Sunday, July 29, 2007

Defcon and Chaos Camp 2007


This weekend is DefCon 16. All signs say this year is going to be just as big, if not bigger, than it's been in the past. Part of me misses the Alexis Park experience. It felt more homely, more tightly knit together than at a casino. Maybe it's just me. :)

I'll also be a part of the Hackers on a Plane! We're flying right after DC to the Chaos Computer Camp. I've lamented often to friends on how disjointed we are, specifically within the Bay Area, as a community of hackers. I'm not one to talk because I'm just as bad about staying home and keeping things to myself as the rest of us. Hopefully CCC.de will help invigorate me to make some changes. This little spot on the Internet has helped a little. I no longer feel like an evil anti-social hacker -- ok, maybe a little.

Hope to see everyone there!

Thursday, July 19, 2007

eEye's BinDiffing Suite for IDA Pro 5.1

It's been a while since I've posted anything, mostly because I've been very busy changing jobs, starting a penetration testing group from the ground up. That plus all the initial new employee training have eaten up a lot of my time.

One thing we'll be doing is Binary Diffing. I fully believe every good penetration tester should be able to understand assembly, research new vulnerabilities and reverse engineer in some capacity. A good binary diffing program helps a LOT!

While I was waiting for our purchasing department to order Sabre's BinDiff I took a look at eEye's BinDiffingSuite. With my copy of IDA 5.1 installed I downloaded the tool and started the installation. I'm soon greeted with a message saying:

...requires requires IDA Pro Standard v5.0 or IDA Pro Advanced v5.0

During this month's eEye vulnerability forum I asked if there were any plans to update the tool to support IDA 5.1. Hackers take note - Alex's response is "We all use 5.0 here and it works well." Uh, aren't there are known vulnerabilities against IDA 5.0? Are you guys running out-dated software?!

Flame baiting aside, the MSI file is doing a very simple check for installed IDA versions. Here's how you can get it installed and running with the latest (and more secure.. ahem) version of IDA. The IDA SDK has been pretty stable since v4.9 so the suite works with v5.1 without hassle:
  1. Open RegEdit and go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDA Pro_is1
  2. Change the DisplayName to say "IDA Pro Standard v5.0" or "IDA Pro Professional v5.0"
  3. Re-rerun BinDiffSuite.exe and install
  4. Change it back to what it was previously (if you want)
  5. Have fun!
This really is a nice suite of tools. Big kudos to eEye for releasing it and including source code!