EvilZone
Programming and Scripting => Projects and Discussion => : HTH March 25, 2015, 10:43:37 AM
-
Well, since Kenjoe41 pointed out yesterday how you were all "waiting and waiting" here it is:
BinDyn, now in C++, with a GUI. it's been about 2 weeks since I said I'd code it in C++, and it's still not done (hell two of the modules are not even started beyond a template and a link to the main program).
However, it CAN:
Scan for signatures, Strings,
Created a few different plots in different ways for rapidly Identifying data structures,
save excerpts from the file you are working on once you have ID'd something you need.
Scan and map entropy with varying windows sizes and resolution.
Generate file statistics useful for Identifying if that blob of random text is say, AES encrypyed or just something like Uuencode.
And interface in the most rudimentary way with gdb and objdump, I don't personally see much use for the gdb one and its still not even close to done, however the objdump part could be useful if you think you have identified a malwares stub f.ex.
I read the guidelines and apparently we need screenshots so here you go:
Signature and String Scanning:
(http://upload.evilzone.org/index.php?page=img&img=SKDpSDsNvcxbgyJUy6THrbFGqpwWg2skf6NMujNONq689xj3Qc)
Digraph and Basic Hex Editor:
(http://upload.evilzone.org/index.php?page=img&img=V5cDx5VdDaOJLKKwTThKV417SU6uHsM2zJjOn5mnpohuaHnHbC)
Statistics(Histogram) and Self Similarity Plot:
(http://upload.evilzone.org/index.php?page=img&img=rT0aRf8dMdzypTdqrV8SIzkZVDY5lmoKU5OX1rcYlFwENczwkP)
Entropy Map Displaying using space filling curves to keep data locality alive:
Also displaying a byte plot set to 150 (150 data points per line):
(http://upload.evilzone.org/index.php?page=img&img=dt4aGD7VkaDbQqkvqEaqkV1j9y2EY58oCzMrrJ8M2FyZUKN9Jg)
Entropy Map with default settings, also a not implemented conversions feature:
(http://upload.evilzone.org/index.php?page=img&img=CIOq6goMfVGtWUy2KpQr2mrRaH3TVStKJ5FHuNamyOtr9lmzOO)
Finally, the GDB and Objdump Dissasembler integration:
Funny enough I was going to code my own x86 dissasembler until I realized that I might as well just assume the user has GNU build tools installed and save myself many many hours of life.
Will probably still code a dissasembler for the learning experience but I think Ill choose like IL or ARM.
(http://upload.evilzone.org/index.php?page=img&img=1onE2m9gm9frNK16rJ7tOwfo893D8KqFYHkNUjXIGWinuZDyQU)
Anyway that's it for now folks, it's coming along swimmingly, and it's on github:
https://github.com/TheRealHTH/BinDyn (https://github.com/TheRealHTH/BinDyn)
I will be continuing to work on this, and there is lots I want to improve upon but there it is.
-
Greaaaaat.
But I get
make: *** No rule to make target `/usr/share/qt4/mkspecs/linux-g++-64/qmake.conf', needed by `Makefile'. Stop.
?
-
Did you run:
qmake -project
qmake
make
From the source directory? If so I'll look into why that might be happening, it obviously compiled on my machines lol
Edit: google says that if you did the above and it still happened then the generated .pro file might be borked. Im on my way out but I'll do my best to figure it out tonight
-
Very nice HTH, i look forward to the projects completion =)
-
Kind of a late reply to this thread, but I had been having issues w/ getting bindyn to build correctly (even after qt5 libs were installed, etc). Here's a little guide on how to build it on xubuntu.
user@localhost[bindyn/src] $ qmake -version
QMake version 3.0
Using Qt version 5.2.1 in /usr/lib/x86_64-linux-gnu
user@localhost[bindyn/src] $ qmake -project
user@localhost[bindyn/src] $ qmake
user@localhost[bindyn/src] $ vim src.pro # add QT += widgets on line 8 manually
user@localhost[bindyn/src] $ make -j4
... bunch o' g++ shit here ...
user@localhost[bindyn/src] $ ./src
i always have to add that one QT += widgets line in, i guess i have some sort of misconfiguration in the mess that is my QT installation, but if this is all i have to do to get it to build w/out errors, then that's fine by me. (hehe)
-
Weird, if you wanted to write a better read me and open a pull request I'd appreciate it.
The commands i shared work for me ;p
i have not much time the next few weeks for anything fun.