mastodon
4.6.0-alpha.5+glitch
Developer - Reverse engineer - CTF player - Scrub
Over the past couple years, I have come to know the #dotnet platform pretty well, from a developer's and a #reversing standpoint.
I can’t always say the same the #infosec community.
Today, I decided to rant a little (or maybe a lot 🙃)
Better late than never, I finally managed to finalize my #flareon12 write-ups😄
Overall, it was a fun set of challenges and the latter ones a reminder of how much I still have to learn in the field of RE :).
👉 https://blog.washi.dev/posts/flareon12/
👉 https://washi1337.github.io/ctf-writeups/writeups/flare-on/2025/
Image
#AsmResolver 6.0.0-beta.4 released!
This release addresses many shortcomings found during beta.3, including ARM32 and ARM64 support, auto references importing, and many other DX improvements.
👉 Get it on GitHub or NuGet: https://github.com/Washi1337/AsmResolver/releases/tag/v6.0.0-beta.4
After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering.
As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings).
👉https://blog.washi.dev/posts/recovering-nativeaot-metadata/
#AsmResolver 6.0.0-beta.3 just got pushed to NuGet!
More bugs were found and squashed. We are closing in on a full release with most of the public API being stable.
Get it on GitHub or NuGet 👉 https://github.com/Washi1337/AsmResolver/releases/tag/v6.0.0-beta.3
#AsmResolver 6.0.0-beta.2 has been released
This is a maintenance release that addresses many regressions introduced by the refactors in 6.0.0-beta.1.
Get it on NuGet or GitHub
👉 https://github.com/Washi1337/AsmResolver/releases/tag/v6.0.0-beta.2
I just published my writeups for all challenges of #flareon11:
👉 https://blog.washi.dev/posts/flareon11/
👉 https://washi1337.github.io/ctf-writeups/writeups/flare-on/2024/
Hope you like them as much as I liked writing them!
#AsmResolver 5.5.1 is out!
This is a maintenance release, adding #dotnet 8.0 targets and fixes issues related to type signatures, CIL optimizations, as well as some rare edge cases in .NET metadata directory parsing.
Get it on GitHub/NuGet:
👉 https://github.com/Washi1337/AsmResolver/releases/tag/v5.5.1
Did you know you could write entire #csharp programs just by using the "await" keyword?
OK, well not really, but I spent some weekends developing AwaitFuscator: A (dumb) #obfuscator that turns your #dotnet program into nothing but "await" expressions!
"Noo! Ghidra has such a bad UI! IDA is much better!"
Explain to me: In what world does a hex view need column selection that crosses multiple columns (and beyond) and disappears upon scrolling?
The decompiler may be good but I genuinely don't see how people put up with IDA's UI.
I wrote a quick post with my thoughts on the recent VMProtect leaks, and why I think it is a bad thing in general:
👉 https://blog.washi.dev/posts/on-the-vmp-leak-and-why-it-is-bad/
Ever tried #reversing #dotnet binaries compiled with #nativeaot? I decided to publish some of my (hacky) #ghidra scripts that may help you out with mundane tasks like finding strings.
👉https://github.com/Washi1337/ghidra-nativeaot
The scripts could probably use some work but at least it's a start😃
Earlier this month I found a way to consistently pop calculators in #dnSpy by opening a file and clicking some nodes in its browser.
Today I release a write-up on how this can be done:
👉 https://blog.washi.dev/posts/popping-calcs-in-dnspy/
Update dnSpy if you haven't already!
Another day, another #AsmResolver version bump: 5.4.0 is out now.
This release includes support for #PE certificate tables, PE forwarder exports, more quality of life improvements and more bug fixes.
👉 https://github.com/Washi1337/AsmResolver/releases/tag/v5.4.0
I spent my Saturday on a dumb project answering the following question:
What is the smallest #dotnet Hello World binary?
Turns out, this rabbit hole is deeper than you may expect, so I wrote a blog post about it:
👉 https://blog.washi.dev/posts/tinysharp/