Skip to content

Instantly share code, notes, and snippets.

View iddoeldor's full-sized avatar

iddoeldor

View GitHub Profile
@eybisi
eybisi / dex.h
Created August 14, 2023 22:35
Dex header file to use in IDA
/*
* Copyright (C) 2008 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
@miticollo
miticollo / proc.ts
Last active April 1, 2024 19:09
An incomplete `lsof` for iOS implemented in frida
/*
* This is example shows how to use CModule, Typescript, and ObjC.
* It lets us see what files are opened by the target process (`getpid()`).
* It is lsof for iOS but implemented in frida.
*
* How to run?
* frida -U -n <target> -l proc.ts
* In REPL:
* rpc.exports.fds();
*
@romainl
romainl / vanilla-surround.md
Last active April 28, 2024 19:59
Poor man's Surround

Poor man's Surround

The following shows how to replicate some of Surround's features if you don't happen to have it installed.

NOTE: We only dealt with the simplest cases, here, and the convoluted nature of some of these commands shows how well designed and useful that plugin is. And let's not talk about all the corner cases it handles.

Install it, it's worth it.

The list

@incogbyte
incogbyte / mixunpin.js
Last active May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@incogbyte
incogbyte / oneliners.md
Last active October 31, 2023 04:03
One liners recon
  • FFUF fuzzing paths + Domains
    • assetfinder http://DOMAIN.COM | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'ffuf -w wordlist_paths -u @/FUZZ -mc 200 -H "Content-Type: application/json" -t 150 -H "X-Forwarded-For:127.0.0.1"'
  • LFI testing
    • gau HOST | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
@incogbyte
incogbyte / dorks.txt
Created July 11, 2022 12:51
small google foo, search info about targets domains.txt
"site:ideone.com | site:codebeautify.org | site:codeshare.io | site:codepen.io | site:repl.it | site:justpaste.it | site:pastebin.com | site:jsfiddle.net | site:trello.com | site:.attlasian.net "target" "
@tewilove
tewilove / relf2koji.c
Created March 3, 2022 10:37
My own elf packer for ARM/AARCH64.
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <stddef.h>
#include <stdio.h>
@eduardoarandah
eduardoarandah / .vimrc
Created January 12, 2022 19:56
My .vimrc configuration
" I split my config into separate files so my real ~/.vimrc is just:
" source ~/scripts/.vimrc
" source ~/scripts/.vimrcplugins
" Update everthing:
" PlugUpgrade
" PlugUpdate
" CocUpdate
scriptencoding utf-8 " basic
set nocompatible " basic
@tewilove
tewilove / 903KC_dlpager.py
Created July 22, 2021 07:56
Uncompress ROX segment for Qualcomm modem firmware.
#/bin/env python
from idautils import *
from idaapi import *
from ida_bytes import *
from ida_segment import *
PAGE_SIZE = 4096
# Tested version:
@eybisi
eybisi / hook_dexloader.js
Last active October 28, 2023 19:16
frida script for hooking loaded classes with the help of dexclassloader init
Java.perform(function(){
let ThreadDef = Java.use('java.lang.Thread');
let ThreadObj = ThreadDef.$new();
function stackTrace() {
console.log('------------START STACK---------------')
let stack = ThreadObj.currentThread().getStackTrace();
for (let i = 0; i < stack.length; i++) {
console.log(i + ' => ' + stack[i].toString());
}
console.log('------------END STACK---------------');