NSA makes powerful tool open-source

[PlayStation 2]

5 hours ago, TOMPPIX said:

now please somebody take a look at nvidia gameworks and see if it is actually doing something shady, maybe we can kill the whole nvidia gameworks slows down games for amd. 

With that, I should also start analyzing AMD-favored games like Doom and Dirt 4. Wanna go the unbiased route, I'll throw a shit ton of games through the tools.

[silberdrachi]

8 hours ago, LAwLz said:

It makes quite a bit difference.

IDA is probably the most popular decompiler, and that costs 1900 dollars for a single license (there is a free version but it has lots of limitations, such as only supporting 32bit applications).

All of a sudden people can legally get a free program to play around with, without having to spend 1900 dollars on something they might not have any use for.

 

It being open source also mean that people could fork it or do other things with it, potentially making it better.

Or help companies like Hex-Rays to improve their products by comparing NSA's way of dealing with things to their own.

 

Plus, now that a free and open source alternative exists companies like Hex-Rays needs to work even harder to make their products worthwhile.

Why pick their tool for thousands of dollars when a free one exists?

 

 

 

I should probably note that it doesn't seem like Ghidra is open source yet. I downloaded the package from the website (ghidra-sre.org) and it's full of precompiled binaries, and no source. There is a link to a Github repo on the website, but there is no source in the repo either. It does however say "This repository is a placeholder for the full open source release. Be assured efforts are under way to make the software available here".

 

I think it's very unwise to download and run a program from the NSA.

It's best to wait for the real release.

I guess i should've clarified about what i mean by "making a difference". I was referring to the fact that people think that this will mean that someone who couldn't do any of these activities in the past could magically pick up this open source tool and be able to backwards engineer Microsoft Word. That simply just isnt the case. All this is, is give people who already know how to use a tool like this, to do it better/easier/faster/differently. The negative impact of this is extremely small, if it even exists at all. On the other hand this is great for the community of programming in general and its a good sign when people take things and make them open source instead of throwing it away to never be seen again.

[LAwLz]

16 hours ago, Juniiii said:

Completely agree with this, but can you decompile hex’s with this decompile? 

I don't see why not.

You could probably decompile IDA with IDA as well.

 

15 hours ago, Juniiii said:

Since it’s a external hack that downloads the files from else where, I was able to find where it downloads the said files and requested the files to be downloaded to my computer instead of temporarily holding them on the program itself. This is gonna be fun to show to the community. I’m not saying what game yet just so I can keep this on the low but it’s gonna be a fuck fest soon. 

No you didn't.

 

15 hours ago, Juniiii said:

Pretty much after doing this with the hack, I got the source code, and I also got it to be without any drm. If I wanted to I could make my own and sell it. 

No you didn't.

 

15 hours ago, VegetableStu said:

I feel like an expert's needed on this to explain what it can and can't do ._.

@GoodBytes @leadeater (sorry you guys might not be the right person, but just to check if you know of anyone...)

You load an executable into the program, and you get the machine code which the program can execute displayed on the screen. It also has some features for editing the code, and testing things.

 

Contrary to popular belief, a disassembler do not give you the source code for a program.

You basically get a complete mess of assembly code which might not even be 100% accurate, without any comments or anything.

 

 

14 hours ago, Juniiii said:

So far it is determined as safe. Lots of people have anaylzed the code and many many flaws have been found within the source code.

Stop lying. The source code is not released yet. They released a precompiled binary, and said they will open source it later.

 

 

 

7 hours ago, silberdrachi said:

I guess i should've clarified about what i mean by "making a difference". I was referring to the fact that people think that this will mean that someone who couldn't do any of these activities in the past could magically pick up this open source tool and be able to backwards engineer Microsoft Word. That simply just isnt the case. All this is, is give people who already know how to use a tool like this, to do it better/easier/faster/differently. The negative impact of this is extremely small, if it even exists at all. On the other hand this is great for the community of programming in general and its a good sign when people take things and make them open source instead of throwing it away to never be seen again. 

Oh I see. Yeah I totally misunderstood you. Sorry.

Totally agree with you there. This does not matter for 99.9999% of people.

[leadeater]

25 minutes ago, LAwLz said:

Contrary to popular belief, a disassembler do not give you the source code for a program.

You basically get a complete mess of assembly code which might not even be 100% accurate, without any comments or anything.

That's because non developer/coding people don't realize that when you compile your code the compiler applies optimizations, sometimes with compiler hints you put in, so you can never reverse back to the source code you wrote. You can only ever see the reverse engineering of the resultant of what the compiler used did.

 

It's like using Google translate to go from English to French then take that French and Google translate back to English, it's not the same English.

 

That's actually one of the challenging parts of this type of thing, a flaw in the program that potentially comes from the compiler interpretation of what you want.

[mr moose]

1 hour ago, LAwLz said:

 

Contrary to popular belief, a disassembler do not give you the source code for a program.

You basically get a complete mess of assembly code which might not even be 100% accurate, without any comments or anything.

 

 

 

26 minutes ago, leadeater said:

That's because non developer/coding people don't realize that when you compile your code the compiler applies optimizations, sometimes with compiler hints you put in, so you can never reverse back to the source code you wrote. You can only ever see the reverse engineering of the resultant of what the compiler used did.

 

It's like using Google translate to go from English to French then take that French and Google translate back to English, it's not the same English.

 

That's actually one of the challenging parts of this type of thing, a flaw in the program that potentially comes from the compiler interpretation of what you want.

Would it be accurate enough to discover what data an app might send and to which URL?

[leadeater]

1 minute ago, mr moose said:

Would it be accurate enough to discover what data an app might send and to which URL?

Yes but it depends on multiple factors like the original source, the compiler used and most importantly the decompiler.  Plus other factors like any code protection used to obfuscate it to make decompiling harder.

 

You could get back anything from assembly to code in a higher level language.

 

[LAwLz]

13 minutes ago, mr moose said:

Would it be accurate enough to discover what data an app might send and to which URL?

It can vary from program to program, and how skilled the person in front of the computer is.

But if all you want to know is what data is being sent and to which URL, a far easier method of checking that is to do a packet capture of the outgoing traffic from the computer.

If the traffic is encrypted then do a MITM using a root certificate installed on the computer.

 

The problem with this is that while you can see what is being transmitted, you don't know what information it is exactly. For example the clear text data might be 32rterrtweferveb5w4qE3YEH which might just look like garbage to you and I, but to a server expecting that exact formatting it might mean a ton.

But you will have that problem regardless of if you do a packet capture or reverse engineer the program.

[mr moose]

10 minutes ago, leadeater said:

Yes but it depends on multiple factors like the original source, the compiler used and most importantly the decompiler.  Plus other factors like any code protection used to obfuscate it to make decompiling harder.

 

You could get back anything from assembly to code in a higher level language.

 

So unreliable as evidence for something more insidious than basic telemetry data? 

[mr moose]

1 minute ago, LAwLz said:

It can vary from program to program, and how skilled the person in front of the computer is.

But if all you want to know is what data is being sent and to which URL, a far easier method of checking that is to do a packet capture of the outgoing traffic from the computer.

If the traffic is encrypted then do a MITM using a root certificate installed on the computer.

 

The problem with this is that while you can see what is being transmitted, you don't know what information it is exactly. For example the clear text data might be 32rterrtweferveb5w4qE3YEH which might just look like garbage to you and I, but to a server expecting that exact formatting it might mean a ton.

But you will have that problem regardless of if you do a packet capture or reverse engineer the program.

I was just wondering how useful it would be for verifying companies claims of which data they collect. 

[leadeater]

1 minute ago, mr moose said:

I was just wondering how useful it would be for verifying companies claims of which data they collect. 

Company like Microsoft would employ code protection/obfuscation which could render a lot of decompiling efforts fruitless. You'd have a better time packet capturing and trying to decode the data.

[mr moose]

7 minutes ago, leadeater said:

Company like Microsoft would employ code protection/obfuscation which could render a lot of decompiling efforts fruitless. You'd have a better time packet capturing and trying to decode the data.

I wasn't really thinking about them, Microsoft make their code available to governments, if the data wasn't what they said I assume one of the various government agencies would have picked up on it by now.

 

https://www.wsj.com/articles/SB1042592554169993184

https://www.petri.com/no-back-doors-microsoft-opens-windows-source-code-to-eu-governments

 

 

EDIT: forgot to say I was more thinking about phone apps that supposedly only make their money from "advertising"

[LAwLz]

15 minutes ago, mr moose said:

I was just wondering how useful it would be for verifying companies claims of which data they collect. 

Sadly, not that reliable.

A packet capture is still the best way to obtain that (far easier to read, and more accurate than disassembling the program), but even then the data can be formatted in any way they want, including obfuscating or misleading labels of data.

 

I mean, even if we have access to the packets leaving our machines and things seem neatly labeled, there is no evidence that it isn't something else.

Let's assume we captured a packet leaving my computer with the data:

Temp-Session-ID: 6709611943

 

That looks pretty clear and harmless.

However, once the packet arrives at the server it might replace this text "Temp-Session-ID: " with a label saying "Date of birth: "

Then divide the number 6709611943 by 7.213.

 

What left our computer:

Temp-Session-ID: 6709611943

 

What ends up being stored on the server:

Date of birth: 930211

 

Which is my birthday.

 

4 minutes ago, mr moose said:

EDIT: forgot to say I was more thinking about phone apps that supposedly only make their money from "advertising" 

Sadly we're kind of out of luck there. When they are found out it's because of things like not obfuscating the data they collect, or sending data to some suspicious location (like an IP located in let's say China) without disclosing it.

If done properly, collecting more information than disclosed is almost impossible to detect, and not that hard to do.

[leadeater]

6 minutes ago, mr moose said:

EDIT: forgot to say I was more thinking about phone apps that supposedly only make their money from "advertising"

Well I was meaning like Microsoft as any company similar, or ones what would care enough to obfuscate. Those tools can be free so it's not actually hard to obfuscate code, if you want to.

[LAwLz]

2 minutes ago, mr moose said:

I wasn't really thinking about them, Microsoft make their code available to governments, if the data wasn't what they said I assume one of the various government agencies would have picked up on it by now. 

Also worth noting that Microsoft have gotten into a lot of trouble for breaking several privacy laws in some European countries.

So it's not like they have complete transparency and have found to have clean hands.

 

With that being said, Microsoft has changed A LOT regarding what info they collect on users in Windows 10 (possibly because of the threat of legal actions from government agencies, and new laws like GDPR), and how transparent they have been about it.

 

 

They went from:

"We won't tell you anything about what we may or may not collect. By the way, some of the buttons related to privacy setting doesn't actually do anything, we will sometimes reset settings, and we collect a huge amount of info about you, sometime like 2-3 times as much as we actually need for the purposes we give to you. By the way, some 'security updates' we send out actually just collect personal data and send it to us".

 

To:

"Here is most of the stuff we collect in a somewhat detailed list, we have significantly cut down on what we collect and we have made it more clear to users that we collect personal data and made it easier to disable some of it".

 

It's easy to point and say in what ways they have improved, but because this heavily relies on trust we can not and should not forget what they did in the past.

Every bad thing they have done, and every time they have lied, broken their promises, or otherwise done something which benefits them at the expense of their users, is a reason not to trust them today.

 

For every year they act well, without getting caught doing bad or shady stuff, they will regain some of my trust. Maybe in 5 years or so, without any major incidents, I will start taking their word on stuff and not second guess every decision.

[Juniiii]

4 hours ago, leadeater said:

Well I was meaning like Microsoft as any company similar, or ones what would care enough to obfuscate. Those tools can be free so it's not actually hard to obfuscate code, if you want to.

Is there a way to find where an app is connected to and downloading files from? It would be pretty useful for me.

[LAwLz]

3 minutes ago, Juniiii said:

Is there a way to find where an app is connected to and downloading files from? It would be pretty useful for me.

Yes

There are a few ways of doing that.

 

The easiest and cleanest way would probably be installing the firewall "GlassWire". It can monitor which programs connect to what. However, that's a full blown firewall which might mess with other stuff on your system.

[Juniiii]

10 minutes ago, LAwLz said:

Yes

There are a few ways of doing that.

 

The easiest and cleanest way would probably be installing the firewall "GlassWire". It can monitor which programs connect to what. However, that's a full blown firewall which might mess with other stuff on your system.

Would I be able to see an ip to something that I would be able to download from? How would this work exactly?

[Delicieuxz]

Will it be possible to remove Starforce DRM from TrackMania Sunrise with this tool? Asking for a friend who is me who really wants to see Starforce removed from TMS so that it can be played on OSes newer than Vista.

[LAwLz]

1 hour ago, Juniiii said:

Would I be able to see an ip to something that I would be able to download from? How would this work exactly?

Yes

Once the application tries to connect to the Internet, it will go through GlassWire which will log what server it connected to (IP, and in some cases the host name as well) and a bunch of other things like how much data was transmitted.

 

14 minutes ago, Delicieuxz said:

Will it be possible to remove Starforce DRM from TrackMania Sunrise with this tool? Asking for a friend who is me who really wants to see Starforce removed from TMS so that it can be played on OSes newer than Vista.

Yes, but it was already possible with other tools too. It just takes a lot of skill and time to do.

[Delicieuxz]

9 minutes ago, LAwLz said:

Yes, but it was already possible with other tools too. It just takes a lot of skill and time to do.

Good to know.

 

The game still has a cult following, but nobody has removed the Starforce DRM over the years and instead usually resort to playing in a virtual machine for Vista.

[Juniiii]

57 minutes ago, LAwLz said:

Yes

Once the application tries to connect to the Internet, it will go through GlassWire which will log what server it connected to (IP, and in some cases the host name as well) and a bunch of other things like how much data was transmitted.

 

Yes, but it was already possible with other tools too. It just takes a lot of skill and time to do.

Ah, that’s quite nice, I’ll have to try that out when I get home. I have lots of things I could use glassware with. How would I go about downloading things from the host myself without the program? So I could have the files permenately instead of temporarily.