Conversation

Notices

1. Embed this notice
   :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 21:37:59 JST :umu: :umu:
   do ghidra devs glow? considering it's completely FOSS and all
   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 06-Sep-2024 21:40:30 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @a1ba Wouldn't really say completely FOSS though given that it got blobs:
     ghidra_3d7139e0a8217b49a853cc620f4cd0fdf472d611_deblob.log
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 06-Sep-2024 21:52:22 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @a1ba Due to XZ… yeah I wouldn't forbid tests, at least it ought to build and work without them.
     
     To be honest I used not to and in fact deblob is my only repo I have with some blobs, although most have recipes and so rebuildable from source, I think I'll just have to use something like `nasm -f bin` or some custom programs for the really weird ones like Apple executables.
     
     Also threw Debian's suspicious-source at it and it found more but also a bunch of ones that look like false positives (as usual with it).
     ghidra_3d7139e0a8217b49a853cc620f4cd0fdf472d611_suspicious_source.log
   • Embed this notice
     :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 21:52:24 JST :umu: :umu:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan are tests considered blobs
   • Embed this notice
     Dr. Quadragon ❌ (drq@mastodon.ml)'s status on Friday, 06-Sep-2024 21:53:05 JST Dr. Quadragon ❌

     in reply to

     • Тр3тий Сергеевич

     @a1ba glow or no glow, it's still a nice decompiler.

     Wish it was not on Java though... Bleh.

     @th3rdsergeevich

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 21:53:06 JST :umu: :umu:

     in reply to

     • Тр3тий Сергеевич
     @th3rdsergeevich yes but at least they have zero amount of Ilfak
     
     and again, it's FOSS
   • Embed this notice
     Тр3тий Сергеевич (th3rdsergeevich@mastodon.ml)'s status on Friday, 06-Sep-2024 21:53:08 JST Тр3тий Сергеевич

     in reply to

     @a1ba Doesn't NationalSecurityAgency as dev name ring any bells? In terms of glow it should be classified as an artificial sun...

   • Embed this notice
     :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 21:54:41 JST :umu: :umu:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan
     
     >build.gradle (text/x-Algol68)
     
     gradle DSL now makes a lot of sense
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 21:57:47 JST :umu: :umu:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan
     
     >(text/x-file)
     
     :xfiles_theme_bgm: (why I have this emoji)
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 06-Sep-2024 22:09:48 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Haelwenn /элвэн/ :triskell:

     @a1ba > ./Ghidra/RuntimeScripts/Common/support/gradle/gradle-wrapper.jar (application/zip)

     Interesting that deblob didn't detect this one, likely means it wasn't built with OpenJDK, otherwise there should be 0xCA 0xFE 0x00 0x00 at position 0x27..0x2B, instead it's "LICE" of META-INF/LICENSE (a copy of Apache-2.0).

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 06-Sep-2024 22:16:03 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @a1ba Heck, looked at dependencies, found blob repository with yet another jar: https://github.com/NationalSecurityAgency/ghidra-data
   • Embed this notice
     Dr. Quadragon ❌ (drq@mastodon.ml)'s status on Friday, 06-Sep-2024 22:17:13 JST Dr. Quadragon ❌

     in reply to

     • Тр3тий Сергеевич

     @a1ba By the way, I remember I wanted to send something to you to take apart. Can't quite put a finger on it though.

     I'll get beck to you once I recall.

     @th3rdsergeevich

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 22:17:14 JST :umu: :umu:

     in reply to

     • Dr. Quadragon ❌
     • Тр3тий Сергеевич
     @drq @th3rdsergeevich it's in Java, yet it never caused any typical Java problems for me.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 06-Sep-2024 22:47:46 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @a1ba At least for me blob as dependencies means it should be considered proprietary and so used into something like a throwaway Cloud VM.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 06-Sep-2024 23:08:18 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @a1ba Yeah not really surprised, java ecosystem is kind of a disaster when it comes to buildsystems.
     
     Like maven needs itself plus a bunch of maven-plugins to build itself, at least Guix did manage to bootstrap it with parsing the XML files… https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/maven.scm#n2149
   • Embed this notice
     :umu: :umu: (a1ba@suya.place)'s status on Friday, 06-Sep-2024 23:08:20 JST :umu: :umu:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan gradle-wrapper.jar is a blob but it isn't proprietary and is common sight in projects that use gradle build system.
     
     Though considering XZ case, it might be suspicious.