#ghidriff — Public Fediverse posts

Exciting! My talk recording just dropped from #OBTS v7! 🗣️✨ Learn how to patch diff on Apple with #Ghidra, #ghidriff, and #ipsw: "Patch Different on *OS": https://www.youtube.com/watch?v=Ellb76t7nrc

Exciting! My talk recording just dropped from #OBTS v7! 🗣️✨ Learn how to patch diff on Apple with #Ghidra, #ghidriff, and #ipsw: "Patch Different on *OS": https://www.youtube.com/watch?v=Ellb76t7nrc

Exciting! My talk recording just dropped from #OBTS v7! 🗣️✨ Learn how to patch diff on Apple with #Ghidra, #ghidriff, and #ipsw: "Patch Different on *OS": https://www.youtube.com/watch?v=Ellb76t7nrc

Exciting! My talk recording just dropped from #OBTS v7! 🗣️✨ Learn how to patch diff on Apple with #Ghidra, #ghidriff, and #ipsw: "Patch Different on *OS": https://www.youtube.com/watch?v=Ellb76t7nrc

Exciting! My talk recording just dropped from #OBTS v7! 🗣️✨ Learn how to patch diff on Apple with #Ghidra, #ghidriff, and #ipsw: "Patch Different on *OS": https://www.youtube.com/watch?v=Ellb76t7nrc

Root Cause Your Own CVEs #patchdiffinthedark #ghidriff #blackalps

https://youtu.be/A2IrcwG6e84?si=oKl6DfydOde6aVv7&t=2274

Hot of the #ghidriff #patchdiffing press for April 2024 we have CVE-2024-26219 in HTTP.sys 🔥

MSRC just started publishing CWE info! For this CVE we have a "CWE-476: NULL Pointer Dereference" 👀

See if you can find it 🧐

Hint: "UxLastMdlChunkNullFix"

https://gist.github.com/clearbluejar/a4917caf66a9e34d58d101225da96587

hello 2024!

Hot off the #ghidriff #patchdiffing press we have the January 9, 2024—KB5034122 Windows 10 22H2 x64 kernel update ...
https://gist.github.com/clearbluejar/0e52d80a2f489d8a226f12da5e1c1248 🔥

Side by side view is here: https://diffpreview.github.io/?0e52d80a2f489d8a226f12da5e1c1248 👀

This month the kernel fixes include CVE-2024-20698 ... as there are not too many changes, perhaps we find the root cause?

Take at look this function... https://gist.github.com/clearbluejar/0e52d80a2f489d8a226f12da5e1c1248#wbaddlookupentryex 🧐

Hint: It rhymes with "vintager afterglow".

Latest #ghidriff v0.6.0 now uses #Ghidra 11.0 and brand new #BSim correlation: 🔥👀

https://github.com/clearbluejar/ghidriff/releases/tag/v0.6.0

stayed up way too late, but now #ghidriff has a PR with #ghidra #BSIM powers. so... worth it? 😅

https://github.com/clearbluejar/ghidriff/pull/73

Some #BSIM first impressions:
- The BSIM correlator is great for matching. The overall improvement for #ghidriff is a net plus, but some custom #ghidriff correlators were already providing similar structural matching (not as good, but similar) 💪
- Speculation: 🧐 BSIM is the reason why Ghidra Version Tracking was lacking structural matching heuristics. I didn't understand that before the arrival of BSIM, and it was the reason why I added my own structural function matching to #ghidriff. BSIM fills the gap and does it better.
- Adding BSIM to #ghidriff slows it down a bit. This is because BSIM decompiles all functions to match based on data flow and call graphs, and #ghidriff similarly already does this to make matching decisions. Will need to optimize. 🤓
- Adding the BSIM correlator for matching is just the beginning, stay tuned to see what else BSIM can do. 🔥🐲

Hot off the #ghidriff #patchdiffing press, we have the December Windows 11 22H2 x64 kernel security update KB5033375: https://gist.github.com/clearbluejar/4f0c979c314a80374402545cd1ae45cd 🧐

Side-by-side view here: https://diffpreview.github.io/?4f0c979c314a80374402545cd1ae45cd 👀

Hot off the #ghidriff #patchdiffing press we have November's Windows 11 22H2 x64 kernel update KB5032190:
https://gist.github.com/clearbluejar/02fc449d3915fed375921e9d80bac42b 🧐

Side by side view is here: https://diffpreview.github.io/?02fc449d3915fed375921e9d80bac42b 👀

Hot off the #ghidriff #patchdiffing press we have October's Windows 11 22H2 kernel Update KB5031354...

https://gist.github.com/clearbluejar/58af23c6b17eefae87608ef2d67d22d7 👀