consider the languages as they're actually used, rather than an academic scenario which mostly crops up when people expect the language to behave like C or Java, the comparison is a lot more favorable than you're framing it as.

> If I wanted I could do it in c++ though the complexity would be more than c# and Java it would be easier than rust.

You can certainly write a thread-safe linked list in C++, but then the enforcement of any assumptions you made about using it will be a manual burden on the user. This isn't just a design problem you can solve with more code - C++ is incapable of expressing the same restrictions as Rust, because doing so would break compatibility with C++ code and the language constructs needed to do so don't exist.

So it's somewhat apples and oranges here. Yes, you may have provided your team with a linked list, but it will either

GCC is also written in C++, and has had C++ deps since 2013:

https://github.com/gcc-mirror/gcc/blob/master/gcc/c/c-parser...

Compliers/Interpreters are also very commonly open source (here is the source code for a popular C compiler). That means you can even modify the compiler's code and change its behavior if you wanted to.

according to this commit, the story here seems to be much more interessting than I initially anticipated.

For a more detailed explanation, see [2]. (Also the inspiration for the above example,)

[1] https://en.m.wikipedia.org/wiki/Transitive_relation

[2] https://github.com/gcc-mirror/gcc/commit/50ddbd0282e06614b29...