I remember seeing "Ghost in the Shell 2: Innocence" for the first time as a child- Completely nerded out by the Chinese IPS robots trying to stop the attack nearing the end of the film. Loved how they were just super quickly talking to each other about what they were doing and how the attack was progressing. Never did I expect to see the day that AI's actually compete against each other in CTF events. Less so human beings toying with this kind of tech from home. I still do believe almost everything in Sci-Fi we come up with is less about "how we see the future" and more about "We're just about to cook this". Lots of films like these deal with concepts such as immortality, god-like AI's, absolute defense, megastructures, regeneration etc. etc. Makes one wonder how many of these are right around the corner.
I am currently working on a plan and team approach in ReVa. I am building a "RE workflow" into the model to make it work more like a human reverse engineer. It will take the question, create a plan, perform research on the binary, then summarise and loop. In my approach I have the ReVa work in real time with the human through Ghidra. I already have a small team of LLMs working on the database at the same time. ReVa can split your question into pieces and work on each piece in a thread. This is very expensive in compute though, so I need to improve the multiple model support. If you use this feature it is ~$5USD in OpenAI credit for a malware sample report.
Yes, this is an easy challenge for a human but for a LLM it is a difficult test. This is a data obfuscation challenge and is the worst case for current models. The tokeniser breaks the relationship between bytes, this means the LLM doesn't learn well during training. This and causes many issues with a basic approach (reversing a string is difficult for an LLM). With my approach in ReVa I give the LLM tools that move the work and allow it to solve challenges like these, the "thinking" is performed in the LLM and the data deobfuscation is performed in Ghidra and Python. I can show a more complex example of ReVa reverse engineering a large malware or kernel extension, these are actually easier for the model!
This is Ghidra and my own tool ReVa. This challenge is an old one from HackTheBox. If you are interested you can find ReVa here: github.com/cyberkaida/reverse-engineering-assistant And you can find Ghidra here: github.com/NationalSecurityAgency/ghidra
It is like a dishwasher. It can take longer, but you are not washing. ReVa is an assistant that can help with simple tasks and work on the same database at the same time you are. This can help with easy things, so you can focus on harder things. This task is hard for LLM based tools. It is an encoding problem and the meaning is lost in the tokeniser step. ReVa is doing it well because it is using a generic tool approach with tools designed for LLM use.
Your streams are always so fun and educational to watch! I can't wait to see more from you!
Looks great! Would love to do a comparison between this and angr/Manticore or other symbolic analysis tools, for automated RE challenge solving.
I remember seeing "Ghost in the Shell 2: Innocence" for the first time as a child- Completely nerded out by the Chinese IPS robots trying to stop the attack nearing the end of the film. Loved how they were just super quickly talking to each other about what they were doing and how the attack was progressing. Never did I expect to see the day that AI's actually compete against each other in CTF events. Less so human beings toying with this kind of tech from home. I still do believe almost everything in Sci-Fi we come up with is less about "how we see the future" and more about "We're just about to cook this". Lots of films like these deal with concepts such as immortality, god-like AI's, absolute defense, megastructures, regeneration etc. etc. Makes one wonder how many of these are right around the corner.
I am currently working on a plan and team approach in ReVa. I am building a "RE workflow" into the model to make it work more like a human reverse engineer. It will take the question, create a plan, perform research on the binary, then summarise and loop.
In my approach I have the ReVa work in real time with the human through Ghidra. I already have a small team of LLMs working on the database at the same time. ReVa can split your question into pieces and work on each piece in a thread. This is very expensive in compute though, so I need to improve the multiple model support.
If you use this feature it is ~$5USD in OpenAI credit for a malware sample report.
This is so cool. To be fair this looked like a beginner level CTF, but it's still cool to see we can use LLM for these kinds of applications as well!
Yes, this is an easy challenge for a human but for a LLM it is a difficult test. This is a data obfuscation challenge and is the worst case for current models. The tokeniser breaks the relationship between bytes, this means the LLM doesn't learn well during training. This and causes many issues with a basic approach (reversing a string is difficult for an LLM).
With my approach in ReVa I give the LLM tools that move the work and allow it to solve challenges like these, the "thinking" is performed in the LLM and the data deobfuscation is performed in Ghidra and Python.
I can show a more complex example of ReVa reverse engineering a large malware or kernel extension, these are actually easier for the model!
I’m going to need that Ghidra theme 😍
It is included! In the project view, you can press Edit -> Theme -> Switch. Mine is Flat Dark with the font bigger for streaming!
@@cyberkaida wtf. How did I not see that menu? Lmao, thanks!
@@AngDeLuca I am happy to help!
dang cool asf. Hey, what tools did u use for reverse engineering?
This is Ghidra and my own tool ReVa. This challenge is an old one from HackTheBox.
If you are interested you can find ReVa here:
github.com/cyberkaida/reverse-engineering-assistant
And you can find Ghidra here:
github.com/NationalSecurityAgency/ghidra
@@cyberkaida dang, cant understand many thing even though i called myself a programmer.
@@cyberkaida were going to have to completely obfuscate all code from now on arent we
WOW! This is exceptionally cool!
Thank you! I am improving ReVa each week!
Soo coool!
auto arg solver
Oh cool a CTF that takes 1 minute to solve done in two minutes by an LLM.
It is like a dishwasher. It can take longer, but you are not washing. ReVa is an assistant that can help with simple tasks and work on the same database at the same time you are. This can help with easy things, so you can focus on harder things.
This task is hard for LLM based tools. It is an encoding problem and the meaning is lost in the tokeniser step. ReVa is doing it well because it is using a generic tool approach with tools designed for LLM use.