 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Channel GannoK
pffrt
 Reputation: 129
Joined: 12 Apr 2008
Posts: 601
|
 Posted: Sun Mar 24, 2019 2:42 pm Post subject: |
 |
|
Brolock is into kids I'm pretty sure, so taking talix's word means pretty much nothing
_________________
| Some Retarded Muslim who crys ad hominem every chance he can get wrote: | | btw, since im a leech i have to get a job, arent u a 4x leech by having 4? |
https://guildav.com
THIS IS JUST AN OPINION |
|
| Back to top |
|
 |
mdthr
How do I cheat?
 Reputation: 13
Joined: 05 Aug 2014
Posts: 0
|
| Posted: Sun Mar 24, 2019 3:02 pm Post subject: |
|
|
| Brolock wrote: | you dont have to defend me, time will show them wrong. I give it less than a year before more info comes out, theres already a bug that allows remote code execution found within days of ghidras public release, despite them claiming that this software was already tested and proven to be clean somehow. saying Im tinfoil hat because I dont trust the NSA is so ridiculous a statement, same people saying to trust this program probably didn't think the NSA was doing any spying until the leaks came out and probably think snowden is a traitor to the USA
and i dont really flex anything i do on here, but i will be graduating with a CS degree in a couple months if you didnt know talix. having a degree doesnt reflect programming skill, but I have done extra work in getting this degree to ensure my skills are better than average so that I can secure a better than average CS job when I graduate |
 way to go!! i'm excited to see what you do and where you take us! do you have any ideas on where you wanna go or what you wanna do in the future? any interests of application i mean? 
<3 snowden and also h8 the NSA and the crimes such alphabets are committing, ty for giving the heads up to those who would listen
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Wed Mar 27, 2019 4:41 am Post subject: |
|
|
| Brolock wrote: | | you dont have to defend me, time will show them wrong. I give it less than a year before more info comes out, theres already a bug that allows remote code execution found within days of ghidras public release, despite them claiming that this software was already tested and proven to be clean somehow. |
You are running with a misreported "bug/flaw" that was blown out of proportion by people that did not understand what the information meant.
Ghidra sets up a specific port, only while running in debug mode from the command line, that opens a port allowing for remote code execution. This is a non-issue for a normal user as they wouldn't run it in debug mode simply running the main shortcut. Not to mention, if your network/computer just freely allows all open ports then you are clearly not the demographic that should even be using the tool and you deserve to get hacked.
It is part of the debug mode shell script, which is completely editable without any extra tools since its a plain text file. It is a feature used for debugging purposes.
Rather than hate something because of who made it and continue the spreading of misinformation, why not take the extra few minutes yourself to look into the so-called bug and you would have found what it actually was. It's great if you want to hate the NSA and not trust it, doesn't mean you have the bandwagon hate the tool and keep spreading misinformation on it.
| Quote: | | despite them claiming that this software was already tested and proven to be clean somehow. |
Again, take a minute to actually look into things rather than just rehash what others say.
| Quote: | | saying Im tinfoil hat because I dont trust the NSA is so ridiculous a statement, same people saying to trust this program probably didn't think the NSA was doing any spying until the leaks came out and probably think snowden is a traitor to the USA |
You're reaching again. I made the tinfoil remark for you claiming I work for the NSA or am associated in some manner simply because I don't automatically hate this tool because of who it came from. You are kind of contradicting yourself in what you're saying between these two posts as well. You refuse to trust the NSA and therefore this tool, yet you seem to trust Snowden entirely even though he worked for the NSA. Both things came from the same organization.
And for the record, I'm all for what Snowden has done and is still doing. And I'm a firm believer that the NSA (and even all of our government for that matter) has done plenty of illegal things including various forms of spying. Doesn't mean I'm going to distrust every single thing that ever comes from the NSA simply because parts of the organization are corrupted. I take the time to think for myself, investigate things I feel are suspicious, and read more into things vs. just taking shit at face value like everyone seems to do now with the era of social media. People see a headline and just run with that vs. actually reading the story or doing their own digging.
If you believe Ghidra does something evil, prove it. Take the time to show proof of it spying/recording or doing anything malicious or unwanted. Run it in a VM. Slap all kinds of monitoring software on the VM to watch for anything. Monitor the host system as well for any type of external traffic coming from the VM due to Ghidra. It's been out for weeks now and there has been literally 0 reports for anything harmful or spy-like, because it's not there.
This tool wasn't released for braindead morons that will open anything that is sent their way. This was made and released for the reversing scene. The best of the best have looked into this tool and all of its files, and not a single person has reported anything intentionally in it for any malicious purpose. (And no, CVE style reports don't count.)
_________________
- Retired. |
|
| Back to top |
|
|
br0l0ck
Cheater
![]() Reputation: 63
Joined: 15 Aug 2007
Posts: 38
|
| Posted: Wed Mar 27, 2019 7:43 am Post subject: |
|
|
Im not basing my entire view off of that single bug. I understand that the circumstances for the remote code to be executed had to be under the debug mode and had to be sent a corrupted file in order for it to start listening for traffic.
"Again, take a minute to actually look into things rather than just rehash what others say. "
YOU were the one saying the software is clean and has had extensive testing, I was using this bug as an example that what you have said is false, as the software was only released for a couple days and then this bug was found. This means its possible there's more to be found.
I don't think its fair to say its contradicting to believe Snowden while distrusting the NSA. There was already information about what the NSA was doing before Snowden, so it is not blindly trusting him, its using the information he provided to confirm what was already being said.
"This tool wasn't released for braindead morons that will open anything that is sent their way."
I think this is where youre wrong and not seeing the NSA's intent. I dont think Ghidra has to directly have something malicious in it where it does something like just send back to the NSA exactly what the user is doing. It could have 0 malicious code and could still be being used by the NSA for a malicious purpose.
2 situations where malicious code would be used:
There is 100% situations where the NSA would want some entity, maybe a foreign government, to have this program on their systems. A spy or someone working with the NSA internally could then enable this debug mode and open the ports, and it is possible that security will not see anything wrong with this because the Ghidra program will already be trusted. The NSA can then easily backdoor that system and spread it to other ones, imagine Stuxnet that I mentioned earlier.
Another situation: some braindead moron in russia or the ukraine wants to begin replicating or stealing things from commercial products to implement in his own product or sell on the black market. Instead of the NSA simply just going after the guy, they would backdoor his system and continue to monitor him and see if the person has any ties to any people with actual power in the scene (higher ups in the black market)
Now imagine that the software is 100% clean. you can still ask the question of what the NSA has to gain when releasing something like this to the public:
Do you think the amount of open source contribution can make up for the amount of people that will use ghidra for illegal purposes?
Do you think that the NSA with their massive budget actually needs contributions from the open source community?
If what ghostmane is true and IDA is better, why would the NSA not use that instead of wasting their own resources making a competitor? I think this one has to do with the fact that IDA was created by a russian and is under a foreign company.
I dont have answers to these questions, id have to think more about what the intention is of the NSA when releasing this. but I do want to ask these questions because I dont think you should trust the software and NSA just because it doesnt contain malicious code. There's more questions you could ask as well, and all of these add up to the reasons as why not to trust it, so its not a blind hate.
|
|
| Back to top |
|
|
Mania Guy
I post too much
 Reputation: 10
Joined: 10 Jun 2008
Posts: 2529
Location: Up
|
| Posted: Wed Mar 27, 2019 9:34 pm Post subject: |
|
|
it's the NSA what could go wrong?
_________________
|
|
| Back to top |
|
|
clash of clans hacks
Master Cheater
 Reputation: 63
Joined: 18 Jul 2007
Posts: 368
Location: Remember when we all used to put funny lines here?
|
| Posted: Thu Mar 28, 2019 4:20 am Post subject: |
|
|
| Mania Guy wrote: | | it's the NSA what could go wrong? |
literally has SECURITY in its name
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
|
| Back to top |
|
|
Cheat Engine User
Something epic
![]() Reputation: 60
Joined: 22 Jun 2007
Posts: 2071
|
| Posted: Thu Apr 11, 2019 1:53 am Post subject: |
|
|
Not to be blunt Brolock, but would it kill you to respond decently?
| Quote: | | Now imagine that the software is 100% clean. you can still ask the question of what the NSA has to gain when releasing something like this to the public |
Credibility, positive publicity, free labor are the three that I can think of this minute.
Personally, I feel like IDA has some UX problems. Some things are shorthanded without identifying what it means (X-ref), undocumented stuff, obscure error behaviour (hotkeys disabled because mismatching platform vs debugging target). It's also very annoying it can show you the contents of .text without telling you that it still needs to process the part you're looking at.
There's good reason not to trust the NSA, but to immediately disregard something because of some bug-report you've scanned and because you got spoonfed some fear-mongering, sounds irresponsible. Do better research.
But then again, who am I to talk, I don't work at Google.
|
|
| Back to top |
|
|
Channel GannoK
pffrt
Reputation: 129
Joined: 12 Apr 2008
Posts: 601
|
| Posted: Thu Apr 11, 2019 11:20 am Post subject: |
|
|
| Holland wrote: | Not to be blunt Brolock, but would it kill you to respond decently?
| Quote: | | Now imagine that the software is 100% clean. you can still ask the question of what the NSA has to gain when releasing something like this to the public |
Credibility, positive publicity, free labor are the three that I can think of this minute.
Personally, I feel like IDA has some UX problems. Some things are shorthanded without identifying what it means (X-ref), undocumented stuff, obscure error behaviour (hotkeys disabled because mismatching platform vs debugging target). It's also very annoying it can show you the contents of .text without telling you that it still needs to process the part you're looking at.
There's good reason not to trust the NSA, but to immediately disregard something because of some bug-report you've scanned and because you got spoonfed some fear-mongering, sounds irresponsible. Do better research.
But then again, who am I to talk, I don't work at Google. |
You're arguably one of the best here when it comes down to it regardless. I havent used ida enough to actually point out key differences, which is why ive been waiting for the talented people to make youtube vids describing which of these program should be used for what situation, or if it is the same in the end, just a gui and language difference. Dont have the time to figure it all out on my own, plus it would be just a hobby.
_________________
| Some Retarded Muslim who crys ad hominem every chance he can get wrote: | | btw, since im a leech i have to get a job, arent u a 4x leech by having 4? |
https://guildav.com
THIS IS JUST AN OPINION |
|
| Back to top |
|
|
mdthr
How do I cheat?
Reputation: 13
Joined: 05 Aug 2014
Posts: 0
|
| Posted: Thu Apr 11, 2019 12:05 pm Post subject: |
|
|
| Channel GannoK wrote: | | Holland wrote: | Not to be blunt Brolock, but would it kill you to respond decently?
| Quote: | | Now imagine that the software is 100% clean. you can still ask the question of what the NSA has to gain when releasing something like this to the public |
Credibility, positive publicity, free labor are the three that I can think of this minute.
Personally, I feel like IDA has some UX problems. Some things are shorthanded without identifying what it means (X-ref), undocumented stuff, obscure error behaviour (hotkeys disabled because mismatching platform vs debugging target). It's also very annoying it can show you the contents of .text without telling you that it still needs to process the part you're looking at.
There's good reason not to trust the NSA, but to immediately disregard something because of some bug-report you've scanned and because you got spoonfed some fear-mongering, sounds irresponsible. Do better research.
But then again, who am I to talk, I don't work at Google. |
You're arguably one of the best here when it comes down to it regardless. I havent used ida enough to actually point out key differences, which is why ive been waiting for the talented people to make youtube vids describing which of these program should be used for what situation, or if it is the same in the end, just a gui and language difference. Dont have the time to figure it all out on my own, plus it would be just a hobby. |
querijn was fun when he wasn't busy. i liked him more when he contributed to the shitpostfest. now he is just an absentee like the rest of the memories here
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Fri Apr 12, 2019 3:50 am Post subject: |
|
|
| Holland wrote: | | Not to be blunt Brolock, but would it kill you to respond decently? |
I didn't expect much out of any one of these forums when it came to this tool, so his responses are right on par with what I figured would happen. Most people attached to the first "bug" report that happened with the port opening but no one bothered to actually look into what it was, what it did, and how it worked. Some clickbait article got released with a typical flashy headline after the Tweet to create fake panic and it worked.
But, at least that panic is mostly only with people on the outskirts of even knowing how to use this tool at all so in the long run it didn't really harm things at all. Nothing more than a typical Facebook style reshare of fake stuff that the masses attach to because they see it on Facebook, therefore, it must be true!
| Channel GannoK wrote: | | You're arguably one of the best here when it comes down to it regardless. I havent used ida enough to actually point out key differences, which is why ive been waiting for the talented people to make youtube vids describing which of these program should be used for what situation, or if it is the same in the end, just a gui and language difference. Dont have the time to figure it all out on my own, plus it would be just a hobby. |
Currently, Ghidra's biggest problem is speed. Since it's core disassembler is written in Java, it's ungodly slow. Feature wise, Ghidra has a great starting feature set, and their decompiler (written in C/C++) is fairly decent and on par with competing with IDA's with some updates. The project has a lot of promise, and with the source being released now it's only uphill going forward.
The biggest thing they need to focus on is either heavily optimizing the disassembler engine, which if they stay in Java I don't think can get all that much faster/better, or port to another language (something community people will possibly do). However, the best part of how they structured things is that their decompiler is a plugin. It's separated from the core and is possible to be compiled for other projects (such as OllyDbg, x64Dbg, Cheat Engine, IDA etc.) which can be a huge deal later down the road.
Ghidra is setup to really push IDA to compete with something comparable now. Both tools offer a massive amount of features and both tools are very capable of being used in real-world situations already. The hope is that Ghidra helps drive IDA's prices down and creates a more healthy competition between the projects. (But, IDA's lead developer has had some poorly made Tweets towards Ghidra already that have been deleted so we'll see what happens.)
As for BinaryNinja, their tool is not terrible, but it's overpriced for the small feature set it offers. Their only real major feature is their multithreaded disassembler, but it's not worth $500+ as its priced currently as none of the other features are unique or worth that price. (Most of their other features are free in Ghidra, or even IDA's public version.)
_________________
- Retired. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
