1. Advanced Signature Writing via FuzzyHashing

    Hi there,

    In this period I'm heavy working on Signature Generation for big malware families, this mean that there is a large amount of binaries to be checked for Static Patterns recurrences, you should understand that this work can't be done by hand on families of 400+k number of samples, and hashing would not help, this because Hash Algorithms respects the Avalanche Effect via its most famous generalization the SAC ( Strict Avalanche Criterion ), this mean that, this property it is satisfied if, whenever a single input bit is complemented, each of the output bits changes with a probability of one half.

    In other words a minimum little change will deeply change the hash result and we can't come back to similarities, so we need a technology that does not respect the SAC, also in this case the wonderful cryptography help us

    We have the CTPH that mean Context Triggered Piecewise Hashes, called also Fuzzy Hashes, this will help us to match inputs that have homologies like sequences of identical bytes in the same order.

    Here an interesting paper about CTPH Identifying almost identical files using context triggered piecewise hashing

    and here an open source implementation of fuzzyhashing called DeepToad

    Giuseppe 'Evilcry' Bonfa
  2. Reversity Speech and Logs Available

    Hi there,

    is possible to download the pdf and logs of First Reversity Session on Crypto and Reverse Engineering here:

    Have a nice Day,
  3. A Framework for Hash Algorithms Analysis


    Before the famous MD5 Weakness discovery, Hash Algorithm security was underevaluated, not many good research attempts were conducted, or better not organised analysis criteria were applied.

    After the MD5-Day, the most important Cryptographys Research Centers (CACR and IACR) moved to more organised Analysis Structures.

    Here I wrote down some Conceptual and Practical assumptions to build a Framework for Hash Analysis

    Analysis is intended to give informations about:

    • General Hash’s Architecture
    • Projectual Innovations and/or Old Unsecure Conceptual Adoptions
    • Basical Security Flow Hunting

    There are various different Hash Algorithms, that not necessarily uses all the same techniques, so is Difficult to Establish Efficient Comparing Criteria. The principal attempt of this Conceptual Framework is to move the Attention Point to a superior Abstraction Level, able (or supposed to) to allow the comparison between Different Hash Algorithms.

    So Framework conceptually will divide the Hash Process into:

    • Preprocessing
    • PostProcessing
    • Compression Function
    • Internal Structures (this will be divided in other SubStructures)

    Actually I'm working on a pratical application of this Framework, the hash algorithm used is relatively new (FORK256) and as i could see at the moment, something similar was used to detect a big weakness in this algorithm (paper can be readed on

    Idea is foundamentally taken from George I. Davida, Jeremy A. Hansen from Center for Cryptography, Computer and Network Security niversity of Wisconsin Works.

    See you to the next post