Our great sponsors
z3 | jadx | |
---|---|---|
28 | 40 | |
9,689 | 38,905 | |
1.5% | - | |
9.9 | 9.2 | |
6 days ago | 4 days ago | |
C++ | Java | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
z3
-
Ask HN: What is the current state of "logical" AI?
See https://cacm.acm.org/magazines/2023/6/273222-the-silent-revo... and also modern production rules engines like https://drools.org/
Oddly, back when “expert system shells” were cool people thought 10,000 rules were difficult to handle, now 1,000,000 might not be a problem at all. Back then the RETE algorithm was still under development and people were using linear search and not hash tables to do their lookups.
Also https://github.com/Z3Prover/z3
Note “the semantic web” is both an advance and a retreat in that OWL is a subset of first order logic which is really decidable and sorta kinda fast. It can do a lot but people aren’t really happy with what it can do.
-
Lean4 helped Terence Tao discover a small bug in his recent paper
Code correctness is a lost art. I requirement to think in abstractions is what scares a lot of devs to avoid it. The higher abstraction language (formal specs) focus on a dedicated language to describe code, whereas lower abstractions (code contracts) basically replace validation logic with a better model.
C# once had Code Contracts[1]; a simple yet powerful way to make formal specifications. The contracts was checked at compile time using the Z3 SMT solver[2]. It was unfortunately deprecated after a few years[3] and once removed from the .NET Runtime it was declared dead.
The closest thing C# now have is probably Dafny[4] while the C# dev guys still try to figure out how to implement it directly in the language[5].
[1] https://www.microsoft.com/en-us/research/project/code-contra...
[2] https://github.com/Z3Prover/z3
[3] https://github.com/microsoft/CodeContracts
-
Programming Languages Going Above and Beyond
I believe, Nim also has this functionality, although, it uses the [0]Z3Prover tool with a nim frontend [1]"DrNim" for proving.
- Modern SAT solvers: fast, neat and underused (2018)
-
If You've Got Enough Money, It's All 'Lawful'
Don't get me wrong, there are times when Microsoft got it right the first time that was technically far superior to their competitors. Windows IOCP was theoretically capable of doing C10K as far back in 1994-95 when there wasn't any hardware support yet and UNIX world was bickering over how to do asynchronous I/O. Years later POSIX came up with select which was a shoddy little shit in comparison. Linux caved in finally only as recently as 2019 and implemented io_uring. Microsoft research has contributed some very interesting things to computer science like Z3 SAT solver and in collaboration with INRIA made languages like F* and Low* for formal specification and verification. But all this dwarfs in comparison to all the harm they did.
-
Constraint Programming 'linking' variables
Z3 theorem prover SMT solver might help you.
-
General mathematical expression analysis system
Other than that, you should look at Z3 which is pretty damn good at these sort of theorems/constraints.
-
-🎄- 2022 Day 21 Solutions -🎄-
In the end I used Z3 Julia bindings instead. The hardest part was to get the result back from it, because I kept running into assertion violations from inside Z3
-
Question about Predicate Transformer Semantics
I'm trying to learn a little bit about Predicate Transformer Semantics (PTS) as part of a quick exploration of Z3.
-
The Little Prover
> And you propose me instead to go and reverse engineer library Js code which I am not that proficient in, and rewrite all code in Java instead?..
Yes, rather than demand others cater to your whims, frankly.
Do you realise how hypocritical it sounds to complain that you are not proficient in Javascript, when others might not be proficient in ?
Go use Z3 if you need a prover in C++ (or Java), its far more robust (provided its the type you're after) than someones 700 LoC JavaScript implementation.
jadx
- Apktool in kali
-
A popular Bluetooth car battery monitor that siphons up all your location data
The best way is to just start practicing. I would say pick some simple apps on your (Android) phone and dig straight in.
The great thing about Android applications is that often they generally decompile quite nice into human readable Java soo the barrier of entry can be quite low to start reversing.
Grab a copy of JADX[1] - it will decompress and decompile the APK files. If you don't have an Android handset, use an emulator and/or grab APKs from apkpure[2]
Dynamic analysis is a bit more challenging. In my blog post I use Frida[3] extensively.
If you get started on something and get stuck/looking for support, feel free to DM me on Twitter[4], more then happy to help.
[1] https://github.com/skylot/jadx
-
Hardware Question
This may be overkill but you can use an oscilloscope to manually calculate the baudrate, i.e. like this. It looks like it could be UART serial data, but this is a good resource to reference. Sometimes http is used as a means for communicating, and not necessarily directly to a browser see here. This is pretty common in embedded applications actually. You can try using dirbuster to see what hidden endpoints there are that may be used for video. If there's an RC, you can try and do what you were doing before on the drone for that (see what dmesg says when plugged in, check any open ports, etc). If it's a phone you connect to, you can RE the mobile app. I like using jadx for APKs to get a lay of the land. If you don't want to pop the SPI flash like i suggested earlier (and I suggest don't do that except for last resort), you can grep for firmware urls in the mobile app to see if it does OTA updates, and see if you can directly download it and analyze it with a disassembler like Ghidra. Since it's WiFi, you can also MiTM the traffic from an AP you control like your computer. I'm guessing video is probably going to be something like RTSP at an IP address, so you can grep in the mobile app for that, and that might be good enough to get your video feed honestly.
-
improved nintype
Jadx - skylot/jadx: Dex to Java decompiler (github.com) - Used for decompiling the apk - make the code readable
-
How to securely set end point url and encryption keys in CN1 app
I realized when app is decompiled using JADX class names are recreated as shown in this screenshot of sample app
-
Reverse Engineering the Facebook Messenger API
Not sure. I started reverse engineering Java apps very early in my life — initially it was J2ME games. Decompilers of the time sucked but that didn't stop me from modding Gravity Defied :P
I honestly don't know what's a good way of getting started on reverse engineering. There's a bunch of everything about Windows executables in particular, including "crackmes", but native machine code is a level up from JVM bytecode. Java classes and Android dex files can be decompiled back to sensible source with a good chance that you get something that can be compiled again. No such luck for native code — C/C++ compilation is a lossy process by its nature, especially the optimizations. Ghidra does a decent job but still requires a non-zero amount of manual assistance. Flash games also were good to hone one's reverse engineering skills since ActionScript decompilers did a pretty darn good job.
Anyway. To decompile dex to Java source, there's jadx: https://github.com/skylot/jadx
Since decompilation is sometimes lossy, there's apktool for when you want to put the app back together after tinkering with it: https://github.com/iBotPeaches/Apktool
It goes without saying that you also need a JDK and the Android SDK. In particular, you need apksigner form the SDK to sign the unsigned apks generated by apktool. You can also automate things a bit and use adb to deploy them to your device.
What I usually do is get a high-level overview of the app in jadx, and then modify the smali (dalvik bytecode in text form, very assembly-like) files generated by apktool.
-
What Happens When Your Phone Is Spying on You
A week ago I purchased a bluetooth device that takes some measurements. You require an Android or iOS application. The first thing the iOS app did was request permission for your location. Immediate fired up MITMproxy [1] running in transparent `--mode wireguard` and installed it's certificate in the iOS trust store. It was sending a whole bunch of data to China and HK. Since I don't have a jailbroken iPhone, it's off to Android.
For BLE scanning, Android does require permissions for location, but this application is using a Chinese branded tracking SDK and sending encrypted (within already encrypted TLS). So it's time to start reversing and instrumenting the runtime.
Well - not so easy, they used a commercial packer that encrypts their compiled bytecode and decrypts and runs it within a C++ library. I managed to bull the Dalvik out of memory using Frida[2], covert it to java bytecode with dex2jar[3] then into decompiled java with jadx [3].
Since the developer relied on the packer to hide/obfuscate their software, it's quite easy to follow. The libraries that do the location tracking on the otherhand are obfuscated so now I'm at the stage of identifying where to hook before the encrypted blobs are sent to servers in China.
I've sunk about 8 hours into this so far. The message here is that to understand what some applications on your phone does you need to really invest time and effort. The developers increase the cost to the consumer to know what their application is doing by obfuscation, encryption and packing. It's asymmetric.
[1] https://mitmproxy.org/posts/wireguard-mode/
[2] https://frida.re/docs/android/
-
Any legit cracking tutorial?
jadx: View the generated Java code for an app. This tool tries to recreate Java code from the smali bytecode, but keep in mind that sometimes it may not work because Java -> Smali conversion is not fully backwards compatible.
-
Apk.sh is a Bash script that makes reverse engineering Android apps easier
If you haven't tried Jadx [1], give it a shot. It's by far the easiest way to reverse Android APKs. I doesn't do patching or reassembly, but I used it for reversing the Delong'hi APK for longshot [2][3] and the quality of output was fantastic.
[1] https://github.com/skylot/jadx
[2] https://github.com/mmastrac/longshot
[3] https://grack.com/blog/2022/12/02/hacking-bluetooth-to-brew-...
-
Potentially OT: Any guides/crash course/cheatsheet on how to modify or perhaps reverse engineer an open source program to your preference?
Smali is a low level language for Dalvik bytecode and it can be quite a headache to interpret it correctly and achieve what you want. That's why I recommend another tool called jadx which can mostly recover Java code from a dex file, but unfortunately the conversion is not 100% possible. Also, editing is not possible with jadx.
What are some alternatives?
employee-scheduling-ui - An UI component for Employee Scheduling application.
Apktool - A tool for reverse engineering Android apk files
advent-of-code - My solutions to http://adventofcode.com/ :)
enjarify
advent-of-code-go - All 8 years of adventofcode.com solutions in Go/Golang; 2015 2016 2017 2018 2019 2020 2021 2022
android-classyshark - Android and Java bytecode viewer
magmide - A dependently-typed proof language intended to make provably correct bare metal code possible for working software engineers.
apk2gold - CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!
ikos - Static analyzer for C/C++ based on the theory of Abstract Interpretation.
procyon
androguard - Reverse engineering and pentesting for Android applications
simplify - Android virtual machine and deobfuscator