Is rust good choice for hacking and reverse engineering?


#1

Hello,
I’m working on reverse engineering, fuzzing and vulnerability research.
We know most of OS related exploits written in C and Rust have compatibility, so they can write in Rust too, in the other hand, rust syntax can cause some complexity for newbies.
I have a plan to developing an opensource hacking library that something like of pwntools.
What do you think about this? can this idea successful in Rust ?


#2

Hi @uncotion,

I don’t see why it would not work well to have such a framework written in Rust. There are some considerations that could slow down payload crafting at present, but a library to implement this should be doable. Namely, I’m unsure how payloads can be compiled such as mentioned here.

The current implementations of security in Rust are mentioned in this thread. You’ll see that there is a fuzzing group. And a secure coding group.

Rust should have some advantage over Python in cases where brute force attacks are possible, due to higher performance. Another advantage is that the runtime size will be much less than Python, allowing for launching the exploits from small systems.


#3

Thinking about this a bit more, I realise that a Rust implementation of something like pwntools can be useful for pivoting within a compromised system. A step in compromising infrastructure is to gain access to one computer and then to install exploit tools on that computer and use it to pwn other systems on the same internal network. Since Python has a huge runtime, it’s not generally feasible to try to install Python on the compromised machine if it does not already have it.

Since Rust compiles well to several architectures, it would be a powerful way to generate small payloads that are highly compatible with the target network.