search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.72k stars 3.01k forks source link

Move FLIRT support to extras #6239

Closed radare closed 7 years ago

radare commented 7 years ago

There's no need to keep holding unmaintained ida-compatibility stuff in core. r2 zignatures should be the way to go.

XVilka commented 7 years ago

Please don't It's important, very important.

radare commented 7 years ago

it is not important

ida updates this file format in every update, signatures needs to be constructed for every version of the lib and every new version of ida, and there’s nobody working on this for a very long time, also i have never heard of anyone using this functionality at all, because if youw ant to debug or extend it you can’t because ida is closed source and the fileformat is a mess.

so imho we should not support IDA at all, its a loss of time and resources, if anybody at some point wants to use it or update it he can do it. the code will not be removed. but it is currently a wrong recommendation to tell users to use this.

if it’s that important why nobody fixed or used it in all those years?

actually, the signatures support in r2 should get more love and will be greatly optimized and enhanced. so whats the point on supporting a closed source format for something like this in core?

On 22 Nov 2016, at 12:37, Anton Kochkov notifications@github.com wrote:

Please don't It's important, very important.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262218997, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lsxif8Ys3XGIk35ztz_EtrXVrtssks5rAtP2gaJpZM4K5Q0L.

XVilka commented 7 years ago

There are ppl who are using it before 6.8 version, still. For example supporting KolibriOS exe in the core, but throwing de-facto standards of signatures in RE world - Yara and FLIRT, it's pointless and isolationist policy.

radare commented 7 years ago

Having kolibrios support is just 100 lines of C and took me about 15m to do it, about standards, i dont think a closed source thing should be considered a standard. im not here to feed them.

look at odt or pdf, those are standards, and office needs plugins for them.

im not banning the ability to support yara or flirt. but those are separate projects. as well as many plugins in r2 that are shipped in -extras because they dont relay on core.

On 22 Nov 2016, at 12:55, Anton Kochkov notifications@github.com wrote:

There are ppl who are using it before 6.8 version, still. For example supporting KolibriOS exe in the core, but throwing de-facto standards of signatures in RE world - Yara and FLIRT, it's pointless and isolationist policy.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262222409, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lnO_BDMAg0jeBthgTNhFwS7CQYYzks5rAtg8gaJpZM4K5Q0L.

jvoisin commented 7 years ago

FLIRT is the de facto standard for binary signatures, everyone is using it. It might be broken, but this is all that we have for now. If we decide to drop its support in radare2 core, we should at least provide a way to translate it to zignatures.

radare commented 7 years ago

Maybe in your world flirt is a standard for something, in the world i live i dont see any ida, or windows or any other commercial crap. /me feels bad for you

to provide a way to translate flirt into r2 zignatures we will first need to fix the flirt support, because it is actually useless, and im not talking about removing it, im talking about MOVING it to extras

On 24 Nov 2016, at 13:10, jvoisin notifications@github.com wrote:

FLIRT is the de facto standard for binary signatures, everyone is using it. It might be broken, but this is all that we have for now. If we decide to drop its support in radare2 core, we should at least provide a way to translate it to zignatures.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262762267, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-llPEAaK8vGaVbudIas4YMZ4xHreYks5rBX62gaJpZM4K5Q0L.

jvoisin commented 7 years ago

It's almost the same as removing it :)

(I'm quite sure that OSX counts as commercial crap though)

radare commented 7 years ago

dont compare an operating system with a tool. besides r2 can be considered an OS…

if you dont want it to be removed then fix it. because i care -1 about supporting propietary file formats for compatibliity

On 24 Nov 2016, at 13:25, jvoisin notifications@github.com wrote:

It's almost the same as removing it :)

(I'm quite sure that OSX counts as commercial crap though)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262764940, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lgWmXYJwioccsmJDUI0c54s1m4fNks5rBYJSgaJpZM4K5Q0L.

XVilka commented 7 years ago

@radare

in the world i live i dont see any ida, or windows or any other commercial crap r2 userbase is extremely larger than your world. Please keep that in mind, r2 popularity growing constantly.

radare commented 7 years ago

if so, why nobody cared about fixing flirt at all? i care about stuff that people maintains.

XVilka commented 7 years ago

We see your point, it will be fixed before the next release, I'll add the tests.

radare commented 7 years ago

by who :D

On 24 Nov 2016, at 13:50, Anton Kochkov notifications@github.com wrote:

We see your point, it will be fixed before the next release, I'll add the tests.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262769316, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lkshMGlveO6M9MQnAK340lfgLxw-ks5rBYgEgaJpZM4K5Q0L.

XVilka commented 7 years ago

You tricking me! By me, I just need a few days before I start.

radare commented 7 years ago

like all the other PRs and issues assigned ? :D

On 24 Nov 2016, at 13:54, Anton Kochkov notifications@github.com wrote:

You tricking me! By me, I just need a few days before I start.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262769964, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lpT_g3gr3CVn7bogm9Q3ANdlPFncks5rBYjygaJpZM4K5Q0L.

XVilka commented 7 years ago

I told you the reason in telegram. And how it'll change soon :P

radare commented 7 years ago

yeah i know, looking forward the wave of commits :)

On 24 Nov 2016, at 13:58, Anton Kochkov notifications@github.com wrote:

I told you the reason in telegram. And how it'll change soon :P

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6239#issuecomment-262770607, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-liowTltLxk0_JvH2o8GSK0kEX20rks5rBYnYgaJpZM4K5Q0L.