среда, 31 августа 2016 г.

bugs in mbedtls DH client/server

1) altough always used constant MBEDTLS_MD_SHA256 parameters are signed with sha1 and then we have MBEDTLS_ERR_RSA_VERIFY_FAILED in library\rsa.c on line 1435
2) in dh_server.c when receiving client's public value length of buffer must be dhm.len

Nice cryptolibrary, totally ready to work in kernel mode I think

вторник, 30 августа 2016 г.

how to build mbedtls-2.3.0 with wdk7

Lets say that you want to have some Diffie-Hellman-Merkle algorithm & hmac inside your driver. I found plain C library mbedtls which is very suitable for this, but has one minor problem - it does not support wdk7. So I just made port for it

вторник, 9 августа 2016 г.

ida 6.95 has been released

useful changes:
  • PE: added detection of entry point from incremental linking by Visual Studio 
  • FLIRT: added signatures for Windows Driver Kits 7-10
  • FLIRT: added detection of GsDriverEntry for Windows Drivers 
but still no support of apisetschema in PE imports, yeah

среда, 13 июля 2016 г.


Under windows 10 there are some very strange objects in root directory
They are created by Filter Manager (fltmgr.sys) and is used for communication between user-mode applications and filesystem minifilters. Lets see how we can enumerate and dump this