atlas0fd00m
atlas0fd00m
confirmed: ``` $ vivbin -vvvvvvvvvv -B c177e0a9e745a247a944f805189daf4c2f3f059340290c8c0ec0861bacaa8316 2023-11-09 14:14:47,837:DEBUG:vivisect.parsers.pe: initial file baseva: 0x400000 size: 0xe064d3a2[pe.py:loadPeIntoWorkspace:91] 2023-11-09 14:14:47,838:INFO:vivisect.parsers.pe: loadPeIntoWorkspace: loading 'c177e0a9e745a247a944f805189daf4c2f3f059340290c8c0ec0861bacaa8316' (size: 0xe064d3a2) at 0x400000[pe.py:loadPeIntoWorkspace:93] 2023-11-09 14:14:47,861:INFO:vivisect.parsers.pe: PE loader: Arch: 'i386'...
sorry, you already did give great context. anything else is welcome, but i don't want to forget to appreciate this: ``` The issue seems to be that the section table...
the reason i ask for anything else is because malware tends to exploit how an OS works in undocumented ways to make our jobs harder. obviously you know that already...
thank you, @mr-tz ! that's truly very helpful analysis.
sorry, this has been a crazy few weeks, and i'm just getting over being sick, but i wanted to check on this. how good an analysis does IDA do? they...
continuing to look into this, but here's probably the problem:  That 30MB function is simply not what Viv expects. lol. we'll check into what's really causing the delay, but...
thank you, @matthiasgoergens . how can we help?
i haven't, actually. i'm not opposed. would you like to take the first swing at a hardware/firmware combination that could work? i'd be happy to help guide you through the...
currently we build with SDCC, which is pretty nonspecific. the firmware was written specifically for the CC1111, an SOC which incorporates an 8051 micro with a USB controller and the...
oh, and i wrote it all in VIM. i'm pretty sure if VSCode is you thing, it will go well for you. i've considered it myself.