Page 1 of 2 12 LastLast
Results 1 to 15 of 24

Thread: Immunity Debugger is now released!

  1. #1
    nicolas.waisman
    Guest

    Immunity Debugger is now released!

    Announcing Immunity Debugger v1.0

    After almost a year of intensive development and internal use, we are
    pleased to announce the public release of Immunity Debugger v1.0.

    When we started developing Immunity Debugger our main objective was to
    combine the best of the commandline based and GUI based debugger worlds.
    The commandline because most of us come from a UNIX background, and it
    just ends up being more efficient than clicking your way around. The GUI
    because we understand that we are visual beings that often can
    grasp more from a single look at a graphical layout than from two days
    of x/x-ing memory pages.

    The third feature we required was full flexible access to the debugging API,
    the graphing engine, and the GUI API. Because having to Re-Compile
    plugins is lame, we decided to make everything accessible from Python.
    So we put everything together and developed something we feel very
    comfortable using.

    This means we ended up with a fully flexible and extendible Win32
    debugger that has all of it's features, both debugging and graphical,
    easily accessible from it's Python scripting engine.

    And best of all, it's available for free. That's right, Immunity
    Debugger is released for free, including free monthly updates.

    Here's some cool features:

    o The Python API ("Immlib/Lib reference" for full documentation)
    o A full Python based graphing library
    o Full debugger and GUI API access
    o A flurry of cool example scripts such as:

    - !heap A fully working heap dumping script (try the -d option!)
    - !searchheap Searching the heap
    - !hippie Trampoline hooks on RtlAllocateheap/RtlFreeHeap
    - !modptr Dynamic search for function pointers in pages
    - !findantidep Find address to bypass software DEP

    o Writing your own scripts for your specific tasks is easy

    Interested? Give Immunity Debugger a spin and download it from:
    http://www.immunitysec.com/products-immdbg.shtml

    For feedback or bug reports please contact support@immunityinc.com.

    Happy debugging!

    Thanks,
    Team Immunity

    PS: Yes, we will be implementing an interactive Python shell too.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    "Immunity". And no mention of any anti˛ facilities.
    Python
    One word, the forced indentation of code, thread over.

  3. #3
    Is this yet another Olly clone?
    Last edited by deroko; August 4th, 2007 at 14:51.

  4. #4
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Very good. Might come in handy one day for scripting Did you make your own disasm engine or...?

  5. #5
    Thug4Lif3
    Guest
    The GUI is 99,99% the same as Olly. Maybe the author take the disasm engine from Olly, cuz when you use ImmDBG to analyze Themida 1.9.1.0, it crashes exactly like Olly's famous instruction analysis bug (http://www.woodmann.com/forum/showthread.php?t=10134). Havent digged in further yet.

    It seems like a Olly+Python debugger. It might be very useful in scripting and finding/writting exploits (as ImmunityInc stated)
    Last edited by Thug4Lif3; August 5th, 2007 at 00:10.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    nicolas.waisman
    Guest
    As you guys easily guess, we license some of Ollydbg's Module and we put a some effort into our Python API for easy scripting.
    We did fix some bugs, but apparently we miss the one that Thug4Lif3 mention, I will report it to the team and get it fixed for next release.

    Thanks
    Nico
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Copied from another forum:

    Ricardo Narvaja
    para crackslatinos

    mostrar detalhes
    9 Ago (4 dias atrás)
    Infosec researchers with the Greater Alliance of PHP
    Programmers, headed by goudatr0n and in cooperation
    with David Marcus, have discovered a backdoor in the
    new Immunity Debugger.

    1. PRODUCTS AFFECTED
    Immunity Debugger (Immunity Security,
    http://www.immunitysec.com/products-immdbg.shtml), All
    Versions

    2. OVERVIEW
    The Immunity Debugger contains a backdoor that emails
    session history, running applications and other system
    information (location, IP address, machine Owner Name)
    to
    an email address at immunitysec.com

    3. ANALYSYS
    Immunity Security provides a lightweight debugger for
    Windows, presumably to aid in discovering 0-day
    security vulnerabilities. The debugger is distributed
    freely on
    the immunitysec.com website, requiring the user to
    register when they download it.

    Presumably, this debugger is intended to be used by
    people searching for weaknesses in various proprietary
    products, due to the unsafe nature of how they are
    develope
    d, where the source is not frequently audited. Since
    David Aitel is an attention whore who only is rivaled
    by Gadi Evron, and his lack of skills as evident,
    Immunity
    Security is only able to reveal 0-days by stealing
    them from other hackers attempting to find them.

    The backdoor emails detailed system information, along
    with detailed debugging session information. In one
    such email that was intercepted, it was seen that the
    entir
    e session was attached, as well as the Owner Name,
    external IP address, a list of running services and
    their versions.

    4. SOLUTION
    Do not trust Immunity Security's debugger. They will
    steal your 0-day and parade it around like they are
    the ones who discovered it. This will only continue to
    feed i
    nto David Aitel's massive ego, compensating for his
    tiny penis.

    BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE
    OF PHP PROGRAMMERS
    DON'T BE DUMB
    BE A SMARTY
    COME AND JOIN
    THE PISS PARTY

    goudatr0n can be found online at irc.perl.org #perl
    using the nick TimToady.

    --
    Ricardo Narvaja

  8. #8
    nicolas.waisman
    Guest
    As I said on the other forum, that is not true, let me forward the information:
    -------------------
    NO, THERE IS NO BACKDOOR AT ALL IN IMMUNITY DEBUGGER. We don't get any
    system information or "debugging sessions" (???) or anything else
    weird like that.

    Immunity Debugger does make an HTTP connection to Immunity to look for updates
    much the way Firefox or any other modern software updates.

    Again, NO, we don't do any data mining.

    In any case, thanks for the free advertisement "goudatr0n".

    If you are still afraid, here is the list of md5 hashes:
    437152d25787a1a06597f387d8f4811f ImmunityDebugger_setup.exe

    00ff5ccf4b35fa9117bef2f23e108f61 Bookmark.dll
    20152f8682a9b103ae3e41e1075048a4 Cmdline.dll
    1aa2be74e77da0370986222efd794edd debugger.pyd
    88d1df93fdb89dfbf5f9dd9b617ef28e ImmunityDebugger.exe
    10acf61aa4046b1fc8c8e434fbd291d6 ImmunityDebugger.ini
    c739f6a204665c05ee75f9b8a4f10d2f LICENSE.txt
    89d432e3e47cb9546bf4d9a91f6fda79 loaddll.exe
    7d5221499f25014169d555ea428e6053 uninstall.exe
    f102ee2438bf9bdf1e6e84627d927909 updater.exe

    Cheers,
    Nico
    --------------

    You can check it yourself if you want, but there is no such a thing as a backdoor, we don't log any 'debugging' information from our clients.

    Nico
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9

    hahahah oh wow

    Well, explain these strings found around 000FA400 or so:

    - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" (base64 encoding array, for those less knowledgeable in this...)
    - "POST http://auth.immunityinc.com/ImmunityDebugger/ID_auth.py HTTP/1.1"
    - "Referer: http://auth.immunityinc.com/immauth.html" (doesn't exist, how curious)
    - "dbgid="
    - "&integritycheck=0"
    - "POST http://auth.immunityinc.com/ImmunityDebugger/ID_reg.py HTTP/1.1"
    - "Referer: http://auth.immunityinc.com/auth.html" (also doesn't exist)
    - "POST /ImmunityDebugger/ID_getads.py HTTP/1.1" (WTF?)
    - "&version=%d%d%d%d %s%s%d%s%s%s&lic=%s%s"
    - "http://debugger.immunityinc.com/ID_adref.py?referer=%s" (WTFx2)
    - some sort of advertisement in several languages

    File properties:

    ImmunityDebugger.exe 1501184 bytes
    MD5: 88d1df93fdb89dfbf5f9dd9b617ef28e
    SHA1: dcbc68b22f152fccbf21b2b500c41682f0715c11
    SHA256: f5e61159c3348dfb2b033780a0e488519513b762adcb8f9e46532710ccd8f32e

    I don't care why you're doing it, any program that phones home is unacceptable.

  10. #10
    nicolas.waisman
    Guest

    the x files?

    Stop looking for a conspirancy here.
    It's simple, the bussiness model of the software is "Ads" based, basically company hire ads to offer job to professional using a debugger (It's a way to give an extra-service to user and to companies), it's not harmful in any sense.
    You can easily check that out, by clicking on any of the ads on the top right of the debugger.
    On the other side, we sent the version of the product to the update server to check for new version and to inform the client about it. Yo, check your firefox, your itunes, your java extensions, etc, etc, they all do the same.
    And if you still paranoid, it's simple. Sniff it and you will see.

    Cheers
    Nico
    Immunity, Inc
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11

    sage

    In other words, adware? Major DO NOT WANT.

    You basically took OllyDbg and added some crap to it.
    Yo, check your firefox, your itunes, your java extensions, etc, etc, they all do the same.
    I use none of those.

    ...and I'll let the other users here make up their own minds on what to think of this:
    We collect, use, and sell any information you send us, within the bounds of law. This may include Apache log information, or any other information you send to this server or other Immunity servers.
    Thread over.

  12. #12
    Howdy,

    I have the highest regards for LLXX. I respect LLXX's opinion greatly.

    There are not many people I have higher respect of BUT, If the Nico I know (We have met) were to voice his opinion on this I would be very happy.

    Woodmann

  13. #13
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,524
    Blog Entries
    15
    Immunity Debugger is olly with python, that's all it is same bugs

    nothing more nothing less and python addition is a bit sloppy too
    i ve seen a few included .pys crashing and taking down immdbg along with it (simply not expected from a buffer overflow detecting,fuzzing,exploiting,advisoring team of so called experts who sell canvas kinda things for lots and lots of $$$$$$$ )

    if this was a professional work that makes the makers swell with pride in releasing a top class product then i doubt it

    for example if you read the help file a bit closely you would see it was given to a third class funky dude sweating out in sweatshops for peanuts like a monkey with an explicit order to find ollydbg and replace it with immdbg

    Version 1.0 is a final release. This project is closed and I will
    no longer support it. But don.t be afraid: Immunity Debugger 2.00,
    redesigned from scratch, will come soon!

    so is this for real ? putting out a debugger and closing it on
    first release ?
    and to echo the sentiments of many ive heard and talked with this phoning home and advertising in incomprehensible languages is simply undesireable and unwanted

    sure addition of python is cool ( a few .pys have popped up here and there so there is a potential )the integration of graphing is cool giving it out free is cool (this graphing hasnt gone into rigourous testing simply try graphing without an exe doesnt handle the exception gracefully)

    also there are a few glitches try hitting f4 while its actual hot key is alt+f3 (if you are mucking around a malware this kind of things are simply unacceptable )

    hope the team of authors are reading this and would possibly try to eliminate and improve upon

  14. #14
    Quote Originally Posted by Woodmann View Post
    Howdy,

    I have the highest regards for LLXX. I respect LLXX's opinion greatly.

    There are not many people I have higher respect of BUT, If the Nico I know (We have met) were to voice his opinion on this I would be very happy.

    Woodmann
    I doubt this "nicolas.waisman" is the same as the Nico you know. (I know that one you're talking about.)

  15. #15
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Woodmann, perhaps you're thinking about Nico Brulez.
    Nico Waisman, I personally don't have any problems with adware or auto-updating, however, since many people do, you may want to include an option to disable auto-update-checking (perhaps present the user with this option the first time they run your program).

Similar Threads

  1. Immunity Debugger v1.4
    By nicolas.waisman in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: March 28th, 2008, 23:29
  2. Immunity Debugger v1.4
    By OpenRCE_nicowow in forum Blogs Forum
    Replies: 0
    Last Post: February 5th, 2008, 00:12
  3. Immunity Debugger is now released!
    By OpenRCE_nicowow in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  4. Immunity Debugger v1.2
    By nicolas.waisman in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: October 2nd, 2007, 09:27
  5. Immunity Debugger v1.1
    By nicolas.waisman in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: September 4th, 2007, 00:03

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •