Binary Ninja Rust Hello World

Binary Ninja has experimental support for writing plugins in Rust and the provided template is a good starting point for figuring out how to write one. This post will cover some (hopefully useful) getting started tips. A sample plugin can be found on GitHub. rust-toolchain.toml …
Read more...

ProLink PRC2402M V1.0.18 Multiple Vulnerabilities

All vulnerabilities mentioned in this post were tested against firmware version V1.0.18, older versions might be affected as well. Affected devices should be updated to V1.0.23 to resolve the issues. Proof-of-concept exploits for all vulnerabilities can be found here: https://git…
Read more...

Generating Binary Ninja Dash Docset

The default method to generate Dash docsets for Binary Ninja does not work with a personal license as it requires the ability to run Binary Ninja in headless mode, a capability only available with the commercial license. Luckily, Binary Ninja ships the API documentation as HTML f…
Read more...

Semgrep - Matching JavaScript Imports

Semgrep is a great tool to add into a code review workflow as Semgrep is aware of language semantics and automatically handles things like different import styles and aliases well. However, when writing rules for JavaScript, I noticed that the following import pattern was not han…
Read more...

Instrumenting JVM Programs With Frida

Frida is very commonly used to instrument Android applications written in Java and compiled to Dalvik bytecode. It is a less well known fact that Frida gained support for instrumenting Java programs running on the HotSpot JVM in a recent version which should work on most JVM vers…
Read more...