Wednesday, 1 January 2014

Debian radare2 0.9.6 published and broken Bokken.

I have just published the radare2 0.9.6 packages for Debian in the Inguma Debian repository (http://deb.inguma.eu).  They are in their way to the official archives, but due to several new packages, it will take them a while to reach unstable as they have to go through the FTPmasters' manual approval.

We have been using radare2 0.9 as the base API in Bokken (it was the latest packaged), for the past two years, and this new release breaks the internal r2 API in several ways, so Bokken is not able to load a single binary.

Over the course of the next few days I will be adapting the code to talk to radare again and to force specific versions of the API to make sure this is a less likely event.

See you in mercurial!

Friday, 20 April 2012

Moving towards Inguma 0.5


It's been quite a long time since our last update so let me show you what has been going on these last weeks.

Inguma 0.5


After the last Bokken release we have focused on Inguma 0.5 development and now I'm going to show you some of the new features we have been working on.

We've done some GUI improvements in order to make it simpler, cleaner and to integrate the last Bokken release:



Look at the new main button that integrates all the common tasks and the simplified toolbar. Also the right panel has been improved by adding expand/collapse buttons as well as filter buttons by Target OS.



The Vulnerabilities panel has gained in eye candyness and functionality with the expand/collapse buttons or the "Open with Bokken" menu option.



Most of the work for this release has been focused on the Terminals tab, which has been redesigned and greatly improved.



As you can see, it now features many buttons to manage terminals and its contents as well as a filesystem panel that integrates perfectly with terminals and the rest of the GUI. From here you can import and load host lists, nmap scans, Inguma modules... and more.

Finally, the new feature that joins all the new changes is what we have called Listeners. By creating listeners you can now connect with your compromised targets and go ahead with post-explotation. :) Let's see how it works.

In order to listen for reverse connections, or directly connect to a exploited target, simply create a local or remote listener on the toolbar popup.



You will see the newly created listener in the right panel, under Listeners tab, as well as its status: connected or listening. From here you can disconnect or destroy them using the menu.

Once you have connection with a compromised target you will be able to interact with it on the Terminals tab, but this is still WIP :)

Of course Bokken has been updated to the latest release on the Reversing tab.

RootedCon 2012


On March 1st, 2nd and 3rd the RootedCon security event was held in Madrid and one of our developers, Hugo Teso, was there to talk about Inguma, Bokken and how to use it in security research.

The talk, entitled Inguma 0.5 RedWagon, exposed the ability of Inguma and Bokken to study the security of an uncommon system, in this case Unmanned Aerial Vehicles (UAS), both amateur and comercial ones. For this purpose a special edition of Inguma was coded, featuring UAV Command and Control software, with more protocols added to the network fuzzers among others.

The UAV C&C is an integrated WASP Ground Control Station, modified to be able to handle different UAV Autopilots (AP), from configuration and compilation to run and control:



Within the C&C tab many APs can be configured and run, either in SITL or HITL, such as ArduPilot Mega, Paparazzi or WASP. After using the Fuzzers to find vulnerabilities, either the Networking or the C&C tabs can be used to exploit a vulnerable UAV, depending if the vulnerability affects the GCS or the UAV directly.

In order to reverse-engineer the vulnerable AutoPilot or Ground Control Station, Bokken with Radare2 core was used, so the whole process of vulnerability finding, development and exploiting has been done with Inguma and Bokken :)



Here you can see some fotos of the talk and some slides.

As you can see, the lack of news doesn't mean lack of activity as we have been really busy :) Stay tuned for more updates and upcoming releases!

Tuesday, 24 January 2012

Bokken 1.6 is more stable and easier to install

A month and a half after having released Bokken 1.5, the Inguma/Bokken team is proud to present a point release to our baby Bokken.  The download page can be found here!

The main changes in 1.6 are:

  • Fixed a security bug due to a predictable temporary file creation (a Debian developer reported it the very first day in the archive, yay!).
  • Fixed some obvious usability issues and crashes when opening new files inside Bokken.
  • Now Bokken is better prepared at using a system-wide pyew, for example, or being installed somewhere else than your home directory (like distributed as a Debian package :-) ).  Some of the images and icons were not working previously.
  • In the meantime, we started to import Bokken 1.5 into Inguma and quickly realized that: a) some of the UI changes scheduled for next Inguma release could fit into Bokken (read here eating up the top toolbar and menubar), and b) a lot of the migration work could be simplified if we use a simpler frame to embed Bokken in (and thus into Inguma in the long run).

This means that when you use Bokken 1.6 you may notice a somewhat unusual menu bar:

Bokken 1.6 running on Windows 7


Inspired by MyPaint, we got rid of menu bars (no more File/Edit/... menus) and together with some other buttons in the top toolbar, we replaced them with a big button that comprises most of the previous functionality:

Close capture of the new toolbar in Bokken 1.6
running on Debian Linux wheezy


In other order of things, we have been releasing .deb packages since the 1.5 release, together with the rest of dependencies (python-radare2, pyew, etc.), and they have reached the official Debian archive (http://packages.debian.org/bokken). Today we are also proud to present a signed APT repository that you can easily add to your /etc/apt/sources.list in your favorite Debian/Ubuntu/Debian-compatible distribution to follow more closely our development:

deb http://deb.inguma.eu/ stable main

For more information and instructions for retrieving the repository signing key, please see the new installation in Debian and derivatives wiki page.

Enjoy it!  And remember: please report to the team any bugs you may find, through Redmine, our ticketing system.

Monday, 23 January 2012

Inguma T-Shirts, and updated Inguma server

The Three Wise Men came for Christmas with some presents:

  • We partnered with a Spanish site to sell Inguma T-shirts.
  •  Our server has duplicated its physical memory!  Yay!



The shirts are available through Camisetas Frikis site (as far as we know, only in Spanish for the moment), and with every purchase, you will be contributing with 3 € to the project (see below!). If you want to order any and Google Translate is not up to the job, the best thing you can do is to write to info(AT)camisetasfrikis.es with your order or any questions.  Their staff will reply to you promptly!

With the yearly server renewal we decided to scratch our pockets and spend more money in memory.  The web server has been fighting for resources during the last months with the rest of the processes in the box.  Now there're cookies for everyone. :-)  Maybe with the T-shirts we will be able to subsidize some of our expenses, coming exclusively from our pockets.

Thanks for your time and stay tuned for the upcoming release of Bokken 1.6!

Wednesday, 7 December 2011

And finally... Bokken 1.5

Once the development has finished, radare2 0.9 has been released and the project site has been updated, the moment has arrived: Bokken 1.5 is here!

Take a look at the previous post to read some of the new features of this release and keep reading to see most of them in detail; for the rest... install Bokken and enjoy them!

As mentioned before, one of the most important features added is the support of radare2 as backend. So now Bokken can work with either Pyew or Radare, each one having its own advantages and drawbacks.

Most of the development efforts for this release have gone to improve the GUI in order to make it cleaner and easier to use.


The disassembly view has gained in interactivity, and now it features, among others:
  • Code navigation by clicking over: functions, basic blocks, address, section names, etc...
  • Add comments, view and follow xrefs or view opcode information by right-clicking on a code line.

The graph tab has been improved mainly if radare backend is used; if so, the graph will show flowgraph or callgraph and popup a xrefs menu if a node is right-clicked.


Even the hexdump has received some love and now has syntax highlighting and selected bytes will be disassembled.


If the radare backend is used, a new tab will be added with extended target information like entry points, symbols, imports, sections and strings.


Do you want to use Bokken to find the exploit of the latest patched vulnerability from your favorite vendor? Congrats! Bokken 1.5 features for the first time a binary diffing plugin that can be used with radare.


Other plugins added are:
  • Assembler/Disassembler: create and export assembly code snippets in many architectures.
  • Visual representation of binary sections.
  • Advanced calculator with many input and output formats.
  • File magic identification.
Finally, if you have problems with x86 assembly, stack inners or other issues, take a look at the RCE cheat sheet included.


There are many other new hidden features awaiting to be discovered on this release, too much to be mentioned here; take a look at the project documentation to discover and learn about them. Now it's time for you to download and install :-)

Windows installer and debian packages will be available soon but, meanwhile, manual installation is easy and straightforward.

We hope you enjoy this release as much as we did working on it and, as always, send us your feedback, bugs, and requests to our mailing list:

bokken-devel at inguma.eu

Special thanks for this release go to:

  • @trufae and @earada for radare2, their help and testing
  • @zxlain for the OSX testing and encouragement
  • @huahe for the incredible logo

Thanks and stay tuned (in @ingumito)!

Wednesday, 26 October 2011

A new release is coming

Once again it's been a long time since our last update. The team has switched gears and now we are in a sprint to finish a new release of Bokken. As you probably know, Bokken is the RCE utility that we use in Inguma, and we have been very busy adding tons of features and polishing the interface.

If Bokken 1.0 had 39 commits, for the new release we are near 200, so expect lots of changes, bug fixes and improvements. Let's view some of the major ones.

The first thing you will notice is that the GUI has changed dramatically, not just to be adapted to the new features but we also have made many changes in order to make it clearer, more intuitive and easier to use. But a picture is worth a thousand words:


"Coming soon", "WIP" or "for the next release" are expressions that the Inguma team doesn't like, so another major feature of Bokken 1.5 has been to remove the "soon" regarding the radare backend! And yes, we made it.

Now Bokken can be used with all the power of radare and the ease of use of our GUI. Take a look at the radare website to learn about the features of this powerful backend.



Also almost all the views/tabs of Bokken have received some amount of love and have new features or improvements like:
  • The long-awaited code navigation.
  • Improved flowgraph view.
  • More interactive hexdump.
  • Many new features for working with URLs
  • New plugins like: (yes!) bindiffing, calculator, assembler, and more...
And that's all for now. Complete and detailed information of all the new features will be shown in the upcoming release post.

Don't forget to follow us on the project's twitter and send your ideas and comments to our mailing list:

bokken-devel (at) inguma.eu

Stay tuned.

Wednesday, 14 September 2011

Inguma 0.4 is out!

Trying to follow a three months release cycle, today we are proud to announce the next version of the Inguma Project, in short Inguma v0.4. As always, let's see the new features we added this time:
  • The GUI has been modified and cleaned in order to give more space to the most active areas like the network map, the RCE interface or the exploits/fuzzing areas.
    • Last opened/saved KB are now easily accesible on the toolbar.
    • A warning icon appears in the "Logs" tab when new content is available.
    • The bottom status bar has gained more functionality showing information regarding KB in use and targets or vulnerabilities discovered.
  • We have updated Bokken subproject to the last stable version available, v1.0. It features an interactive mode, better code disassembly and analysis and better integration with Inguma's GUI. More information about Bokken can be found here.
  • The systray functionality allows now to hide the Inguma GUI while it's working and it will warn you once the running modules have finished.
  • A new fuzzing tab has been added to the Exploits workspace with two different fuzzers: Krash and Scapy.

    • Krash fuzzer has been part of Inguma project for a while but now it can be used directly from the GUI. Just select the target, the packet to be fuzzed and press start. Read more about Krash fuzzer here.
    • The Scapy fuzzer is a GUI wrapper to the scapy's fuzz function that makes network fuzzing very easy. It's fully drag-and-drop-driven and, in order to start, you just have to compose a packet by dropping layers, select the layers/fields to be fuzzed and select an output directory to save the sent and received packets.
  • The CLI interface has received some attention again and a few new shortcuts like '?' for help or '..' to go back to the main menu are now available in nearly all the modules.
    • Inguma CLI now works better on MacOS with autocompletion and key bindings.
    • All the fuzzing modules are now under the fuzzers category and have been fixed.
Inguma v0.4 Copyright (c) 2006-2008 Joxean Koret Copyright (c) 2009-2011 Hugo Teso
Type 'help' for a short usage guide. inguma> nmapscan inguma/nmapscan> ?
Inguma's Nmap Interface Help ------------------------------
help Show this help nmaphelp Show Nmap's help nmap Execute Nmap with options specified exit Exit from nmapscan interface
inguma/nmapscan> .. inguma> .. Exit.
  • Some additional minor changes include:
    • A new module to find subdomains is now available.
    • The option to automatically audit a new target has been added to the "New target" dialog.

    • Lots of code refactoring and bugs fixed.
Get the new release here while is hot, and stay tuned about the latest Inguma and Bokken developments at the project mailing lists or the Twitter profile.

Contributors