HackerTrans
TopNewTrendsCommentsPastAskShowJobs

joecarpenter

no profile record

comments

joecarpenter
·4 ay önce·discuss
Great analysis!

The Go binary was also compromised, but there's almost no information what the compromised binary did. Did it drop a python script? Did it do direct scanning?

If trivy docker image was used, what's the scope (it does not include python).
joecarpenter
·5 ay önce·discuss
In my case I'm decompiling into C and it does a pretty good job at translation. There were situations where it missed an important implementation detail. For example, there is an RLE decompressor and Gemini generated plausible, but slightly incorrect code. Gemini 3 Pro was not able to find the bug and produced code that was similar to Gemini 3 Flash.

The bug was one-shotted by GPT 5.2.
joecarpenter
·5 ay önce·discuss
Reverse engineering with LLMs is very underrated for some reason.

I'm working on a hobby project - reverse-engineering a 30 year old game. Passing a single function disassembly + Ghidra decompiler output + external symbol definitions RAG-style to an agent with a good system prompt does wonders even with inexpensive models such as Gemini 3 Flash.

Then chain decompilation agent outputs to a coding agent, and produced code can be semi-automatically integrated into the codebase. Rinse and repeat.

Decompiled code is wrong sometimes, but for cleaned up disassembly with external symbols annotated and correct function signatures - decompiled output looks more or less like it was written by a human and not mechanically decompiled.
joecarpenter
·7 ay önce·discuss
Isn't it the opposite? From the link: Scores range from -100 to 100, where 0 means as many correct as incorrect answers, and negative scores mean more incorrect than correct.

Gemini 3 Flash scored +13 in the test, more correct answers than incorrect.
joecarpenter
·10 ay önce·discuss
Well, there's also mine https://github.com/VectorOps/know with some details what it does and how: https://vectorops.dev/blog/post-1/