[Most Recent Entries] [Calendar View] [Friends View]
Tuesday, July 2nd, 2024
| Time | Event |
| 11:58a | The World Before IDA Westerners had a cute looking user-friendly utility with bells and whistles, called Sourcer, but then Ivans came with their T-34 looking monster: https://corexor.wordpress.com/2015/12/0 Current Mood:  amused |
| 8:04p | Using Ghidra's Decompiler with IDA Since IDA doesn't support decompiling the 16bit x86 code, people are using Ghidra's decompiler with it: https://github.com/airbus-cert/Yagi That Yagi BTW adds decompilation support even to freeware IDA. Still that decompiler uses Ghidra's analyzer, which tends to fail on a few specific cases of 16 bit code. For example, when the IP-relative near call jumps to a NULL pointer, yet IDA's analyzer handles that without issues. So it makes little sense to use it. Easier would be patching Ghidra to do analysis properly. IDA is just obsolete nowadays. Especially when Ghidra got LLM integration. ChatGPT outperforms any decompiler. In fact it can even do disassembly half-reliably. Or 100% reliably if you run it in an agent mode, allowing to "proofread" its generation. I.e. ChatGPT doesn't even need any analysis environment, outside of a simple database. During my work, I asked ChatGPT to make me Ghidra python scripts, and it always succeeded with minor errors. I.e. it forgot that Java bytes are signed, and therefore the Python code should accommodate for that. Then again, it reliably fixes such bugs if in run in a loop. So the future of reversing is just running ChatGPT repeatedly until it identifies all symbols, and then dumps the C code. Current Mood: amused |
| << Previous Day |
2024/07/02 [Calendar] |
Next Day >> |