ManuFuzzer, an LLVM-based binary code coverage-guided fuzzing framework for macOS, update! π
- Improved shadow memory management
- Better instrumentation handling
π§ͺ NEW: Experimental dyld cache intelligence that auto-instruments frameworks sharing memory pages!
github.com/ant4g0nist/Manufuzzer
Just shipped AI-assisted debugging support for LLDB! π Added MCP to LLDB making agentic debugging possible. Works well with #claude/cline, and it can set breakpoints, inspect memory, and control execution.
β¨: Why should IDA have all the fun?
github.com/ant4g0nist/lisa.py
Roadmap of the SIMsalabim re-verse.io talk. It shows the backplane of a disassembled Pixel 6 phone together with a iconized SIM and a picture of an interposer. Five locations are marked: (0) SIM interface, (1) Baseband, (2) Attack Surface, (3) Vulnerabilities, (4) Interposer
Really enjoyed speaking at the inaugural edition of @re-verse.io!
You can find Tomasz' and my slides on tricks with SIMs and interposers here: tinyurl.com/reverse25-si...
Full details of EntrySign, the AMD Zen microcode signature validation vulnerability disclosed last month. bughunters.google.com/blog/5424842...
Abstract. Highly-optimized assembly is commonly used to achieve the best performance for popular cryptographic schemes such as the newly standardized ML-KEM and ML-DSA. The majority of implementations today rely on hand-optimized assembly for the core building blocks to achieve both security and performance. However, recent work by Abdulrahman et al.Β takes a new approach, writing a readable base assembly implementation first and leaving the bulk of the optimization work to a tool named SLOTHY based on constraint programming. SLOTHY performs instruction scheduling, register allocation, and software pipelining simultaneously using constraints modeling the architectural and microarchitectural details of the target platform. In this work, we extend SLOTHY and investigate how it can be used to migrate already highly hand-optimized assembly to a different microarchitecture, while maximizing performance. As a case study, we optimize state-of-the-art Arm Cortex-M4 implementations of ML-KEM and ML-DSA for the Arm Cortex-M7. Our results suggest that this approach is promising: For the number-theoretic transform (NTT) β the core building block of both ML-DSA and ML-KEM β we achieve speed-ups of 1.97Γ and 1.69Γ, respectively. For Keccak β the permutation used by SHA-3 and SHAKE and also vastly used in ML-DSA and ML-KEM β we achieve speed-ups of 30% compared to the M4 code and 5% compared to hand-optimized M7 code. For many other building blocks, we achieve similarly significant speed-ups of up to 2.35Γ. Overall, this results in 11 to 33% faster code for the entire cryptosystems.
Image showing part 2 of abstract.
Enabling Microarchitectural Agility: Taking ML-KEM & ML-DSA from Cortex-M4 to M7 with SLOTHY (Amin Abdulrahman, Matthias J. Kannwischer, Thing-Han Lim) ia.cr/2025/366
Three questions about Apple, Encryption, and the U.K. blog.cryptographyengineering.com/2025/02/23/t...
This is a fascinating vulnerability.
The root causes are implementing deterministic signatures instead of hedged, using a general purpose big number implementation, and leaking its API at the crypto layer.
JavaScript types are a red herring, could have happened in any language.
Canβt wait to be back in Florida
A new advisory that affects deterministic ECDSA signing in elliptic, which was used in MetaMask. github.com/indutny/elli...
Our friends at ELTE are organizing the Central European Crypology conference (CECC 2025) in Budapest and they're looking forward to your submissions (you only need to submit an extended abstract). Every info on the webpage: cecc2025.inf.elte.hu/en/
Such beautyπ»
I will give two lightning talks at #38c3 π Both on day 3, stage Huff, around 11:30am.
Detecting Fake Base Stations with CellGuard on iOS πΆ
cfp.cccv.de/38c3-lightni...
iOS Inactivity Reboot π²
cfp.cccv.de/38c3-lightni...
r2con2024 videos and slides are here: radare.org/con/2024/
Bluehat talks are up www.youtube.com/playlist?lis...
