Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-09-2026, 12:46
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 471
Rept. Given: 11
Rept. Rcvd 32 Times in 25 Posts
Thanks Given: 69
Thanks Rcvd at 256 Times in 97 Posts
WhoCares Reputation: 32
Claude Fable 5 wrote a booting, NT-shaped Rust kernel in 38 minutes

Claude Fable 5 wrote a booting, NT-shaped Rust kernel in 38 minutes, with later work on Claude Opus growing it to run real Windows binaries.

Security startup Tolmo published a transcript-level account of Claude Fable 5 writing a booting, NT-shaped kernel in Rust from an empty directory in 38 minutes of active model work.

By the company's account it built the trusted computing base, booted in an emulator, passed its own self-tests, and root-caused its own low-level bugs, then over 8 more days, mostly on Claude Opus 4.8, grew to load unmodified Windows drivers and run real Windows binaries.

https://github.com/msuiche/nanokrnl

An NT-compatible kernel written in Rust: the architecture, abstractions, and (where it matters) the exact constants and layouts of the Windows NT kernel, rebuilt as a modern, memory-safe, freestanding Rust codebase. It boots on x86-64, runs real, unmodified Microsoft user binaries (cmd.exe, more.com, …) on its own NT syscalls, loads a genuine null.sys PE driver, and proves itself with a self-test suite on every boot.

It runs natively under QEMU and in your browser, via nanox, a bespoke ~60 KB x86-64 WebAssembly emulator that boots the unmodified kernel image directly in long mode, with no threads, no SharedArrayBuffer, and no COOP/COEP headers.

https://nanokrnl.ai
__________________
AKA Solomon/blowfish.

Last edited by WhoCares; 07-09-2026 at 23:07.
Reply With Quote
The Following 5 Users Say Thank You to WhoCares For This Useful Post:
chants (07-10-2026), Fyyre (07-10-2026), Ibrahim_Mihai (07-10-2026), MarcElBichon (07-09-2026), soviet (07-10-2026)
  #2  
Old 07-10-2026, 03:11
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 830
Rept. Given: 47
Rept. Rcvd 52 Times in 32 Posts
Thanks Given: 739
Thanks Rcvd at 1,147 Times in 530 Posts
chants Reputation: 52
Very cool. In terms of safety, I do see 53 .rs files with "unsafe": https://github.com/search?q=repo%3Am...pe=code&l=Rust

So it seems safety guarantees are still not assured - there should be some sort of formal proof/verification metadata extension for Rust that allows unsafe regions to be proven safe. Otherwise I consider these to be "cheating"
Reply With Quote
  #3  
Old 07-10-2026, 05:23
Ibrahim_Mihai Ibrahim_Mihai is offline
Friend
 
Join Date: Feb 2026
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
Ibrahim_Mihai Reputation: 0
Quote:
Originally Posted by chants View Post
Very cool. In terms of safety, I do see 53 .rs files with "unsafe": https://github.com/search?q=repo%3Am...pe=code&l=Rust

So it seems safety guarantees are still not assured - there should be some sort of formal proof/verification metadata extension for Rust that allows unsafe regions to be proven safe. Otherwise I consider these to be "cheating"
Cheating? Look who's talking!

Well, there is still the same "unsafe code" issue with the vibe-coded decompilers you posted last week:
https://forum.exetools.com/showthread.php?t=21666
This is always a problem with vibe-coded content.

OTOH, at least the nanokrnl above is a excellent proof-of-concept of something that was only a pipe dream for many years.
If you've actually read the whole article carefully, you can see that it was meant only as a PoC and not for production use anyway!

A nano Windows kernel booting through a hand-built emulator in the browser, on its own NT syscalls, is quite an achievement.

Kudos to the creators of the nanokrnl projext!
Reply With Quote
  #4  
Old 07-10-2026, 07:20
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 830
Rept. Given: 47
Rept. Rcvd 52 Times in 32 Posts
Thanks Given: 739
Thanks Rcvd at 1,147 Times in 530 Posts
chants Reputation: 52
So this isnt the correct location to discuss this, prefer on the thread itself but it was hand written only the Ghidra protocol update, IDA SDK support update and some GUI bug fixes were "vibe coded" but also with harnesses to do automated headless IDA testing and such. Testing across Angr gives some solid proof and stability. Care was taken. Managing the details between two very different tool interfaces is a pretty massive undertaking especially when both are moving targets. Feel free to criticize the work. Though it can be more productive to make your own contributions.
Reply With Quote
  #5  
Old 07-10-2026, 08:43
Ibrahim_Mihai Ibrahim_Mihai is offline
Friend
 
Join Date: Feb 2026
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
Ibrahim_Mihai Reputation: 0
You are criticizing a ground-breaking project by posting a generic Github search URL based on a string search for "unsafe code" in the repo. And you are talking about appropriateness, LOL.
There is not even any qualified discussion of the resultant search results.
It would have been more appropriate had you spent a few minutes explaining the findings or more importantly, suggesting solutions to avoid the unsafe code.
Rather, you just make it look like a hurried jealous criticism of an awesome project.

Did you try the same generic search on your own repo?
https://github.com/GregoryMorse/GhidraDec

You have included a lot of proprietary IDA SDK code in your repo which is of course illegal.
I don't know if this is an oversight or a blatant disregard for the IP rights of Hexrays.

At least the nanokrnl project does not have any illegally obtained code in their repo!
Reply With Quote
  #6  
Old 07-10-2026, 10:26
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 830
Rept. Given: 47
Rept. Rcvd 52 Times in 32 Posts
Thanks Given: 739
Thanks Rcvd at 1,147 Times in 530 Posts
chants Reputation: 52
The search was for "unsafe" on .rs files which is a legitimate analysis surface and point of safety concern and something interesting to discuss. Merely an observation - and I literally suggested a solution but you will clearly need to re-read my post.

Look you are ruining this thread which was on topic previously and going way off topic. Just delete your posts - move the criticism to the appropriate thread and this might be a worthwhile discussion.

There is legitimately *zero* IDA SDK material in the repository, just typical API bindings. Do you know how to read and understand code? You've not pointed out a single line. Looks like you are engaging in harassment for the pure sake of harassment. If there is an issue with "vibe coding" or what you claim to be proprietary source which there are not, then simple cite it. Citing a whole repo is just trolling.
Reply With Quote
  #7  
Old 07-10-2026, 13:16
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 433
Rept. Given: 26
Rept. Rcvd 130 Times in 67 Posts
Thanks Given: 54
Thanks Rcvd at 838 Times in 307 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by Ibrahim_Mihai View Post
You have included a lot of proprietary IDA SDK code in your repo which is of course illegal.
I don't know if this is an oversight or a blatant disregard for the IP rights of Hexrays.
IDA's SDK is open source and licensed under MIT. What are you talking about lol..?
Code:
https://github.com/HexRaysSA/ida-sdk
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following User Says Thank You to atom0s For This Useful Post:
Ibrahim_Mihai (07-10-2026)
  #8  
Old 07-10-2026, 14:11
Ibrahim_Mihai Ibrahim_Mihai is offline
Friend
 
Join Date: Feb 2026
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
Ibrahim_Mihai Reputation: 0
Quote:
Originally Posted by atom0s View Post
IDA's SDK is open source and licensed under MIT. What are you talking about lol..?
Code:
https://github.com/HexRaysSA/ida-sdk
Seems that it is free from the (very recent) IDA 9.2 update: https://hex-rays.com/blog/open-sourcing-ida-sdk
Thanks for bringing this up.

@chants I am not trying to harass. All I am saying is that the nanokrnl project is a ground-breaking achievement and is a very good start.
It is good to focus on the positive rather than on the negative.
That, and the project has just started. I'm sure they are working on making it more secure.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 16:59.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )