Dennis Yurichev

In first half of 2010, I wrote small notes about reverse engineering for beginners, now I got some spare time to gather them all, illustrate them, rewrite to LaTeX, etc.

So it's now 210-220 pages book in PDF form, both in English and Russian languages.

It's yet unfull and contain a lot of incorrect clauses and mistakes.

"Quick introduction to reverse engineering for beginners": http://yurichev.com/non-wiki-files/RE_for_beginners-en.pdf

"Краткое введение в reverse engineering для начинающих": http://yurichev.com/non-wiki-files/RE_for_beginners-ru.pdf

Do not hesitate to send me any corrections, please! Here is also books's source code (LaTeX): https://github.com/dennis714/RE-for-beginners

Some smartcards can execute Java or .NET code - that's the way to hide your sensitive algorithm into chip that very hard to break (decapsulate).
For example, one may encrypt/decrypt data files by hidden crypto algorithm rendering software piracy of such software nearly impossible.

That's what called Black box in math: http://en.wikipedia.org/wiki/Black_box

Some software protection dongles offers this functionality too.

These PoCs (proof-of-concept) I made while discovering Oracle NA (network authorization) packet structure...

CVE-2012-1745 and CVE-2012-1746 are just DoSs (denial of service), CVE-2012-1747 is heap overflow.

CVSS score is 5.0 for each.

Fixed in CPUjul2012.

Here is PoC for CVE-2012-0072 TNS Listener vulnerability fixed in CPUjan2012 (CVSS 5.0).

Was reported via McAfee and found using fuzzing...

http://yurichev.com/non-wiki-files/blog/exploits/oracle/CVE-2012-0072.py...

Here is two PoCs for CVE-2010-0911 TNS Listener vulnerability fixed in CPUjul2010 (CVSS 7.8).

Was reported via Sentrigo (now part of McAfee) and found using fuzzing...

Today, Oracle security bloggers write about dangerous "oradebug" command:
http://www.soonerorlater.hu/download/hacktivity_lt_2011_en.pdf
http://blog.red-database-security.com/2011/09/17/disable-auditing-and-ru...
http://www.petefinnigan.com/weblog/archives/00001352.htm

Just added to my generic tracer a module which I can call "dataflow tracker".

This is a module which would be able to answer the question "where each received from network byte is RIGHT NOW?"

It's state is far from release-state, so I can't publish it yet.

But how it works is extremely simple. When function like socket recv() is called and it received some data chunk from network, dataflow tracker (dt) marking each byte in memory buffer in form:

Not sure if it's worth blogging...

All strings in Oracle RDBMS network layer are usual C-strings terminated by zero byte, but often, string length is also passing as a separate function argument.
This makes some things much faster.
* strlen() is not necessary anymore - just take string length you already have.
* strcat() do not need to calculate string lengths.
* strcmp() against const string is working much faster:

Instead of:

Here is my third version of (so far) known fastest Oracle RDBMS hash cracker (DES based hashes):
http://conus.info/utils/ops_SIMD/

New Advanced Vector Extensions (AVX) x86 CPU extension is extending SIMD registers from 128 to 256 bits.
It is present now in Intel Sandy Bridge CPUs and will present is future AMD CPUs as well.
It is possible to make my Oracle passwords (DES) solver working at double speed on these CPUs because of register extension.
But I need to test it before.