Skip to content

hexgraph: v0.8.0

Latest
Latest

Choose a tag to compare

View all tags
@branover branover released this 19 Jun 14:53
hexgraph-v0.8.0
f50397d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

0.8.0 (2026-06-15)

Features

  • bound Ghidra analysis of a large monolith — size-scaled mem/tmpfs + cgroup heap + fast-profile (F13 heap half) (#248) (6b710db)
  • dedup byte-identical extracted firmware children at unpack (F08) (#249) (e922699)
  • expose AFL source-fuzz knobs (bug oracles / path coverage / cmplog) in the Fuzz modal (#222) (3061daf)
  • hidden-by-default firmware children + recon-as-enrichment + selective reveal (#229) (f6d8a76)
  • ingest wrapped firmware whose rootfs sits deep behind a proprietary header, plus an unsupported-container fallback (G01) (#246) (6322b68)
  • ingest/promote flag packed containers + report inner children (F07, F09) (#241) (85e5403)
  • make AFL source-fuzz knobs (bug oracles / path coverage / cmplog) controllable via MCP + settings (#220) (4375dc3)
  • make target_ingest summary-first and finding_list filterable/paginated (#225) (552c7d9)
  • meta_check_features reports the policy gates (F04) (#243) (53bfb3f)
  • net_udp_request + verify_poc udp transport — complete the UDP live-surface path (F22) (#230) (1948eea)
  • paginate + filter fs_list so it's usable on large firmware (F05) (#240) (fe5ad41)
  • re_decompile_function surfaces the promoted node id + re_imports/binutils_facts docs (F11, F12) (#244) (b92f13c)
  • re_disassemble_range — raw ADDRESS+LENGTH disassembly for a CFG blind spot (F16) (#236) (b7f6cfa)
  • re_list_strings filters the FULL string table (binutils), greppable + paginated (F13/F15) (#235) (635458c)
  • setup: just refresh sanity-sync + fix silent Ghidra build-arg bug (#221) (9d86c5b)
  • size-aware sandbox probe timeout so a large monolith's first analysis isn't killed at 300s (F13) (#247) (9a397d8)
  • surface findings on hidden targets via a Findings-panel toggle (#238) (44281be)
  • VR skill — spine + capability sub-files, full-engagement orchestration (#210) (707846b)

Bug Fixes

  • adopt AFL++ v5.00c — remove AFL_SKIP_BIN_CHECK (real root cause of the 5.x abort) (#219) (a83df79)
  • bounded write-retry + sanitize DB errors at the MCP seam (#224) (0d06d81)
  • capture pipeline runs on system Chrome + a focused journal screenshot (#209) (8c1500d)
  • checkpoint task Observations so a late failure can't discard completed analysis (F11-1b) (#234) (bb43971)
  • decompiler & xref fallbacks for stripped firmware (#226) (1df37c3)
  • dogfood papercuts batch (F14, F18, F05, F01, F02, #226/#230/#232 nits) (#233) (cdfd1bf)
  • eliminate the desock/AFL forkserver race (preeny→libdesock) + guard the slow test tier (#237) (c11e308)
  • findings/proving papercuts — reachability sink override, finding_record schema, verified pagination, assurance honesty (#232) (b5e04e9)
  • guarantee evidence_json reads as a dict at the column boundary (#250 follow-up) (#251) (8682065)
  • hypothesis click opens inspector regardless of graph LOD + export includes hidden children (#231) (6bf91f7)
  • journal polish — UTC timestamps, tab-bar wrap, README, screenshot (#207) (2a87b77)
  • open journal node @-mention in the inspector even when not loaded in the graph (#228) (30566f6)
  • pin AFL++ to v4.40c in the fuzz image (unblock source-instrumented campaigns) (#212) (049f9af)
  • stop confident false-positive findings in the angr solver + taint core (#227) (a768ad0)
  • tag the decompiler fallback so r2dec output isn't read as Ghidra (F16) (#242) (fe02d4a)
  • tolerate a non-dict evidence_json on findings read (no more 500) (#250) (e1be53d)
  • tolerate a non-dict NESTED value in agent-authored evidence (no 500) (#252) (c0ae62e)

Documentation

  • dogfood implementation plan (gt-axe11000) (#223) (45abc5e)
  • forbid committing real-engagement information to the public repo (b307a27)
Assets 2
Loading