07.30
Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense. The project also goes beyond pure tool development. It builds a forum to share information and reverse engineering experience built around the biggest online and collaborative knowledge base about software packers.
With the increase in packed and protected malicious payloads, collaboration and quick response between researchers has become critical. As new sample numbers are quickly closing to 40M samples per year, solution to this problem has to come from reverse engineers themselves, integrating the work that they have done in the past and they continue to do. Huge databases of format identification data and unpacking scripts can be reused in a way to maximize automation. Yet, where do we find a definite collection of functional tools, identification signatures and unpacking tools? And how do we integrate them in a meaningful and accurate way?
TitanMist approaches these problems in a manner recognizable to every reverse engineer. It aims to mimic, but automate, the reversing process enabling everyone to easily create unpackers and integrate them in an extensible system. This builds a powerful and fast growing community analysis tool. Overcoming the most basic problems of reverse engineering problems was the top priority for the TitanMist project. Hoping to bridge the programming knowledge barrier which troubles many reverse engineers TitanMist introduces a variety of programming languages in which unpackers can be written in.
TitanMist goes beyond languages that compile to native code relying heavily on popular and easy to learn script languages. Backed up by LUA and Python this project makes coding unpackers a much simpler task. However the challenge of making TitanMist as easy to adopt and extend as possible meant that the project has to go further than extending support for more programming languages. Knowing that most of reverse engineers are familiar with debugger level script language OllyScript we added the support for it as well. Combined with the full TitanEngine functionality these scripts become powerful automated unpackers which combined with the layer of file format identification create a unique database of file analysis tools.
Download
TitanMist ReversingLabs Corporation |
TitanMist 1.0 released! |
[...] This post was mentioned on Twitter by Mario Vilas, Nahuel Cayetano Riva. Nahuel Cayetano Riva said: TitanMist released: http://blog.reversinglabs.com/2010/07/introducing-titanmist/ [...]
[...] This post was Twitted by laramies [...]
Hi!,
great work! i like it!, but just one thing…TM is asking me about python27.dll, i thing it would be better if you do it compatible with more python distros, not just the new one (released just a few days ago).
We will try our best with our new release of FUU ;P
We will review the 2.7 requirement for next release. We can also include the support for FUU modules if you like. Send us an email about it.
Best regards
Hi!
Finally, TitanMist released
But badly, doesn’t work on my PC: “The application was unable to start correctly (0xc0000007b)”.
Did you try downloading Python 2.7?
Yes, python already installed. And i’ve put python27.dll on TitanMist directory.
Ah, solved.
This error because I’m using x64 version of python DLL. When I try to using the 32-bit version, all running well. Thanks!
Yep, nice tool, but you still need to attract a lot of skilled and talented people in order to grow this project up. It lacks hardcore packers/unpackers like xtreme protector and others, but hey, it’s a start.
I’m glad that something like this was created and shared to the public. I hope this product will be the next Metasploit in the RE world (it definitely has the potential)
[...] We were there and we were more than proud to present our newest file analysis tool, called the TitanMist, to the [...]