REVEN-Axion 2017v1.4.2
Change log

Every notable change to the REVEN project will be documented in this file.

See also the Python API changelog and the low-level Python API changelog.

Product Releases

Release 1.4.2 - 2017-07-14

Compatibility information

  • Scenarios recorded with version v1.4.0 and v1.4.1 are compatible.
  • Execution traces saved with version v1.4.1 are compatible.
  • Execution traces saved with version v1.4.0 are not compatible. You may want to regenerate them from their corresponding recorded scenarios.
  • The REVEN v1.4.2 Python API is not fully backward compatible. Scripts written for a previous version of REVEN may not work exactly as-is with REVEN v1.4.2 and may require minor changes. Please see the API changelog in the documentation.

Added / Changed

  • The Python API installers for Windows are now available from the REVEN server.
  • New examples of plugin in the documentation.

Fixed issues

  • T1633:
    • RvnKd script now shipped on Windows
    • Issue with paths on Windows when using the launcher's project_upload_file method: the full path is visible on the server.
    • Issue with file upload on Windows when using the launcher's project_upload_file method: the file is sometimes truncated.
  • T1619 - Python API demo scripts missing in Debian Packages.
  • T1618 - process.py does not free its connection to REVEN server.
  • T1617 - Team licence blocked by Axion plugin.
  • T1565 - Instruction PREFETCH & PREFETCHW now advertised as unavailable via CPUID.
  • Issue with AddressSpace.contains method in the python API.
  • Missing string after ETA in execution progress window in Axion.

Release 1.4.1 - 2017-06-30

Compatibility information

  • The scenarios recorded with version 1.4.0 are compatible.
  • The execution traces saved in v.1.4.0 are not compatible, but you simply have to re-execute your recorded scenarios.
  • The Python API is not fully backward compatible. Scripts written for a previous version of REVEN may not work exactly as-is with REVEN v1.4.1 and may require minor changes. Please see the API changelog in the documentation.

Added / Changed

  • A REVEN Python API usable from Microsoft Windows and from IDA Pro scripting interface.
  • Several examples of IDA Pro + REVEN Python scripts, such as:
    • Visualize in IDA the number of times a basic bloc is executed in a REVEN trace.
    • Add cross-references in IDA Pro from a REVEN trace.
  • New examples demonstrating the Python API (see Examples ).
  • T1490 - In Axion, new ability to define a symbol name for a sequence.
  • T1336 - In Axion, strings are sorted by creation absic in the "strings" widget (previously unsorted).
  • T1521 - QB-sync plugin renamed into IDA-sync
  • IDA-sync has been ported to newer Ret-sync, and no longer requires rebasing the IDA's binary to 0
  • Removed deprecated experimental inspector indirect_call_finder.
  • Removed deprecated experimental plugin strace
  • Numerous documentation improvements
  • Replaced the ambiguous term "scenario generation" with "scenario recording" in the documentation.

Fixed issues

The following issues have been fixed:

  • T1503 - REVEN doesn't handle library symbols in Debian Jessie.
  • T1502 - sysexit breaks sequence tree in Debian Jessie.
  • T1489 - Search criterion type is re-initialized when the user switches from one run to another in Axion.
  • T1457 & T1488 - No preset trace configuration is loaded when a manage preset dialog box is opened and a preset is selected.
  • T1458 - Backward taint does not taint the selected memory.
  • T1455 - Crash Reven when using the low python services memory_get_* on invalid execution point.
  • T1447 - The "Sequence split by a pagefault[...]" is not always present.
  • T1405 - MMU inconsistency between Python API and Axion.
  • T1443 - Call to services not allowed to run during the execution may cause REVEN to crash.
  • T1348 - reven.log doesn't mention "unsupported" instructions.
  • T1345 - Loss of memory taints on backward taint.
  • T1525 - The IDA-sync and gdbstub plugins fail to reset properly when changing projets.

Notable API changes

As stated before, the API is slightly incompatible. Here are a few notable API improvements; please see the dedicated API changelogs for a comprehensive list.

  • Miscellaneous API consistency improvements:
    • Many properties changed into methods, with setters when appropriate.
    • Fixed typographical errors
  • Changed memory read methods:
    • T1456 - New methods available in the Python API Memory class: read_[u8, i8, u16, i16, u32, i32, u64, i64, f32, f64]
    • T1579 - New default arguments when creating Memory object or when calling read_xxx to specify segment:
  • Replaced connected property with a is_connected() method that actually checks current status of the connection (Project.connected is not updated as would be expected).
  • New method L{Project.refresh} to manually refresh the cache.

Release 1.4.0 - 2017-01-20

Several style evolution for the User Documentation. Does not break scenario compatibility if correctly migrated, but some fixes require scenario regeneration to be applied. Note that sequence number might change from previous versions.

Does break python compatibility, and all saves will be unloadable.

Changed

  • Major symbol backend rework - see documentation.
  • Updated Axion to Qt5
  • Now ships VirtualBox 5
  • PCAP files are now downloaded from http server by default
  • Better IDA sync plugin
  • More criteria in search widget
  • Axion connection timeout is now much higher, since projects can take up to minutes to parse PDB files if cache is cold
  • Axion's error log is now a colored, message log
  • Axion's delta context is now per instruction, not per sequence
  • Sequence split conditions changed (not needed anymore on TLB flushes)
  • Hardened PE/Core Parser.
  • More robust linux binary loader: does handle PIC code correctly

Fixed issues

  • Various emulation issues:
    • VirtualBox FPU context bug
    • FPU exceptions on fsincos & fptan
    • Inspector's reads are now const
    • SSE exceptions support improved
    • Better handling of simultaneous interrupts and EPT violation on REPs
    • Undetected pages faults due to TLB inconsistencies and other various TLB-related issues. Requires scenario regerenation
    • Order of issued PFs on some instructions was wrong if both operands were unmapped
    • SIDT/SGDT instructions issues
    • FWORD operands were sometimes incorrectly disassembled
    • Display order of port I/O instructions was reversed
    • Eflags's RF bit was lost in some circumstances
    • Segment override issue on MOVS instruction
    • Flag correction on interrupts
    • Added support for psadbw, loope & loopne
    • Forced preemption from host to enhance synchronisation
    • Various unmanaged instructions are now advertised to guest as unavailable via the CPUID: XSAVE, MOVBE, POPCNT, RDRAND, and all SSE4.2 and AES instructions. In most cases this means the OS will refrain from using these, but note that this won't prevent an application from blindly doing so, in which case a desync will likely occur.
  • Multiple bugs on tainter:
    • Sometimes tainted memory interval was not properly propagated. Due to this, memory intervals are now displayed byte per byte. This will probably change in a future revision
    • Taint propagation issues on REP instruction
    • Out-of-bounds last_tainted_point issues
    • Backward taint on first instruction could cause crash
  • Issues in hexdump:
    • Unaligned segment's pages could be incomplete
    • Access duplication or missing
    • Missing accesses with exec_after_write inspector
    • various fixes on physical history
  • Axion crash when combining trace filtering (PMF) and sequence tree view filtering
  • Consistency issue in reven.rc's optional fields
  • Crash with licence server
  • Cron cleaning job sometimes stole the /tmp/reven project, preventing further project opening
  • Better UI for cancelling scenario recording
  • No more issues when Axion's client machine has no configured network interface
  • Plugin widgets now restore in their previous states, just like any other widget
  • Better handling of /tmp being full
  • VM names can now contain spaces.
  • Automatic scenario recording used to fail on binary with spaces in their names
  • Allow multiline bookmarks.
  • Previous/next inconsistency on split sequences
  • Error on reven daemon start used to lead to 100% CPU consumption
  • Issues with file uploading, using Axion or Python API
  • Many fixes to prevent crashes when manipulating unexpected or nonexistent execution points.

And other smaller or internal additions and fixes.

Known issues

  • Various unsolved emulation problems:
    • Eflags are sometimes wrong (parity flag in particular)
    • Interrupts should have priority over page faults when both happen at the same time
    • Accessed flag is updated for page on access that actually cause write protection fault
    • Hardware accesses sometimes appear to be duplicated
    • Instruction RDRAND and RDSEED are disassembled as VMPTRLD and VMPTRST. See the faq for more info.
  • Gdbstub plugin will not work as expected by IDA on big traces (slow breakpoint set)
  • Previous taint button has an inconsistent behavior when the taint is over.
  • Python API's Project.connected property is not updated as would be expected.
  • Python API behavior may not report failure of connection when no licence is available.

Release 1.3.1 - 2016-05-25

Does not break scenario, save or python compatibility.

Fixed

  • Fix "binaries not mapped" bug due to a change in dump_process for windows.
  • Cleaner cron job used to chown /tmp/reven to root, breaking further executions.

Release 1.3.0 - 2016-05-02

Added

  • New Python API based on the previous, low-level api. It simplifies many common uses, and wraps specific knowledge into a much more pythonic API.
  • Native support for PDB files, we don't require converting them into our own format anymore.

Changed

  • Low level python renamed from reven to reven_api.
  • Huge improvements on the FPU edge cases and flag management.
  • Improvements on SSE edge cases as well as ~10 new instructions implemented.
  • MMU is now closer to actual hardware.
  • Better handling of invalid instructions.
  • Matching between a binary file & its PDB is now based on the GUID & version number, as intended.

Fixed

  • Various bugs fixed on hardware sync.
  • Two bugs fixed on VBox, including a crash on early VNC connection.
  • Axion UI bugs fixed.
  • Fixes and improvements to the, still unsupported, tainter graph experimental feature.

Release 1.2.0 - 2015-12-02

Added

  • Gdbstub plugin provides a gdb-compatible interface for communicating with REVEN.
  • QbSync plugin now supported: enables synchronisation between IDA and Axion.
  • PCAP extraction & sync with Wireshark.
  • RvnKd: create a core dump file which WinDBG can read.
  • (Experimental) Tainter Graph: a more interactive taint procedure.
  • (Experimental) Strace-like: parses the execution trace and analyses the system calls.
  • Added missing SSE instructions from common programs.
  • Handle multiple anti-disassembly tricks used in obfuscated binaries.

Changed

  • FPU is more precise on exception flags.

Fixed

  • Various bugs fixed on hardware sync.

Release 1.1.0 - 2015-10-27

Changed

  • multiple improvements on emulation and scenario creation.

Fixed

  • Fix python API unusable types.

Release 1.0.0 - 2015-03-30

  • Initial release.