Chrysalide

A lot of time has been spent on the new version of the website, so there are only a few changes for this February digest.

The following news is based on commit 027305c, so you can give this version of Chrysalide a try by running:

git clone http://git.0xdeadc0de.fr/chrysalide.git
cd chrysalide
git checkout 027305c

The statistics provide a small overview of the done work:

git diff --stat 2834917..HEAD | tail -1
 87 files changed, 4369 insertions(+), 1711 deletions(-)

Exchanges with the database

The protocol to send and receive analysis items (bookmarks, comments, aso) is currently quite naive.

An improved new version is planned and should drive to a better system one should expect for a professional reverse engineering framework.

The first steps are already implemented:

a dialog box allows to define identities for the SSL certificates used for exchanges (commit 588c206).
these certificates will provide SSL mutual authentication based on code from commit 7778a0c.
the old core networking system has been replaced by a new one, relying on transfers using abstract packed buffers (commit 027305c).

There are plenty of formats that Chrysalide could analyze, such as archives (.a) or Android applications (.apk) for instance.

But Chrysalide currently only recognizes ELF or Dex files.

A lot of extra work is still required to support more file formats, but the commit 511ac89 prepares this support by cleaning the current code.

The Git repository will not be the only way to get Chrysalide soon.

But in order to make Debian or Arch packages, the first step is to create tarballs first. And tarballs need a working "make dist" rule.

This command is now supported (commit 1898c6e).

Comparing ARMv7 registers was buggy because of a missed update of comparison prototypes. This bug has been fixed in commit 9a7bace.

If DEBUG is not set (which is the case when building packages), the compilation was broken. This bug has been fixed in commit 252aa6d.

Posted on February 28, 2017 at 20:59.