Neat. I’ve done an entire month.

I stopped blogging every day and just focused more on the code rather than writing. These posts I feel are pretty weak anyway so I might just start doing a weekly one if I deem it worthwhile.

This last week, I barely worked on the fuzzer. I started making the TCP client portion of it, but it is not functional yet and has not been committed to Git. I have placed this project on the backburner temporarily because I have just simply found more interesting problems to work on for the time being.

I started learning SaltStack, so I wrote a package to install some tools on new workstations and virtual machines in my labs: https://github.com/droberson/salt-the-earth

For a long time, I’ve been wanting to write an ELF packer. I failed at actually getting it done, but I feel it is close. I didn’t release the source because it currently doesn’t work at all. I did, however, successfully create a simple ELF crypter: https://github.com/droberson/ELFcrypt

With the ELFcrypt software, you can pick and choose which C functions in your source that you’d like to protect. It uses RC4 encryption to encrypt these functions, decrypting them at runtime. So in essence, you can write programs that are a bit harder to reverse engineer if they are discovered on a drive. There are still plenty of weaknesses with this, but it will definitely help against casual prying eyes. It also does nothing to hide strings within the binary (unless they live inside of the functions you’ve encrypted).

This has kept me busy for the last few days. There are a few improvements I’d like to make to some existing software that I have made available so I may be doing those in the next few days until I feel like fuzzing some more.

 

Advertisements