evdokimov python arsenal for re
Post on 21-Oct-2014
1.481 views
DESCRIPTION
TRANSCRIPT
![Page 1: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/1.jpg)
Python Arsenal for Reverse
Engineering
Dmitry “D1g1″ Evdokimov
DSecRG, Security Researcher
![Page 2: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/2.jpg)
#whoami
• Security Researcher in DSecRG
– RE
– Fuzzing
– Mobile security
• Organizer: DCG #7812
• Editor in “XAKEP”
2 ZeroNights 2012
![Page 3: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/3.jpg)
Intro
3 ZeroNights 2012
![Page 4: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/4.jpg)
Perl?!
4 ZeroNights 2012
Perl binding for IDA Pro: http://cyrplw.svn.sourceforge.net/viewvc/cyrplw/perl/
http://redplait.blogspot.ru/2011/08/perl-inside-ida-pro.html
![Page 5: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/5.jpg)
Ruby?
• Metasm - the Ruby assembly manipulation suite
• Idarub - Ruby plugin for IDAPro • Ragweed - scriptable Win32/Linux/OSX
debugger written in ruby • frasm - Ruby bindings for distorm64 • LeafRub - x86 ELF Analysis and Debugging • rbkb - A miscellaneous collection of command-
line tools and ruby library helpers related to pen-testing and reversing
• jdi_hook - JRuby based scriptable Java debugger using the JDI interface
• ???
ZeroNights 2012 5
![Page 6: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/6.jpg)
Python!
6 ZeroNights 2012
BeaEnginePython bochs-python-
instrumentation Buggery Ctypes Deviare dislib diStorm FrASM IDAPython ImmLIB libdisassemble lldb llvmpy Macholib Miasm OllyPython PDBparse PEEL pefile PIDA
PinPy ProcessTap pyasm PyBox PyCodin pydasm Pydb PyDBG PyDbgEng pydbgr PyDevTools pydot pydusa PyEA PyELF Pyelftools PyEMU pyew pygdb pyHIEW
pykd Pylibemu pylibscizzle pyMem pymsasid pyREtic PySTP python-adb python-haystack python-ptrace PythonGdb pytracer radapy ramooflax uhooker Vivisect vtrace WinAppDbg Z3-python Z3Py …
![Page 7: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/7.jpg)
Example
ZeroNights 2012 7
Target Monitor
Fuzzer TestCase
Generator
CodeCoverage analyzer
ProcessTap
Z3Py
vtrace
IDA Pro
IDAPython
Target
![Page 8: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/8.jpg)
The first idea
ZeroNights 2012 8
![Page 9: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/9.jpg)
Web portal
ZeroNights 2012 9
http://pythonarsenal.dsecrg.ru/
http://pythonarsenal.erpscan.com/
![Page 10: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/10.jpg)
Site:Main
10 ZeroNights 2012
![Page 11: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/11.jpg)
Library:Description
11 ZeroNights 2012
![Page 12: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/12.jpg)
Site:Search
12 ZeroNights 2012
![Page 13: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/13.jpg)
Site:Feedback
13 ZeroNights 2012
![Page 14: Evdokimov python arsenal for re](https://reader036.vdocuments.mx/reader036/viewer/2022082309/544594feb1af9fcf068b45c6/html5/thumbnails/14.jpg)
Conclusion
- Gratz!
- Anton Astafiev
- Future work
- Update/implementation/fix
- Development
- News
- Statistics/graph/chart
14 ZeroNights 2012