0xEBFE
/ dll_functions.txt
Created
November 30, 2016 00:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| advapi32.dll, ADVAPI32_1000 | |
| advapi32.dll, I_ScGetCurrentGroupStateW | |
| advapi32.dll, A_SHAFinal | |
| advapi32.dll, A_SHAInit | |
| advapi32.dll, A_SHAUpdate | |
| advapi32.dll, AbortSystemShutdownA | |
| advapi32.dll, AbortSystemShutdownW | |
| advapi32.dll, AccessCheck | |
| advapi32.dll, AccessCheckAndAuditAlarmA | |
| advapi32.dll, AccessCheckAndAuditAlarmW |
0xEBFE
/ FBI_hash.py
Created
November 30, 2016 00:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from idaapi import * | |
| from idautils import * | |
| def ROR(x, n): | |
| return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF | |
| def calc_FBI_hash(dllname, function): | |
| dll_hash = 0 | |
| for char in dllname: |
0xEBFE
/ diasasm.asm
Created
November 30, 2016 00:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; Input SHA256 : 3A74FBDF96B5E73F930F5887A82E4008FFB8484AE180DD3F7DE7480BC5577345 | |
| ; Input MD5 : 614D07EF7777CFF5CFDF741587A097DA | |
| ; Input CRC32 : B326AB6B | |
| ; --------------------------------------------------------------------------- | |
| ; File Name : D:\_anal_temp\shellcode2.bin | |
| ; Format : Binary file | |
| ; Base Address: 0000h Range: 0000h - 02FCh Loaded length: 02FCh | |
| .686p |
0xEBFE
/ Jumble_Mumble_solver.py
Last active
March 16, 2016 11:08
Jumble_Mumble_solver.py (python 3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| import hashlib | |
| def ROR(x, n): | |
| return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF | |
| def ROL(x, n): | |
| return ((x << n) | ((x) >> (32-(n)))) & 0xFFFFFFFF | |
| def matrix_print(matrix): |
0xEBFE
/ fonts_check_result.txt
Last active
December 27, 2015 07:39
My attempt to check signatures of font files (*.ttc and *.ttf) from Dragos Ruiu's #badBIOS kit.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| My attempt to check signatures of font files (*.ttc and *.ttf) from Dragos Ruiu's #badBIOS kit: | |
| https://plus.google.com/103470457057356043365/posts/K7WeA1gqH2h | |
| Used tools: | |
| Sysinternals Sigcheck v2.01: http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx | |
| mssipotf.dll - DLL file that implements a Subject Interface Package (SIP) for font files: http://www.microsoft.com/typography/developers/dsig/dsig.htm | |
| algcheck.exe - Homemade tool for checking signing algorithm and public key size | |
| Following files don't have digital signature: |