## ROPC — Turing complete ROP compiler (part 3, implementation)

This is the third (and last) post in a series (first post here, second here) about ROPC, describing implementation of its features like tables, conditional jumps, recursive calls, etc. Please familiarize yourself with the two first posts, otherwise this one might be hard to follow.

## ROPC — Turing complete ROP compiler (part 2, language)

This is the second post in a series (first post here) describing ROPC. Programs accepted by the compiler are written in ROPL (Return Oriented Programming Language). ROP programs are usually used as stage 0 payloads. They compute addresses, change memory protections, call few OS APIs. For this reason, language expressing them doesn’t have to be complex.

Categories: Exploit development

## ROPC — Turing complete ROP compiler (part 1)

This is a long overdue post describing ROPC (Return Oriented Programming Compiler, available here: https://github.com/pakt/ropc) with its own “higher level” language and features like conditional jumps, loops, functions (even recursive ones), tables, etc.. ROPC was released in 2012. Since then, Christian Heitman made a fork [0] capable of compiling ROP programs expressed in C (!).

## Generalized birthday paradox — keygenme3 by Dcoder

The birthday problem [0] asks what’s the probability that among $n$ people at least two of them have the same birthday. The “paradox” is that the answer is counterintuitive — in a group of 23, the probability is close to 50%.

Categories: Reverse Engineering

## DeCV — a decompiler for Code Virtualizer by Oreans

Code Virtualizer is a software protection solution using heavy obfuscation. Citing the author’s website [5]:

Code Virtualizer is a powerful code-obfuscation system that helps developers protect their sensitive code areas against Reverse Engineering while requiring minimum system resources.

Code Virtualizer can generate multiple types of virtual machines with a different instruction set for each one. This means that a specific block of Intel x86 instructions can be converted into different instruction set for each machine, preventing an attacker from recognizing any generated virtual opcode after the transformation from x86 instructions.

This post describes DeCV — a decompiler for Code Virtualizer.

Categories: Reverse Engineering

## Leaking information using timing attacks on hash tables, part 2

This is the second part of Leaking information using timing attacks on hash tables, discussing implementation details of the leak. Read the first part for a high level overview.