2.1.0-beta

Highlights

  • Scenario Import/Export: Scenarios can now be exported to share and/or archive them. Refer to the Project Manager documentation for more details.
  • Full-web client interface: VMs and Axion can now be used directly in the web browser, meaning Reverse Engineers can use REVEN from any Linux, Windows or MacOS client and without any client installation. This feature is currently disabled by default and can be enabled in settings.py. Please refer to the installation documentation for more details.

Improvements

Project manager (Quasar 2.1.0-beta)

  • Light OSSI resource: in order to analyze a scenario with OSSI information, one needs to prepare the snapshot of the scenario and extract the full filesystem (FS) of the VM. While this operation is still required, it is now possible to generate a light FS scenario resource that only contains the files involved in the scenario. This new resource allows to:
    • Unprepare a snapshot, which will delete the full FS and preserve only the light FS, saving disk space.
    • Download PDBs only for the binaries present in the light FS, thus saving bandwidth, time and disk space.
  • QEMU snapshot management has been improved:
    • Disk and live snaphots can now be deleted from the UI.
    • The RAM size is now displayed in MB rather than GB for greater flexibility.
    • A new custom_options field allows user-defined QEMU options to be passed when preparing a VM or recording a scenario.
    • The RAM size, network options and custom options can be overriden in a snapshot inheriting from a parent snapshot, or before recording a scenario.
  • Parameters for the Strings replayer can now be configured in the Project Manager settings.

Axion

  • Adding a bookmark now systematically sets the bookmark on the currently selected transition in the Trace view. Previous behavior was widget dependent and possibly confusing.
  • A new --maximize option allows to start Axion as a maximized window.

REVEN server

  • Taint: Direct Memory Write Accesses (DMA) now correctly untaint memory.
  • Taint: the user is warned when the taint encounters FPU instructions, that are not currently supported.

Fixed issues

Project manager (Quasar 2.1.0-beta)

  • Tasks: improvements in error handling.
  • Fixed some performance issues in page generation.
  • PDB downloading: fixed bug where download would fail for file paths containing spaces.
  • Various fixes and UI improvements in the VMs, scenario and task/sessions pages.

Axion

  • Strings widget: improved stability.
  • T2723 - Fixed bookmarking bug where bookmarking a sequence was sometimes impossible.
  • T2781 - Trace view: fixed bug where the trace view could be empty.
  • T2995 - Fixed percent plugin not working anymore after update.
  • T2767 - Fixed Hexdump scroll up "warping" to an unspecified location.

REVEN server

  • Taint: fixed some correctness issues.
  • Windows OSSI: fixed possible infinite loop while getting the modules of a process.
  • T2989, T2406 - Fixed possible REVEN server crash on startup.