Home
FDD
Cancel
FDD
Malware analysis and reverse engineering adventures

Configuration extraction in Mirai samples

Over the years all the public Mirai configuration extractors that I have come across either: Rely on bruteforcing the encryption key and apply the guessed key to the complete binary, a process t...

Decompiled code matching via AST features

This article is about a particular function matching technique implemented in diaphora and how it was ported to r2diaphora. Initial problem Matching decompiled pseudocode can be tricky, as decomp...

r2pipe optimization tips

Some quick tips on using radare2 from r2pipe python scripts to increase analysis performance. Using r2pipe native mode By default, if you open a binary for analysis in r2pipe (r2pipe.open("/path/...