Hacker News: not_a9

New comment by not_a9 in "(Re//Verse 2026) Taxonomy and Deobfuscation of a Real World Binary Obfuscator [pdf]"

not_a9 — Thu, 11 Jun 2026 15:06:28 +0000

The actual presentation: https://www.youtube.com/watch?v=3LtwqJM3Qjg.

An interesting look at what modern code obfuscation looks like, the example used being Riot Vanguard's kernel mode component.

(Re//Verse 2026) Taxonomy and Deobfuscation of a Real World Binary Obfuscator [pdf]

not_a9 — Thu, 11 Jun 2026 15:06:28 +0000

Article URL: https://github.com/AnalogCyberNuke/RE-Verse-2026-Slides/blob/main/Reverse26.pdf

Comments URL: https://news.ycombinator.com/item?id=48491376

Points: 2

# Comments: 1

New comment by not_a9 in "Static Devirtualization of Themida"

not_a9 — Sat, 06 Jun 2026 23:58:37 +0000

They include a fun follow-up with a stronger obfuscator: https://www.youtube.com/watch?v=3LtwqJM3Qjg

New comment by not_a9 in "I built a vulnerable app and spent $1,500 seeing if LLMs could hack it"

not_a9 — Fri, 05 Jun 2026 06:27:44 +0000

You can still hit guardrails with this enabled for your account. Had a silly moment a day or so ago when Claude Code hit the guardrail after a web search (presumably because the websearch contained badbad anticheat stuff like https://github.com/0avx/0avx.github.io/blob/main/article-3.m...). Codex with the ID verification has no qualms like this.

New comment by not_a9 in "Expanding Project Glasswing"

not_a9 — Wed, 03 Jun 2026 20:02:49 +0000

> only ppl using AI are shops with clueless ppl getting flooded in nonsense.

Are Hex-Rays and Vector35 clueless?

New comment by not_a9 in "Please Do Not Vibe Fuck Up This Software"

not_a9 — Sun, 31 May 2026 23:59:22 +0000

> There is undoubtedly AI-written code in the Linux kernel now

You can grep commit logs by “Assisted-By” these days and there sure is a whole bunch of LLMs.

New comment by not_a9 in "Google's Antigravity bait and switch"

not_a9 — Thu, 21 May 2026 19:16:11 +0000

Visual Studio and Visual Studio Code are different beasts.

New comment by not_a9 in "Linux gaming is faster because Windows APIs are becoming Linux kernel features"

not_a9 — Sat, 16 May 2026 13:45:50 +0000

Either everyone on Earth who’s working on this has a skill issue (which is probably hubris?) or there’s not enough differing humanized enough aimbot from human aim (note: Valve manages to screw up even here, with cheaters in Premier basically rage aimbotting these days IIRC)

In addition, there’s not much these things can do against subtler stuff like ESP.

New comment by not_a9 in "Frontier AI has broken the open CTF format"

not_a9 — Sat, 16 May 2026 13:38:54 +0000

I’m interested in finding out how attack-defense style CTFs are affected by slopping. ENOWARS skorbor will probably significantly differ from the last time around.

New comment by not_a9 in "Linux gaming is faster because Windows APIs are becoming Linux kernel features"

not_a9 — Thu, 14 May 2026 20:09:25 +0000

Games very much are using server-side statistics analysis for cheat detection. Valve made a presentation about it and Epic has an API for feeding game state data to ML anticheat for aimbot detection (game-specific and in addition to their existing anticheat measures)

It’s just that it doesn’t work.

New comment by not_a9 in "Linux gaming is faster because Windows APIs are becoming Linux kernel features"

not_a9 — Thu, 14 May 2026 20:07:16 +0000

Aren’t most DMA cards just PCI-E FPGA things? In any case, DMA doesn’t magically make your shit UD - you can look at Unknowncheats and see.

New comment by not_a9 in "Linux gaming is faster because Windows APIs are becoming Linux kernel features"

not_a9 — Thu, 14 May 2026 20:04:58 +0000

Does Wine have any debugging tools with equivalent developer experience to Visual Studio’s debugger?

New comment by not_a9 in "Show HN: Building a web server in assembly to give my life (a lack of) meaning"

not_a9 — Sun, 10 May 2026 21:48:03 +0000

You could also do a trick some Windows stuff does - parse syscall indices from said dylib.

New comment by not_a9 in "Metal Gear Solid 2's source code has been leaked on 4chan"

not_a9 — Sun, 03 May 2026 22:56:02 +0000

I’m interested in how LLMs handle obfuscated code. Throw LLM with IDA MCP at EasyAntiCheat_EOS.sys or the like (as the most common examples of heavily obfuscated software) and see how far they can get.

New comment by not_a9 in "Denuvo has been cracked in all single-player games it previously protected"

not_a9 — Sun, 03 May 2026 22:47:33 +0000

Anticheats will still have obfuscated code for obvious reasons (they don’t want to be reversed). Not sure they don’t induce some performance drop too - though maybe smaller compared to bad Denuvo implementation.

New comment by not_a9 in "Denuvo has been cracked in all single-player games it previously protected"

not_a9 — Sun, 03 May 2026 22:44:22 +0000

>written by non-kernel-devs

What exactly separates a kernel dev from a non-kernel dev?

New comment by not_a9 in "Denuvo has been cracked in all single-player games it previously protected"

not_a9 — Sun, 03 May 2026 22:39:05 +0000

Do the cracks still need you to disable Hyper-V (which leads to disabling WSL and whatever else)?

In addition, I’m not sure why they’re enabling test signing instead of using kdmapper or the like. Sure, anticheats will get way more mad at you having a manual mapped driver, but one imagines rebooting once (after playing your cracked video game) beats rebooting twice (to enable test signing, then after playing the game).

The funny thing is I remember reading about using hypervisor crap to bypass Denuvo in ~2020 (actually the post is from 2019, https://www.unknowncheats.me/forum/2410412-post14.html)

New comment by not_a9 in "Claude Code refuses requests or charges extra if your commits mention "OpenClaw""

not_a9 — Thu, 30 Apr 2026 20:30:17 +0000

FYI this does not work for CTF challenges at least - I’ve seen a lot of rev/pwn challenges try to add magic refusal strings/prompt hijacking and models really don’t give a damn.

Applied Reverse Engineering: Crude T&E for Control-Flow Tracing

not_a9 — Sun, 12 Apr 2026 21:33:45 +0000

Article URL: https://revers.engineering/applied-re-crude-te-for-control-flow-tracing/

Comments URL: https://news.ycombinator.com/item?id=47744768

Points: 1

# Comments: 0

New comment by not_a9 in "Veracrypt project update"

not_a9 — Wed, 08 Apr 2026 13:14:42 +0000

https://community.osr.com/t/locked-out-of-microsoft-partner-... Could be a related issue to this? Maybe Microsoft just doesn’t want driver developers for whatever reason.