random rand-tech

File overview:

c6b727d7cff517577db838db18ad17b46334d3c91c2e50893634e56cdc19e41f: rust, large
1e26978c336c153e64edba16ca08187f558d98cc043eca8549686e60467cf223: elf, c
test_strings: c, small, strings

Findings:

We could acchieve the same results using the xrefer backend(string_new.py) as the ida backend(string_ida.py).
- IDA didn't actually support utf-8 strings (e.g. 'Unicode String Test', 'UTF-8: Hello 世界', 'Mixed: café, naïve, Zürich', 'Wide: \t\n\r', 'Wide First')
Adding utf-8 support to Rust binaries resulted in many garbage strings (I'm not familiar if there is a lightweight solution to this). We can just remove the utf-8 support for now.

My Challenges

A curated list of CTF challenges I made.

Year	Event	Category	Name	Theme	#solved (#solved)
2024	SatokiCTF	Rev	gomen	dynamic analysis	2 (3)
2024	SatokiCTF	Rev	satolite3	bin diff, DB internals(SQLite)	1 (2)
2024	SatokiCTF	Rev	satokity	Swift, Mach-O	0 (1)
2024	NewYearsCTF	Rev	2024	Corrupted ELF header	1

inspecting an executable using ifunc

How to work with ifunc (with handson examples)
How to do a quick inspection using CLI commands
How to deep dive using IDA

How to work with ifunc (with handson examples)

Go read

https://maskray.me/blog/2021-01-18-gnu-indirect-function
- Great resource, has been updated after the xz backdoor incident 👍
https://a-kawashiro.hatenablog.com/entry/2021/11/07/100540

Keybase proof

I hereby claim:

I am rand-tech on github.
I am rand6d74 (https://keybase.io/rand6d74) on keybase.
I have a public key whose fingerprint is 1871 F3DC D14F D69C F81D A8C7 4A83 BBA4 0B83 D664

To claim this, I am signing this object:

.
├── data
│   ├── ankis
│   │   └── (your apkg files here.apkg)
│   └── jsons
│       └── (json files here)
└── extractor
    ├── extract.js (not shared)
 ├── gen_anki.py

	#!/usr/bin/env zsh
	emulate -L zsh
	set -eau

	# usage:
	# [INSTALL_DIR=/path/to/dir] [GDBINIT_PATH=/path/to/.gdbinit] [HEADLESS=1] ./lndbg.sh

	readonly VERSION="0.1.0"
	readonly NAME="ldgdb"