Cerbero Labs aims to create a perfect multitool for low-level professionals, thus new features and improvements are essential.
As an active partner of Cerbero Labs, we are proud to provide our customers with Cerbero Suite latest releases and updates.
Feel free to contact E-SPIN regarding product and related matter (if any). The details of the latest release and updates are presented in the manner where the latest release is shown at the top of the post and then followed with the previous releases.
Cerbero Suite 5.2 (Release 30-Nov-2021)
Cerbero Suite 5.2 with Cerbero engine 2.2 release introduces the Cerbero’s multi-processing technology that offers the ability to process isolation, increase stability for third party components and resolve the Global Interpreter Lock (GIL) in Python.
1. Multi-processing API
With multi-processing technology in Cerbero Suite 5.2, API is both flexible and easy to use.
The Multi-processing API is built on top of ZeroMQ which is an established ultra-fast messaging library and also work as clustered solutions.
2. Sleigh Decompiler Parallelisation
Parallelisation of sleigh decompiler is run on different processes with the new multi-processing technology. This ensures complete stability if there is issue in Sleigh as well as safe cancellation of decompiling operation.
Parallelisation of decompiler allows it to be initialised during file or database loading. This disimisses the initial delay when a decompiler is invoked.
Cerbero Suite 5.2 allows users to run decompiler using previous process being used from the Carbon setting.
3. Carbon Documentation
Cerbero Labs provide a fully documented API Carbon API to disassemble and decompile native binaries.
Carbon documentation for Cerbero Suite 5.2 includes many code examples which comprises of decryption of strings, disassembling of files, decompiling of functions and the creation of custom file loaders.
4. ZeroMQ Module
The new multi-processing technology in Cerbero Suite 5.2, depends on ZeroMQ, thus it is exposed to Cerbero’s Python SDK. Therefore, Cerbero Labs exposes C interface directly. In addition, a few methods is added to convert from and to bytes objects in Python.
Example 1: Basic client-server using send/recv.
from Pro.zmq import * import ctypes context = zmq_ctx_new() socket = zmq_socket(context, ZMQ_REQ) zmq_connect(socket, "tcp://localhost:5555") for i in range(1000): zmq_send_bytes(socket, b"Hello, world!", 0) print("info: sent") zmq_close(socket) zmq_ctx_destroy(context)
from Pro.zmq import * context = zmq_ctx_new() socket = zmq_socket(context, ZMQ_REP) rc = zmq_bind(socket, "tcp://127.0.0.1:5555") if rc == 0: while True: b = zmq_recv_bytes(socket, 13, 0) print(b) break else: print("error: couldn't bind to port") zmq_close(socket) zmq_ctx_destroy(context)
Example 2: Basic client-server using messages
from Pro.zmq import * import ctypes context = zmq_ctx_new() socket = zmq_socket(context, ZMQ_REQ) zmq_connect(socket, "tcp://localhost:5555") msg = zmq_msg_t() zmq_msg_init_bytes(msg, b"Hello, world!") rc = zmq_msg_send(msg, socket, 0) print(rc) print("info: sent") zmq_close(socket) zmq_ctx_destroy(context)
from Pro.zmq import * context = zmq_ctx_new() socket = zmq_socket(context, ZMQ_REP) rc = zmq_bind(socket, "tcp://127.0.0.1:5555") if rc == 0: msg = zmq_msg_t() zmq_msg_init(msg) while True: # wait until a message is received rc = zmq_msg_recv(msg, socket, 0) if rc != -1: print(zmq_msg_bytes(msg)) zmq_msg_close (msg) break else: print("error: couldn't bind to port") zmq_close(socket) zmq_ctx_destroy(context)
5. Optimised Logic Providers
Cerbero Suite 5.2 allows to define the type option for standalone tools.
Once defined, the init function of the logic provider must return False thus letting the logic provider to be served as a standalone tool instead of being a scan logic provider and prevents the creating a scan report.
6. Improved Custom View
Cerbero Suite 5.2 is updated with progress bar control and idle notifications to custom views.
Cerbero Suite 5.1. (Release 13-Oct-2021)
Packed with features and improvement, Cerbero Suite 5.1 and Cerbero Engine 2.1 will improve users experience in security and forensic field, as well as enterprise solutions for cloud file analysis.
1. Installable Packages
- With the introduction of installable packages in Cerbero Suite, developers are now able to create plugins which can be installed easily using just a few clicks.
- In addition, the package is compatible with Cerbero Suite and Cerbero Engine.
- Cerbero Suite 5.1 also allows packages to be encrypted and signed.
2. Improved Decompiler
Cerbero Suite Advanced 5.1 come with improved decompiler output.
The improvement includes detection and display of indirect string literal references which are now properly handled by carbon disassembler.
3. Local carbon structure
With Cerbero Suite 5.1, every assembly in a project can now have its own local structures which is make the import of data structures from PDB files convenient.
Cerbero Suite 5.1 also support shared structures.
4. Improved CFBF Format View
Users can now use the format view the analysis Microsoft Office legacy documents with text controls by previewing their name.
Watch the Cerbero Labs’ 150-seconds video analysis of an Emotet sample for part of its obfuscation strategy on how to make use of text controls.
5. Improved XLSB Support
Cerbero Suite 5.1 has better support in Microsoft Excel XLSB format.
6. Improved Silicon Excel Emulator
Cerbero Suite 5.1 is added with Formula Array support.
7. Hierarchy View Size Column
Now, users can easily prioritize their embedded files as the hierarchy view also display the size of file.
8. Improved File Dialogs
With the preview of actual file icons in all file dialogs is now disabled, thousands of folders can be opened more quickly and in secure manner.