Since CrowdStrike released our free Crowdsourced Reverse Engineering (CrowdRE) service in June, the team has been hard at work building new features that we were very excited to unveil at Black Hat USA 2012. The new features are a direct result of some of the great feedback that the community provided and we encourage more feedback on these new features. In an effort to lead by example the CrowdStrike Intelligence Team has committed nearly all of our current annotations to CrowdRE, you can immediately benefit from our reverse engineering efforts. We just created and posted the video below that demonstrates some of the latest features and how to set up the CrowdRE environment.
When CrowdRE was released at REcon in June the immediate feedback was to provide a Linux and Mac versions of the plugin, Jason Geffner during the presentation surveyed the audience and it was a mixed result of what version to focus on. Since there was interest for Mac and Linux, we decided to release both versions! To access the newest plugin visit http://crowd.re and you will see the following page:
The other feedback we received was that users did not want to share their annotations with everyone, and while CrowdRE was built to share reversing intelligence with as many people as possible, we understand that sometimes this data does need to be compartmentalized. The group feature is a way to limit the distribution of your annotations to a limited subset of CrowdRE users. This feature is simple to use and you may have seen the place holder for it in the CrowdRE UI over the last few weeks. The way this works is to:
- Create a group
- Add/invite friends to the group to share annotations with
- Crowd Reverse annotations with your group
CrowdRE users can create different groups for different projects and share annotations to those groups; this allows for example the formulation of working groups for particular malware families. An example might be to create a Zeus working group, in this situation members of that group may share annotations exclusively amongst themselves from Zeus reverse engineering projects to ensure all participants have the latest analysis.
The new release of CrowdRE also introduces what we have dubbed a ‘Karma’ rating. Historically the problem with sharing in a community setting is that people will take without giving. With this release of CrowdRE we set out to recognize those members of the community who are contributing the greatest and most usable annotations. We chose Karma based on the concepts associated with Karma in eastern philosophies, typically deed or action – committing annotations is a good action in CrowdRE and quality annotations are even better. As such users will build a Karma score based on their commits and as we progress as a community we will look at interesting ways to award and recognize high Karma scores. Personally I was just unseated as the highest Karma score and I am working on some new annotations to reclaim the crown!
CrowdStrike would like to pay special thanks to Ilfak Guilfanov and his Hex-Rays team for all the support they provided to the CrowdRE team to help navigate some of the unique challenges of building a portable IDA Pro plugin.