Jarkko Sakkinen
Posts
4417Following
315Followers
471OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
LOL, I have work interview every single working day next week, and some after that. This will be exhausting.
2
0
1
Jarkko Sakkinen
jarkko
I guess it is time to look back into #TPM2 #asymmetric #keys series. I did latest version of the series in Apr/May.
My wild guess is that it won't work and I have no idea WHY. At least for me this happens on patch series that i don't work on for some months. Then after debugging and cursing for a day or two find a missing CONFIG_ flag or similar ;-)
#Linux #kernel #hacking
My wild guess is that it won't work and I have no idea WHY. At least for me this happens on patch series that i don't work on for some months. Then after debugging and cursing for a day or two find a missing CONFIG_ flag or similar ;-)
#Linux #kernel #hacking
0
1
0
Jarkko Sakkinen
jarkko
I've seldomly tried #Rizin over the years but only after I switched to #Fedora early this year, I've really got into using it.
The stack is pretty well packaged, including #Cutter, in Fedora, which lowered the barrier. I hate to self-compile, everything must be low-hanging fruit unless I'm actually doing paid work :-)
I've also played with #Ghidra but the problem is that it does not fit to my workflow as well where everything else is a command-line tool.
But since I learned that I can use Ghidra's decompiler Rizin I get best possible reverse engineering for *my personal needs*. Also, one big thing in Rizin is out-of-the box RISC-V support.
I've also got into developing some tools with libcapstone disassembler Rust bindings, and a crate called Goblin. My ultimate goal here would be to automate the way i do analysis for kernel oops without using anything from scripts/, addr2line, gdb or objdump. Rizin is a great prototyping tool because it is also based on libcapstone.
For great tutorials on Rizin, I can warmly recommend this YouTube channel:
https://www.youtube.com/@ConsoleCowboys
Tutorials are for #Radare2 but they apply equally to Rizin.
The stack is pretty well packaged, including #Cutter, in Fedora, which lowered the barrier. I hate to self-compile, everything must be low-hanging fruit unless I'm actually doing paid work :-)
I've also played with #Ghidra but the problem is that it does not fit to my workflow as well where everything else is a command-line tool.
But since I learned that I can use Ghidra's decompiler Rizin I get best possible reverse engineering for *my personal needs*. Also, one big thing in Rizin is out-of-the box RISC-V support.
I've also got into developing some tools with libcapstone disassembler Rust bindings, and a crate called Goblin. My ultimate goal here would be to automate the way i do analysis for kernel oops without using anything from scripts/, addr2line, gdb or objdump. Rizin is a great prototyping tool because it is also based on libcapstone.
For great tutorials on Rizin, I can warmly recommend this YouTube channel:
https://www.youtube.com/@ConsoleCowboys
Tutorials are for #Radare2 but they apply equally to Rizin.
1
2
1
Jarkko Sakkinen
jarkko
@Foxboron And it is a service not a client application?
One application for that could be confidential computing hub. In Erax we piggybacked CPU attestations from both Intel and AMD CPU's to x.509 certificates.
Obviously if a confidential enclave (TEE payload) gets new pages from the host (that it most schemes ack's, dynamic allocation in CoC is a protocol between guest and host), its old attestation invalidates. Thus these x.509 certificates are sent to a node, which goes to Intel/AMD CA and verifies the quotes against them.
Just reflecting with a familiar application for attestation :-)
So in this case would those certificates put into transperncy log or identity portal?
One application for that could be confidential computing hub. In Erax we piggybacked CPU attestations from both Intel and AMD CPU's to x.509 certificates.
Obviously if a confidential enclave (TEE payload) gets new pages from the host (that it most schemes ack's, dynamic allocation in CoC is a protocol between guest and host), its old attestation invalidates. Thus these x.509 certificates are sent to a node, which goes to Intel/AMD CA and verifies the quotes against them.
Just reflecting with a familiar application for attestation :-)
So in this case would those certificates put into transperncy log or identity portal?
0
0
0
@TartanLlama @ljs @nostarch
I'm not that interested on a debugger book because I've written at least couple of debuggers and profilers for internal use in some companies and also read the classic "Gray Hat Python" BUT as a future recommendation I'd buy immediately a spiritual successor of "Linkers and Loaders".
There's been some binary analysis books after but they are not enjoyable read like Linkers and Loaders is bit historical tidbits etc. They are more like tutorials. You should check this book out some day if you've never read. I guarantee you will enjoy it (by Stephen Levy from 1999).
I just wish someone would write a great book about binary formats because I enjoy that stuff almost a hobby ;-) Like now that eBPF even has ELF profile, would be great to go through from IBM mainframe times to that and some discussion how they have been modernized for more modern languages. It's a total treasure zone of great lore.
I'm not that interested on a debugger book because I've written at least couple of debuggers and profilers for internal use in some companies and also read the classic "Gray Hat Python" BUT as a future recommendation I'd buy immediately a spiritual successor of "Linkers and Loaders".
There's been some binary analysis books after but they are not enjoyable read like Linkers and Loaders is bit historical tidbits etc. They are more like tutorials. You should check this book out some day if you've never read. I guarantee you will enjoy it (by Stephen Levy from 1999).
I just wish someone would write a great book about binary formats because I enjoy that stuff almost a hobby ;-) Like now that eBPF even has ELF profile, would be great to go through from IBM mainframe times to that and some discussion how they have been modernized for more modern languages. It's a total treasure zone of great lore.
1
0
0
Jarkko Sakkinen
repeated
repeated
Sy Brand
TartanLlama@mastodon.socialA wrote a book on how debuggers work!
It guides you through writing a complete native debugger from scratch.
Available Spring 2025 from @nostarch (probably not with this cover)
14
10
3
Jarkko Sakkinen
jarkko
Edited 11 months ago
One add to #C 's memory safety is that you can almost decompile it in your head so that it is trivial to map even raw binary to meaningful language statements. I like that Ghidra and Rizin have decompilers but I almost never use them because I do not NEED them for anything. Especially since the return of frame pointers assembly simple and awesome again.
Also reviewing C code is factors easier than any other programming language I'm aware or because you don't have to guess how statements translate.
In most more modern systems you really have to do research sometimes because of unnecessarily complex language constructs and vast amount of generated code, meaning that there are filters obfuscating how the final machine language code is generated.
Finally, like with any software, more complex shit you produce, more likely you are gong to hit to bugs. This applies also to GCC and LLVM.
Also reviewing C code is factors easier than any other programming language I'm aware or because you don't have to guess how statements translate.
In most more modern systems you really have to do research sometimes because of unnecessarily complex language constructs and vast amount of generated code, meaning that there are filters obfuscating how the final machine language code is generated.
Finally, like with any software, more complex shit you produce, more likely you are gong to hit to bugs. This applies also to GCC and LLVM.
0
0
1
@beandev I ended up wrapping it like https://codeberg.org/jarkko/clonectl/src/branch/main/src/main.rs
0
0
1
Jarkko Sakkinen
jarkko
@beandev I find this maybe a bit more robust and it has pretty good backing given the byte code alliance: https://github.com/bytecodealliance/cap-std
1
0
1
@rjzak I wonder if it would be possible to take a script of rizin commands and compile them into a Python script which would execute equivalent steps using capstone etc. modules. It could skip commands (perhaps marking a comment to the script), which are infeasible to support in this context. Then it would be easy to prototype analysis in Rizin and finally turn that into custom analysis which could be then further refined by tuning the script. This would be a great feature for CI.
Another thing I'm wondering could Rizin take advantage of eBPF capabilities of Linux kernel and use probes in the run-time debugger. It is easy to create BPF ring buffers for an application to deliver customized data from kernel (I've done this once).
Another thing I'm wondering could Rizin take advantage of eBPF capabilities of Linux kernel and use probes in the run-time debugger. It is easy to create BPF ring buffers for an application to deliver customized data from kernel (I've done this once).
1
0
0
Jarkko Sakkinen
jarkko
@oleksandr @gromit @vbabka I'll put that to the same queue as compiler flags. Thank you!
Cannot say anything before testing the patch because Murphy's law clearly states if you judge without testing you always get it wrong ;-)
Cannot say anything before testing the patch because Murphy's law clearly states if you judge without testing you always get it wrong ;-)
0
0
1
Jarkko Sakkinen
jarkko
0
0
1