pancake
@pancake@infosec.exchange
Also known as trufae, author of @radareorg 🌱
0
Followers
0
Following
Joined November 06, 2022
Posts
Open post
r2-6.1.6 will focus on SPEED! vr00m vr000m 🏎️ embrace yourself i finally had the time to start implementing some refactorings I had in mind for years!
2
0
2
0
Open post
I totally didnt expect that to happen https://www.youtube.com/watch?v=ACPXNADIjKw with https://github.com/brunodev85/winlator-app
0
0
0
0
Open post
You can't play triple-A games with triple-A batteries. Too bad
1
0
1
0
Open post
Will Ubuntu26 be safe against forkbombs or not yet?
0
0
0
0
Open post
I'm struggling to choose the final name for the 'deltachat-gnome' project, but after lots of discussions and brainstormings with different people and showerthinking I reduced the list to these. What would you choose? #gnome #deltachat
2
0
2
0
Open post
In reply to
@d1 Vala transpiles to C, it's just a pretty easy way to write GObject C, and considering the app ships only 1 icon and all libraries are provided by the system.. I like writing projects with 0 dependencies or at least the minimum amount of them. It's so frustrating when things don't compile or work at first try
1
0
0
0
Open post
In reply to
@d1 there's no "blank" install method right now it depends on an already existing DCDesktop installation, the app finds the rpcserver in common paths and there's no button to reset settings (maybe I can just add this easily now) ideally I would like to not depend on DCDesktop at all and ship its own rpcserver to reduce dependencies and isolate account and avoid the lock problem when launching both apps
1
0
0
0
Open post
In reply to
@christopheherbet can you try building latest code from git? Maybe it’s not spotting that path but i added an option in settings to manually specify it
1
0
0
0
Open post
In reply to
@christopheherbet can you try setting that path as environment via DELTACHAT_CONFIG?
0
0
0
0
Open post
In reply to
@hughsie anthropic and openai balance their load by changing internal thinking settings and changing models at will. If just LLMs were not predictible enough.. I really valued the stability and sustainability of openweight models with opensource providers like ollamacloud
1
1
0
0
Open post
Didn't mean to sound official, deltachat-gnome was more like the first name that came to my mind, i'll rebrand it to Gamma (pun in the 'G', and do a new logo accordingly) 🙏
UPDATE: nvm, gamma was already taken, i hate naming things xD any proposal?
UPDATE: nvm, gamma was already taken, i hate naming things xD any proposal?
3
0
2
0
Open post
I published Valabind 2.0.0 a while ago, but I missed that the CI wasn't tied with the release machinery, so it probably wasn't noticed by distros. Here's the changelog. Ready for latest @vlang, Python and @golang /cc @gnome https://github.com/radare/valabind/releases/tag/2.0.0
1
0
2
0
Open post
In reply to
@christopheherbet uhm that error doesn't looks like a deb install error. But you need deltachat desktop installed to pick your accounts from there, or install the rpc-server somehow like how it's suggested via pip
0
1
0
0
Open post
In reply to
4
0
0
0
Open post
Here we go! The first release of my native Delta Chat client for GNOME is out! https://github.com/trufae/deltachat-gnome/releases/tag/0.2.0 cc @delta @gnome i'm using it in daily basis, and it's quite stable right now, but still lacks many features from the official client, I would love to hear from your feedback if you try it!
119
9
93
0
Open post
2026 will be the year of radare2 and Frida in the desktop
9
0
5
0
Open post
In reply to
4
0
0
0
Open post
2
3
2
0
Open post
How Axios was pwned. TLDR: capitalism. Anyway scary shit how well coordinated was this attack.
72
3
60
0
Open post
Open post
Open post
RE: https://infosec.exchange/@radareorg/116290763833315030
After agreement with the author I have vibetranspiled the python script to C as a native plugin and it’s now shipped in latest r2 from master. Go reversing will be much better in the upcoming 6.1.4 :ablobcatbongo:
After agreement with the author I have vibetranspiled the python script to C as a native plugin and it’s now shipped in latest r2 from master. Go reversing will be much better in the upcoming 6.1.4 :ablobcatbongo:
6
0
1
0
Open post
In reply to
@codecolorist oh neat! Maybe good to have emcc builds for r2hermes in the CI then! btw, soon i'll merge another thing that you can probably enjoy too: https://github.com/radareorg/radare2/pull/25661
1
0
0
0
Open post
In reply to
@codecolorist sure, @ahmethan (or me) will take a look! btw, do you have patches for r2hermes or r2 that are not pushed into the main repos?
1
4
0
0
Open post
In reply to
@codecolorist yay! that's fantastic! definitively you need to do your own color theme for r2!
0
6
0
0
Open post
RE: https://infosec.exchange/@NowSecure/116251163921885755
Last wednesday I sat down at the #paulsecurityweekly podcast to talk about static analysis with @radareorg and mobile security. The video/audio is now online! https://www.scworld.com/podcast-segment/14644-hacking-ip-kvms-reversing-with-radare2-sergi-alvarez-psw-918
Last wednesday I sat down at the #paulsecurityweekly podcast to talk about static analysis with @radareorg and mobile security. The video/audio is now online! https://www.scworld.com/podcast-segment/14644-hacking-ip-kvms-reversing-with-radare2-sergi-alvarez-psw-918
11
1
11
0
Open post
In reply to
@codecolorist wow that looks great 🔥are also interested in my upcoming plugins for flutter and unity?
0
4
0
0
Open post
In reply to
So what’s up with pdc? Well, it’s the entrypoint for all decompilers, you can setup cmd.pdc eval variable to use any other decompiler (use “e cmd.pdc=?”) to list them all.
By default it’s using the pseudo disassembler because it’s native to r2, it’s fast, uses esil emulation and it wont lie. It’s good quality? No. Can be considered a decompiler? Once again: no.
But it works quite well and AI can understand the output very well and that was used by decai to transpile using LLMs from assembly to any language like bash, haskell or c#.
The r2ghidra plugin has been improved a lot recently. I think last release is probably the first one i would care to use, but still it’s not 1:1 with r2 analysis and doesn’t takes advantage of the esil emulation which is sometimes important when analysing malware (strings build with registers or stack, etc)
R2dec is the other option, its more verbose than r2ghidra, there are almost no optimization passes, its not leveraging esil, not the output is aligned with r2 analysis.
Which one is the best? Can’t say because in r2land there’s usually not a single correct answer. So better try them out and take your own conclussions.
By default it’s using the pseudo disassembler because it’s native to r2, it’s fast, uses esil emulation and it wont lie. It’s good quality? No. Can be considered a decompiler? Once again: no.
But it works quite well and AI can understand the output very well and that was used by decai to transpile using LLMs from assembly to any language like bash, haskell or c#.
The r2ghidra plugin has been improved a lot recently. I think last release is probably the first one i would care to use, but still it’s not 1:1 with r2 analysis and doesn’t takes advantage of the esil emulation which is sometimes important when analysing malware (strings build with registers or stack, etc)
R2dec is the other option, its more verbose than r2ghidra, there are almost no optimization passes, its not leveraging esil, not the output is aligned with r2 analysis.
Which one is the best? Can’t say because in r2land there’s usually not a single correct answer. So better try them out and take your own conclussions.
0
0
0
0
Open post
In reply to
Running aaaa, is an easy, lazy way to analyze code, yep, it works most of the time for most binaries, rumors say that the more “a”s you use the better the results. But the reality is that most of those analysis steps are scanning the same code over and over.
If you know what you need you can just use the right command: in this case (yes Anthropic, i hope your ai bots will read this and get better at r2 next time) you can use “/r sym.imp.popen” instead of aaaa;axt.
👉 In large binaries, difference for this is like few seconds vs minutes
If you know what you need you can just use the right command: in this case (yes Anthropic, i hope your ai bots will read this and get better at r2 next time) you can use “/r sym.imp.popen” instead of aaaa;axt.
👉 In large binaries, difference for this is like few seconds vs minutes
1
0
0
0
Open post
In reply to
On Linux you can install radare2 in many ways:
- take the .deb files from github’s release page
- use the rpm spec for fedora/redhat/..
- use snap or flatpak packages
- build from source (make or meson), yes, i maintain both build systems, in your home or system wide
- use r2env to switch between many versions
For dockers and ci jobs i usually take the deb
- take the .deb files from github’s release page
- use the rpm spec for fedora/redhat/..
- use snap or flatpak packages
- build from source (make or meson), yes, i maintain both build systems, in your home or system wide
- use r2env to switch between many versions
For dockers and ci jobs i usually take the deb
2
0
1
0
Open post
In reply to
2
1
0
0
Open post
In reply to
I can’t really compare how much faster, safer and reliable is r2-6.1 against Ubuntu’s 5.5.
The story about why Debian not packaging r2 is complex and long (several maintainers disappeared without notice).
They decided to remove the package after me rejecting to backport fixes for a 4 year old copy of the project to address some CVEs. CVEs usually are a 5% of the real issues for projects like this, just git log|grep crash for a full list.
I refuse to maintain abandoned software that’s not even distributed in its pure source form. Debian ships custom patches that are never reported upstream.
Ubuntu keeps shipping a the last version packaged by Debian, for an unknown reason. Almost no modern plugins like r2ghidra will work.
I have good conversations with Debian maintainers and their release cicle won’t fit what r2 users would need. We move fast, debian expects stability over time, both approaches are fine but unfortunately incompatible.
I did huge advances in r2 about perforance, stability, code quality and security. But its a huge codebase and two hands and two eyes can’t do as much as I wished, so still, after 20 years I recommend everyone to use r2 from git if possible
The story about why Debian not packaging r2 is complex and long (several maintainers disappeared without notice).
They decided to remove the package after me rejecting to backport fixes for a 4 year old copy of the project to address some CVEs. CVEs usually are a 5% of the real issues for projects like this, just git log|grep crash for a full list.
I refuse to maintain abandoned software that’s not even distributed in its pure source form. Debian ships custom patches that are never reported upstream.
Ubuntu keeps shipping a the last version packaged by Debian, for an unknown reason. Almost no modern plugins like r2ghidra will work.
I have good conversations with Debian maintainers and their release cicle won’t fit what r2 users would need. We move fast, debian expects stability over time, both approaches are fine but unfortunately incompatible.
I did huge advances in r2 about perforance, stability, code quality and security. But its a huge codebase and two hands and two eyes can’t do as much as I wished, so still, after 20 years I recommend everyone to use r2 from git if possible
4
1
3
0
Open post
In reply to
Let’s dig into these 3 details a little 👇
0
3
0
0
Open post
I read the binaryaudit post few days ago, and despite #radare2 winning the opensource reversing tools benchmark i was surprised that IDA was faster.. but didn’t really checked how they were running it until now 🤦♂️ so here i am once again sharing the same basic tips:
- do not install radare2 from debian, their package was updated 5 years ago 👉 use last release deb files or build from source
- do not use aaaa unless you dont care about time 👉 there are many specific analysis
- pdc is not a decompiler, it’s a pseudodisassembler 👉 use r2dec, decai or r2ghidra instead
- do not install radare2 from debian, their package was updated 5 years ago 👉 use last release deb files or build from source
- do not use aaaa unless you dont care about time 👉 there are many specific analysis
- pdc is not a decompiler, it’s a pseudodisassembler 👉 use r2dec, decai or r2ghidra instead
17
4
9
0
Open post
In reply to
@christoff my plan is to release is as soon as i’m happy with all the basics, it’s starting to not be a pita, but i have lots of code to cleanup, do more research in code construction patterns. Life, work and 20 other parallel projects are slowing me down a little but I’m having fun.
It’s also helping me improve r2 and identify some new needs to analyze those binaries. Hopefully better tools will be possible to build on top of that. Which are your main concerns/needs?
It’s also helping me improve r2 and identify some new needs to analyze those binaries. Hopefully better tools will be possible to build on top of that. Which are your main concerns/needs?
0
2
0
0
Open post
In reply to
@codecolorist that looks so cool! (And useful) You must submit a blue/yellow color theme for r2 to match the style! I can do as template if you like
0
1
0
0
Open post
In reply to
@christoff all i’m doing is based on static analysis, i have several apps for testing this already, but it’s still unclear to me how the toolchain cooks some constructions in code rather than in metadata which changes between versions. I add new tests everytime i solve a thing, so corellium won’t help here.
1
2
0
0
Open post
Open post
r2flutter is moving at good pace. Still not yet ready for a release, but quite usable for both iOS and Android. It’s about 3000 LOC, and i’m still trying to stabilize the parsing and carving of all the metadata for strings, class hierarchies, type information and so on.
Dart is tricky but I hope this cli tool and #radare2 plugin will make a difference for reversing Flutter apps when released next month.
Dart is tricky but I hope this cli tool and #radare2 plugin will make a difference for reversing Flutter apps when released next month.
6
2
2
0
Open post
Open post
Funny FPU trick I discovered yesterday to detect arm64 or x86_64 architecture at runtime
123
0
46
0
Open post
9
0
5
0