ProHoster > Blog > internet news > Release of framework for reverse engineering Rizin 0.4.0 and GUI Cutter 2.1.0

Release of framework for reverse engineering Rizin 0.4.0 and GUI Cutter 2.1.0

The release of the framework for reverse engineering Rizin and the associated graphical shell Cutter. The Rizin project started as a fork of the Radare2 framework and continued its development with a focus on a convenient API and a focus on code analysis without forensics. Since the fork, the project has moved to a fundamentally different mechanism for saving the session (β€œprojects”) as state based on serialization. In addition, the code base has been significantly redesigned in the direction of ease of maintenance. The project code is written in C language and distributed under the LGPLv3 license.

The Cutter GUI is written in C++ using Qt and is licensed under the GPLv3 license. Cutter, like Rizin itself, is aimed at the process of reverse engineering programs in machine code or bytecode (for example, JVM or PYC). There are decompilation plugins for Cutter/Rizin based on Ghidra, JSdec and RetDec.

Release of framework for reverse engineering Rizin 0.4.0 and GUI Cutter 2.1.0

In the new release:

  • Added support for creating FLIRT signatures, which can then be loaded into IDA Pro;
  • The package includes a database of standard signatures for popular libraries;
  • Improved recognition of functions and lines of Go executable files for x86/x64/PowerPC/MIPS/ARM/RISC-V;
  • Implemented a new intermediate representation language RzIL based on BAP Core Theory (SMT-like language);
  • Added the ability to auto-detect the base address for "raw" files;
  • Implemented support for loading memory snapshots based on Windows PageDump/Minidump formats in debug mode;
  • Improved work with remote debuggers based on WinDbg/KD.
  • At the moment, support for ARMv7 / ARMv8, AVR, 6052, brainfuck architectures has been transferred to the new RzIL. By the next release, it is planned to complete the translation for SuperH, PowerPC and partly x86.

Also released:

  • rz-libyara - plugin for Rizin/Cutter to support loading and creating signatures in Yara format;
  • rz-libdemangle - library for decoding function names for C++/ObjC/Rust/Swift/Java languages;
  • rz-ghidra - plugin for Rizin/Cutter for decompilation (based on Ghidra's C++ code);
  • jsdec - Rizin/Cutter plugin for decompiling original development;
  • rz-retdec - plugin for Rizin/Cutter for decompilation (based on RetDec);
  • rz-tracetest is a utility for cross-checking the correctness of the translation of machine code into RzIL by comparing it with an emulation trace (based on QEMU, VICE).

Source: opennet.ru

Add a comment