← Back to context

Comment by darkamaul

3 days ago

One of the use case of décompilation is bug hunting / vulnerability research. And that’s still one of the use cases where AI isn’t that good because you must be precise.

I’m not saying that won’t change but I still see a bright future for reversing tools, with or without AI sidekicks (like the BN plugin)

3 comments

darkamaul

Reply
hhh  3 days ago

I used codex 5.1 yesterday to point at a firmware blob and let it extract and explore it targeting a specific undisclosed vulnerability and it managed (after floundering for a bit) to read the Lua bytecode and identify and exploit the vuln on a device running the firmware.

  • gf000  3 days ago

    Do you have a write up of what exactly happened, how trivial the vulnerability was?

never_inline  3 days ago

If anything, vulnerability research should be good target for AI because failure to find an exploit isn't costly (and easily verified) but 1 in N success is very useful.