Security Curve Weblog

Metasploit Reversing Toolkit | tiklooT gnisreveR tiolpsateM

The other day, I saw a link to the Metasploit Blog over on Emergent Chaos. Since I'm a regular user of Metasploit, I decided to check out the new blog, and what did I find? An introduction to the Metasploit Reversing Toolkit! Needless to say, I became very excited when I saw this; I remember cutting my teeth "back in the day" - filtering through the torrent of underground literature on the topic (only the smallest fraction of which were readable, let alone truly exceptional.)

I'll spare you the waxing nostalgic about my first copy of SoftIce or my first time I traced through BOZOSLIVEHERE - a name which I remember thinking was particularly apropos at the time (considering, at any rate, why I was tracing through it.) But it does seem to me that the Metasploit folks have it right once again; reverse engineering is even more important and useful today than it ever was, and it's getting harder and harder to do the more complex software becomes. Back in the day, most folks interested in the topic for its own sake were probably interested in cracking software or corporate espionage. Today, there is so much more to do - we have DRM components to find on our music CDs, "drive-by" spyware infestations to analyze, spurious binary components to audit, etc.; all these activities require a set of skills that are difficult to learn and seldom actively encouraged. In any event, I'm filled with optimism that Metasploit can do for reversing what they did for exploit code, although I'm only cautiously optimistic about the fact that they've chosen to develop it in Ruby.