244
edits
Changes
major update in layout + added content
----
====Dynamic & Static Analysis (mostly unmanged binaries)====
====Debugger / disassembler for unmanged binaries=Interactive Disassemblers (static analysis)=====
*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.
:::*[https://github.com/onethawt/idaplugins-list A list of IDA Plugins (click here for more)] - A large list/collection of plugins for IDA.
*[https://githubcodisec.com/vivisectveles/vivisect VivisectVeles] - Vivisect Open source tool for binary data analysis framework(No longer actively developed). Includes Disassembler, Debugger, Emulation and Symbolik analysis engines *[https://github. Includes builtcom/uxmal/reko Reko] -in Server and SharedReko is a binary decompiler for static analysis (ARM, x86-Workspace functionality. Runs interactive or headless, programmable64, extensible, multi-processor disassembler hosted on WindowsM68K, LinuxAarch65, or Mac OS X (PureRISC-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, V and IDA. Criticisms (from a core devdotnet): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>
*[https://codisecrada.comre/velesradare2] and [https:/ Veles/rizin.re/ Rizin] - Open radare2 and its fork Rizin are open source tool for binary data analysis (No longer actively developed)reverse engineering frameworks. Both are primarily used through a shell-like text UI, but also offer GUIs called [https://rada.re/n/iaito.html iaito] and [https://cutter.re/ Cutter] respectively.
*[https://www.immunityincgithub.com/productsrizinorg/debugger/ Immunity Debuggercutter Cutter] - is a powerful new way to write exploits, analyze malware, free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineer Windows binary files (python support)engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.
*[https://www.hopperappgithub.com/ Hopperjoelpx/plasma Plasma] - Hopper Plasma is an interactive disassembler for x86/ARM/MIPS. It can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices)generates indented pseudo-code with colored syntax.
*[https://x64dbggithub.com/ x64dbgwisk/medusa Medusa] - Is is a powerful Open Source Ollydbg replacement with a User Interface very similar disassembler designed to Ollydbg also x64dbg as be both modular and interactive. It runs on Windows and Linux, it should be the name states offers x64 supportsame on OSX.
*[https://radagithub.recom/ radare2vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and [https://rizinSymbolik analysis engines.re/ Rizin] Includes built- radare2 in Server and its fork Rizin are open source reverse engineering frameworksShared-Workspace functionality. Both are primarily used through a shell Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-like text UIPython, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, but also offer GUIs called [httpsand IDA. Criticisms (from a core dev)://rada"Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project...re/n/iaitobut we keep working to make it better.html iaito] PR's and [httpssuggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect<//cutter.re/ Cutter] respectively.code>
*[https://githubwww.immunityinc.com/rizinorgproducts/cutter Cutterdebugger/ Immunity Debugger] - is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced powerful new way to write exploits, analyze malware, and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.engineer Windows binary files (python support)
*[https://githubwww.hopperapp.com/joelpx/plasma PlasmaHopper] - Plasma is an interactive disassembler Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntaxMac and Linux hosts, not for mobile devices).
*[https://githubx64dbg.com/eteran/edb-debugger edbx64dbg] - is Is a cross platform AArch32/x86/x86-64 debugger. It was inspired by powerful Open Source Ollydbg, but aims replacement with a User Interface very similar to function on AArch32, x86, and x86-64 as well Ollydbg also x64dbg as multiple OS'sthe name states offers x64 support.
::x64dbg Plugins/Integrations/Templates:::*[https://github.com/wiskx64dbg/medusa Medusax64dbg/wiki/Plugins x64dbg's Wiki] - is a disassembler designed to be both modular and interactive. It runs on Windows wiki of Integrations and Linux, it should be the same on OSXPlugins of x64dbg debugger.
*[https://github.com/mandiant/rvmi rVMI] - is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot environments in a single tool.
:::*[https://github.com/pwndbg/pwndbg pwndbg] - is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
*[https://github.com/capstoneeteran/edb-engine/capstone Capstonedebugger edb] - is a disassemblycross platform AArch32/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISCx86/x86-V(rv32G/rv64G)64 debugger. It was inspired by Ollydbg, SHbut aims to function on AArch32, Sparcx86, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86x86-64 as well as multiple OS's.
====Debugging and Profiling dynamic analysis (Linux)====
:::*[https://api.xposed.info/reference/packages.html Xposed API Reference] - Javadoc reference of the Xposed Framework API. It's meant for module developers who want to understand which classes and methods they can use.
====Network Inspection==== =====Promiscuous mode eavesdropping TCP/UDP=====
::*[https://github.com/mitmproxy/mitmproxy Mitmproxy] - is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
::*[https://github.com/Warxim/petep PETEP (PEnetration TEsting Proxy)] - is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols.
=====HTTP(S) Debuggers / Web Debuggers=====
::*[https://github.com/httptoolkit HTTP Toolkit] - is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools from Docker to Android to GraphQL.
::*[https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe Fiddler] - is a Web Debugger is a serviceable web debugging proxy for logging all HTTP(S) traffic linking your computer and the internet, allowing for traffic inspection, breakpoint setting, and more.
=====Other Network Tools=====
::*[https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview tcpview] - is a tool that will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions (Windows).
----
====BIOS (basic input/output system) firmware modifying software====Unified Extensible Firmware Interface (UEFI) & legacy PC computer BIOS Tools====(basic input/output system) firmware modifying software.<br>
::*[https://github.com/LongSoft/UEFITool UEFITool / UEFIExtract / UEFIFind] - is a UEFI firmware image viewer and editor.
::*[https://github.com/LongSoft/IFRExtractor-RS IFRExtractor-RS] - is a Rust utility to extract UEFI IFR (Internal Form Representation) data found in a binary file into human-readable text.
::*[https://github.com/direstraits96/BIOS-MOD-TOOLS/blob/main/AMI/AMIBCP/AMIBCP%205.02.0034.exe AMIBCP 5.02.0034] [https://www.virustotal.com/gui/file/7fe28fb8a7419c95fba428891e5b3914d9e2b365a5a8932da74db52a1c1dabd8 VT link]
::*[https://forums.mydigitallife.net/threads/tool-to-insert-replace-slic-in-phoenix-insyde-dell-efi-bioses.13194 PhoenixTool] - is a Windows-only freeware GUI application written in C#. Used mostly for SLIC-related modifications, but it not limited to this task. Requires Microsoft .NET 3.5 to work properly. Supports unpacking firmware images from various vendor-specific formats like encrypted HP update files and Dell installers.
:::'''AMI'''
:Bios password resetting
::*[https://archive.org/details/hp-bios-reset-mazzif HP BIOS Password Reset by MAZZIF] - A live USB tool made by Mazzif to reset older HP BIOS passwords. [https://www.virustotal.com/gui/file/9ddd094edc286f2cb8d63158d226986d9a0c184ca450580dfaf9754005df9d41 VT link]
======HM70 PCH chipset Bypass Unsupported CPU======
:Machine shuts down after 30 minutes if a '''"unsupported CPU"''' (Intel Core i3, i5 or i7) is installed in a notebook using the HM70 chipset.<br>
:The HM70 is aimed at entry-level laptops and budget-conscious consumers, and therefore is locked to [https://www.cpu-upgrade.com/mb-Intel_(chipsets)/HM70_Express.html support only dual core Pentium and Celeron CPUs..]<br>
:Intel has restricted this chipset in the firmware to shut down after 30 minutes if users attempt to upgrade their entry-level laptops.
::[[File:Hm70.png|none|thumb|200px|Intel HM70 PCH chipset. CPU supported: Intel Pentium & Intel Celerons. [https://www.intel.com/content/www/us/en/products/sku/67419/mobile-intel-hm70-express-chipset/compatible.html Source]]]
:'''Intel Management Engine Downgrade Attack'''.
::First analyze the firmware after you have made a back-up. Make note of the Intel ME version.
::Then download the Intel ME version just below the firmware version you try to downgrade.
::Fire up your hex editor search in your bios blob for '''"0x24, 0x46, 0x50, 0x54, 0x0F, 0x00, 0x00, 0x00, 0x20"''' Intel ME 1.5M blob will start ascii text '''"$FPT"'''.
::Replace that entire section with the new downgraded Intel ME 1.5m blob. Before flashing make sure Me Analyzer recognises the change. Flash the modification and test it.
::If you don't see the ME version change with Me Analyzer first try to make note of the offset the Intel ME blob is at and then run it through me_cleaner before injecting a older one.
::This downgrade attack <u>successfully bypassed</u> the 30 minute shutdown restriction timer.
* Required tools:
::[[Software_Tools#Hex_Editors|Hex Editor.]]
::[https://github.com/platomav/MEAnalyzer Me Analyzer] - Intel Engine & Graphics Firmware Analysis Tool.
::[https://github.com/corna/me_cleaner me_cleaner] - Tool for partial deblobbing of Intel ME/TXE firmware images.
::[https://winraid.level1techs.com/t/intel-conv-sec-management-engine-drivers-firmware-and-tools-2-15/30719 Intel (Converged Security) Management Engine: Drivers, Firmware and Tools for (CS)ME 2-15] - Useful resource.
::[https://mega.nz/folder/2Q0klQpA#6o04nlV_4xqfx76tjvgi4g (CS)ME Firmware Archive.]
----
[[Literature#Datasheets_boardviews_.26_schematics|Literature -> 1.2 Datasheets boardviews & schematics]]
---- ====Custom PCB Development Software==== =====Definition and Purpose=====::'''Computer-Aided Design (CAD)''' refers to software that enables users to create, modify, analyze, or optimize designs in various fields such as architecture, mechanical engineering, and manufacturing. CAD is predominantly used for designing physical structures and components. It allows designers to visualize objects in two-dimensional (2D) or three-dimensional (3D) formats, facilitating precise planning and adjustments before production begins1. ::In contrast, '''Electronic Design Automation (EDA)''' encompasses a suite of software tools specifically tailored for the design of electronic systems. EDA is crucial in industries like semiconductor manufacturing and printed ::circuit board (PCB) design. It focuses on automating the processes involved in designing electronic circuits at various levels—from high-level architectural descriptions down to detailed layouts. ::'''Integration Between CAD and EDA'''::While CAD focuses on physical structures, EDA deals with electronic components. However, as products increasingly integrate both mechanical structures and electronic systems—such as IoT devices—the need for collaboration between CAD and EDA has grown. This integration allows designers to embed electronic circuits within mechanical models seamlessly. =====Electronics Design Automation [[Wikipedia:Electronic_design_automation|(EDA)]] Suite for Developing Custom PCB's=====
*[https://www.kicad.org/ KiCad] - is a free software suite for electronic design automation (EDA). It facilitates the design and simulation of electronic hardware. It features an integrated environment for schematic capture, PCB layout, manufacturing file viewing, ngspice-provided SPICE simulation, and engineering calculation.
*[http://repo.hu/projects/pcb-rnd/ pcb-rnd] - is a free/open source, flexible, modular Printed Circuit Board editor. For design of professional and hobby boards. Is feature-rich and compatible. Has a long history, fast paced development, and big plansand is part of the coralEDA ecosystem.
=====Computer Aided Design [[Wikipedia:Computer-aided_design|(CAD)]] Mechanical Engineering=====
*[https://www.freecad.org/ FreeCAD] - is an open-source parametric 3D modeler made primarily to design real-life objects of any size. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters.
*[https://solvespace.com/index.pl SolveSpace] - is a free (GPLv3) parametric 3d CAD tool. Modeling 3d parts, modeling 2d parts, 3d-printed parts, preparing CAM data, mechanism design, plane and solid geometry.
----
====Web Browsing====
:::*1. Stop using the installed electron PC based version. Use the web version.
:::*2. Android stock client is spoiled with rubbish code slowing down your SoC and sending loads of analytics, use [https://github.com/Aliucord/Aliucord Aliucord] instead (but carefully read the readme.md, ToS issue).
====File Archiver Utilities====
*[https://www.7-zip.org/ 7-Zip] - is a free and open source file archiver.
*[https://github.com/M2Team/NanaZip NanaZip] - is a free and open source file archiver intended for the modern Windows experience.
*[https://peazip.github.io/ PeaZip] - is a free and open source file archiver, similar to WinRar, WinZip, and 7-Zip.
====Disk Encryption Software====
==Education==