As some of you probably remember in 2006 i have announced a tool called Aslan (4514N). The purpose of this tool was to develop a binary code integration (static binary code rewriting) engine which would allow Portable Executable file modification on the binary level (so without source code). The tool itself was limited to X86-32 architecture. It's quite a shame because i haven't done a single update to this project since 2006, so for about 3 years However things have changed recently. I have forced myself to sit and think about Aslan for a while. This took me some of my free time, but I have REWRITTEN Aslan completely from scratch - i have made it faster, more stable and more fabulous then ever. But that's not all - i think it is really worth mentioning that i have added a very very innovative feature to it called BINARY CODE WELDING (MERGING). As far as i know i am the first one to introduce this feature on such complication level.

Before even i started creating this technique i was introducing the Aslan concept to one of my good friends HackerFantastic ("http://hackerfantastic.blogspot.com/"). In one of the talks we had few days ago he said it would be total wreck if i could integrate code that is not only written in ASM. As you probably know old Aslan required you to integrate assembly code only (binary form) which typically was a position-independent code too. Not to mention that typically such binary injected stubs needed to resolve API addresses on their own and finally for most of the people assembly is not much fun. So can you imagine how to integrate let say a code written in C to another program at any pseudo-random location? Have you though about what should you repair, how to manage unresolved imported APIs and stuff? It may sound easy but to any researcher following the idea - this is a hell on earth. But yes, i did it. Ok enough words lets bring out some example.


CONTINUE READING ("http://piotrbania.com/all/4514N/index_rev.html")

Before you will get too hasty:
This project is still in development phase, however even if finish it i doubt i will release it for public. This is obvious since most of people would use it for evil purposes and in the end it will not bring me much good karma. Besides i have decided to delete entire GUI so right now Aslan has no interface so i am probably the only person who can use it correctly (not to mention Marcin Mi?ta's cat :-)). I did it for fun additionally it helps me with "pentests"...https://blogger.googleusercontent.com/tracker/5498266518143777458-794751033452273864?l=blog.piotrbania.com


http://blog.piotrbania.com/2009/07/aslan-4514n-binary-code-integrator.html

interesting! in the past i was looking for something like this. does this support dlls too?

Hey,

sounds indeed fantastic. I searched for a download link to test the tool, but i was not able to find one.

Is it still in development or are you already providing a download.

Regards,

OHPen

sorry to directly quote but..



ie no link will prolly "ever" be provided

your quote made me think. i guess i might appear a bit rude but anyway... i think either author should share it or keep private. such half - share teaser is kinda lame... ofc ppl might use for bad things, but what do you care? it lies on consciousness of offender. i learned to mind my own business and hell that helps me a lot.. if you want to change the world - start changing it from yourself. i.e. not sharing such stuff at all would not show that this is possible thus lower chance of someone exploiting stuff that way. anyway dont take it as offense, its just a philosophical thought.

I tend to agree, dont show us eggs and not cook omelettes!!

but it is the authors choice, though a release of source without interface would work for me..

regards BanMe

@BanMe: i overread that he will probably never release it. if this is the case i agree with roxaz. why is he mentioning it.

i could claim to be able to factorize every rsa 4096 bit key, without showing an evidence for it. thats senseless in my eyes.

regards,
OHPen.

exactly my point..
but on OpenRce Peter Ferrie had the audacity to say



I foundt hat not at all to my liking(maybe you can tell)..



Atleast you and me have the decency to say it using a little finess and obscure references..

regards BanMe

i think Piotrs provided enough freebies to the security community publicly. Even security people like Pretty Farry use his stuff in their papers. If he wants to share a few things about what he is working on (keep in mind this is just a blog of his) and not release the source, that is quite ok.