Announcing REVEN version 2.5

Jun 25, 2020
by Marc
Categories: REVEN -
Tags: REVEN - Announcement - Releases -

Tetrane is happy to announce the release of REVEN 2.5 Enterprise and Professional.

REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique analysis features that speed up and scale your reverse engineering process.

REVEN version 2.5 is packed with new features, from GUI and workflow improvements to ever better third party integration! This article covers some of the most important changes introduced in the REVEN 2.5 release.

Microsoft WinDbg integration

The REVEN server can now act as a Windows machine being debugged by WinDbg. Leverage the power of WinDbg by accessing a REVEN trace like a running VM and getting all the information you need to speed-up your analysis!

  • Use your usual debugging commands with REVEN!
  • Get the best of both Windbg debugging and REVEN timeless analysis.
  • Get even more from your Windows full-system trace using WinDbg extensions, for example using DbgKit to get a Process-Explorer-like view on a REVEN trace.

Easier VM workflow

Recording your very first scenario in REVEN is now easier and faster!

Among all RE tasks, setting up the environment may be cumbersome. In REVEN 2.5, a wizard guides you through the necessary steps for registering a VM, either one you already have, or a new one downloaded from the Internet, setting it up for use with REVEN, and in particular making it “lighter” for scenario recording.

  • Faster recording setup with easy registration and preparation of existing VMs.
  • NTLite template to easily deactivate useless components from Windows systems.

Better trace navigation

  • Improved Hexdump Memory widget.

When working on a trace for a while with REVEN before 2.5, the user would sometimes open many hexdump widgets during their analysis and then fumble to find which one is of interest at a particular moment.

Consequently, while retaining the possibility to open several hexdump widgets, the active hexdump window is reused by default when following a memory address. The new hexdump widget also comes with an history of previously visited addresses in that widget.

  • Easier trace navigation with a Zoomable Timeline.

This release also contains a new zoomable timeline, providing a zoomed view of the main timeline, making it much easier to distinguish between several neighboring search results or bookmarks.

Jupyter Notebook integration

Jupyter notebook is a web interface that allows, among other things, to execute Python code and prepare Markdown write-ups from your browser.

Jupyter Notebook is great for interactively experimenting with Python, taking notes on a scenario, or even building interactive views of what happens in a scenario. Previously, we already used Jupyter Notebook to share tutorials examples about the Python API , and you can even try these notebook interactively online !

REVEN 2.5 now includes a Jupyter Notebook server so that you can easily use the REVEN Analysis Python API on a given scenario from the Project Manager.

Plus, in Jupyter Notebook, clicking transitions will directly select them in Axion!

  • Easy Python scripting within REVEN with direct access from Jupyter notebooks.
  • Mix automated and interactive analysis with hyperlinks generated in Python that directly point the UI to relevant transitions.

Collaboration and bookmark management

Ever accidentally closed Axion without saving your bookmarks, wasting your time and sanity? Ever had a hard time remembering where on your machine the saved bookmark of an ancient scenario could be located?

Well, REVEN 2.5 will put an end to these annoyances, as the bookmarks of a scenario are now saved live with the scenario data.

Besides, bookmarks are automatically synchronized between Axion clients, making it easy to share key points of interest with other users in REVEN Enterprise.

Of course, the bookmarks are accessible using the Analysis Python API, allowing you to programmatically add and access them!

  • Easier collaboration and bookmark management with server side bookmarks.
  • Direct access to POIs identified during automated analysis with bookmarks creation within scripts.

Easier deployment

  • Install REVEN on any Linux using the provided Docker image.
  • AMD Ryzen support.

And More

  • Added an example script to search patterns, like a specific binary value, in memory.
  • Added methods to translate virtual addresses into physical addresses from the API.
  • Added an option to the VM pages to enable UEFI for QEMU VMs.
  • The search combobox now selects the item closest to the currently selected transition when browsing with F4/Shift-F4

The full list of improvements and fixes is available in the release notes.

Want to try REVEN? An extensive set of learning scenarios is available online, so just pick one from our demo catalog! Tutorials are available in most demos.

Interested in REVEN? Compare the features of REVEN Professional and REVEN Enterprise.

Next post: Tracing network data back to encryption
Previous post: Automated analysis of crashes or malware, and integration with fuzzers