Skip to content

Releases: rothackers/Rothalyx

ROTHALYX RE FRAMEWORK v1.0.3 - Branding And Packaging Refresh

09 Apr 20:12
@github-actions github-actions
v1.0.3
9ad1c5a

Choose a tag to compare

View all tags
ROTHALYX RE FRAMEWORK v1.0.3 - Branding And Packaging Refresh Latest
Latest

What's New in v1.0.3

Rothalyx Branding And Packaging Refresh

ROTHALYX RE FRAMEWORK v1.0.3 is a branding and release packaging refresh. This update completes the product rename from Zara to Rothalyx across the source tree, desktop resources, package metadata, SDK version strings, and release automation inputs.

Branding Update

  • Product-facing names updated from Zara to Rothalyx across the application, SDK, documentation, packaging, and release scripts.
  • Desktop asset names now use the rothalyx-re-framework slug consistently.
  • The native desktop application now ships with the refreshed Rothalyx logo assets for PNG, SVG, ICO, and ICNS targets.

Build And Packaging Alignment

  • CMake packaging metadata was renamed and aligned with the Rothalyx product identity.
  • Linux, macOS, Windows, and Arch packaging scripts now emit Rothalyx-branded artifacts and defaults.
  • Version metadata was bumped to 1.0.3 across the core project, package manifests, and public SDK surface.

Notes

  • This release is focused on product identity consistency and release artifact correctness.
  • Older release notes remain unchanged for historical versions.

Downloads

Platform Package File
Windows NSIS installer rothalyx-re-framework-1.0.3-Windows-AMD64.exe
macOS DMG rothalyx-re-framework-1.0.3-Darwin-arm64.dmg
Linux AppImage ROTHALYX_RE_FRAMEWORK-v1.0.3-x86_64.AppImage
Debian / Ubuntu DEB package rothalyx-re-framework_1.0.3_amd64.deb
Arch Linux Pacman package rothalyx-re-framework-1.0.3-1-x86_64.pkg.tar.zst
Checksums SHA256 checksums SHA256SUMS.txt
Assets 8
Loading

ZARA RE FRAMEWORK v1.0.1 — Security Hardening Release

07 Apr 19:11
@github-actions github-actions
v1.0.1
38d4763

Choose a tag to compare

View all tags
ZARA RE FRAMEWORK v1.0.1 — Security Hardening Release

What's New in v1.0.1

Security Hardening Release

ZARA RE FRAMEWORK v1.0.1 is a security-focused patch release that remediates all identified vulnerabilities from the comprehensive codebase audit. No new features are introduced — this release is purely hardening and defensive improvements.

Distributed Protocol Hardening

  • HMAC-SHA256 result signing: All worker RESULT messages are now cryptographically signed with per-session controller nonces. Unsigned or tampered results are rejected with constant-time HMAC verification.
  • Mutual TLS (mTLS): Added tls_verify_client, tls_client_certificate, and tls_client_private_key options. Controllers can now require client certificate verification to authenticate worker identity.
  • Platform allowlist advisory: Documented that the platform allowlist is self-reported and advisory — mTLS is the correct mechanism for adversarial identity verification.

Plugin Sandbox Hardening

  • Restricted builtins: Removed eval, exec, compile, __import__, setattr, delattr, globals, vars, type, open, breakpoint, memoryview, and dir from the sandbox builtins.
  • Introspection blocking: Blocked 16 class introspection attributes (__subclasses__, __bases__, __mro__, __class__, __globals__, __code__, __func__, __dict__, __builtins__, __reduce__, etc.) via attribute access interception.
  • Expanded deny list: Added socket, http, requests, signal, multiprocessing, threading, code, ast, inspect, gc, pickle, and marshal to the module deny list.
  • Cross-platform resource limits: Added signal.alarm() fallback for macOS and threading.Timer kill switch for Windows.
  • IPC message size cap: Added 1 MB maximum message size for plugin IPC communication.

AI Prompt Injection Mitigation

  • Input sanitization: Added sanitize_prompt_text() that strips control characters, null bytes, and 13 known prompt injection patterns from all binary-derived data before LLM prompt insertion.
  • Field length cap: Binary-derived prompt fields are truncated to 512 characters to prevent prompt flooding.

Desktop Application Hardening

  • Path traversal protection: Workspace project paths are now canonicalized and validated against the application data directory before loading.
  • Hash collision resistance: Database filename hash upgraded from SHA-1/48-bit (12 hex chars) to SHA-256/128-bit (32 hex chars).

Debugger Improvements

  • Ptrace capability pre-check: Added YAMA scope detection and actionable error messages for ptrace permission failures instead of cryptic EPERM errors.

Scripting

  • REPL security disclaimer: Added a security notice banner when starting the scripting REPL, warning that it runs with full process privileges and no sandbox.

Packaging

  • All platform packages updated (Windows, macOS, Linux AppImage, Debian, Arch Linux)
  • Current full test suite passing in the release branch

Downloads

Platform Package File
Windows NSIS installer zara-re-platform-1.0.1-Windows-AMD64.exe
macOS DMG zara-re-platform-1.0.1-Darwin-arm64.dmg
Linux AppImage ZARA_RE_FRAMEWORK-v1.0.1-x86_64.AppImage
Debian / Ubuntu DEB package zara-re-platform_1.0.1_amd64.deb
Arch Linux Pacman package zara-re-platform-1.0.1-1-x86_64.pkg.tar.zst
Checksums SHA256 checksums SHA256SUMS.txt
Loading

ZARA RE FRAMEWORK v1.0.0 - Initial Public Release

07 Apr 14:07
@github-actions github-actions
v1.0.0
529a76d

Choose a tag to compare

View all tags
ZARA RE FRAMEWORK v1.0.0 - Initial Public Release

What's New in v1.0.0

Initial Public Release

ZARA RE FRAMEWORK v1.0.0 is the first public release of the codebase. It packages the native desktop application, the reverse engineering core, the CLI, the public SDK, the plugin and scripting surfaces, and the cross-platform release pipeline in one repository.

Native Desktop Application

  • Native Qt desktop application as the primary user interface
  • Startup launcher for new and existing projects
  • Function, import, export, string, and cross-reference navigation
  • Disassembly, decompiler, CFG, call graph, hex, debugger, coverage, and annotation views
  • Workspace persistence, project databases, comments, type annotations, and version history

Analysis Core

  • PE, ELF, and Mach-O loading
  • Address-space mapping, rebasing, and symbol resolution
  • Disassembly through the architecture layer
  • Function discovery, CFG recovery, call graph generation, and cross-reference analysis
  • IR, SSA, optimizer passes, type recovery, and decompiler output
  • SQLite-backed project persistence and the public C SDK

AI Integration

  • Desktop Settings -> AI flow
  • Hosted provider support for OpenAI, Anthropic, and Gemini
  • OpenAI-compatible gateway support
  • Local LLM support for self-hosted model endpoints
  • OS-backed secret storage on Windows, macOS, and Linux

Packaging

  • Windows installer
  • macOS DMG
  • Linux AppImage
  • Debian package
  • Arch Linux package

Validation

  • Automated build and test coverage across the repository
  • Current full suite passing in the release branch
  • Release assets packaged through GitHub Actions

Downloads

Platform Package File
Windows NSIS installer zara-re-platform-1.0.0-Windows-AMD64.exe
macOS DMG zara-re-platform-1.0.0-Darwin-arm64.dmg
Linux AppImage ZARA_RE_FRAMEWORK-v1.0.0-x86_64.AppImage
Debian / Ubuntu DEB package zara-re-platform_1.0.0_amd64.deb
Arch Linux Pacman package zara-re-platform-1.0.0-1-x86_64.pkg.tar.zst
Checksums SHA256 checksums SHA256SUMS.txt
Loading