| Command | IDA Pro | radare2 | r2 (visual mode) | GDB | WinDbg |
|---|---|---|---|---|---|
| Analysis | |||||
| Analysis of everything | Automatically launched when opening a binary | aaa or -A (aaaa or -AA for even experimental analysis) | N_A | N_A | N/A |
| Navigation |
AmunRha
/ QilingLabs2021_Solution.py
Created
July 22, 2021 22:08
This is my solution to QilingLabs by thezero from ShielderSec.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is my solution to the QilingLabs by thezero | |
| # from ShielderSec | |
| # Link: https://www.shielder.it/blog/2021/07/qilinglab-release/ | |
| from qiling import * | |
| from qiling.os.mapper import QlFsMappedObject | |
| from qiling.const import QL_VERBOSE | |
| import struct | |
| rootfs = "/mnt/d/rootfs-master/x8664_linux" |
AmunRha
/ 2k_disassembler.py
Last active
July 21, 2021 20:18
This gist contains all the files required to solve the challenge 2k from redpwnctf21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # helper is a custom helper script containing parse, opcode desc, etc | |
| from helper import * | |
| rsp = [] | |
| ctr1 = 0 | |
| v13 = 0 | |
| dctr = 0 | |
| ii=0 | |
| data = [0]*100 | |
| op_desc = OPCODE_DESC |
AmunRha
/ discount_vmprotect.py
Created
June 25, 2021 19:58
This is an alternative way to solve the X MAS CTF 2019 challenge Discount VMProtect by instrumenting the binary with the help of intel pintools
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import string | |
| START_CHAR = "|" | |
| POSSIBLE_CHARS = "|" + string.digits + "}{_-" + string.ascii_uppercase + string.ascii_lowercase | |
| def get_count(cmd): | |
| pipe = os.popen(cmd) | |
| pipe.readline() | |
| count = pipe.readline().split()[1] |
AmunRha
/ _practice_disasm.rs
Last active
June 23, 2021 23:26
Disassembler for a simple VM crackme challenge written in C and rust and python, cause why not?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const bytecode: [i16; 85] = [ 0x14, 0x00, 0x01, 0x0F, 0x04, 0x15, 0x0F, 0x0E, 0x53, 0x14, | |
| 0x01, 0x14, 0x02, 0x14, 0x03, 0x14, 0x04, 0x01, 0x08, 0x13, | |
| 0x01, 0x09, 0x37, 0x01, 0x0A, 0x01, 0x01, 0x0B, 0xF0, 0x01, | |
| 0x0C, 0x0F, 0x01, 0x0D, 0x90, 0x01, 0x07, 0xAD, 0x15, 0x27, | |
| 0x0E, 0x2C, 0x03, 0xEA, 0x07, 0x19, 0x01, 0x07, 0xE9, 0x15, | |
| 0x17, 0x0E, 0x37, 0x03, 0xEA, 0x07, 0x48, 0x07, 0x49, 0x01, | |
| 0x07, 0xCB, 0x15, 0x47, 0x0E, 0x44, 0x03, 0xEA, 0x07, 0x3D, | |
| 0x07, 0x3C, 0x07, 0x39, 0x01, 0x07, 0x16, 0x15, 0x37, 0x0E, | |
| 0x53, 0x03, 0xEA, 0x16, 0x0E ]; |
AmunRha
/ _hell86_disasm.c
Last active
October 24, 2022 17:44
Disassembler for hell86 crackme by ttlhacker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<stdio.h> | |
| #include<stdint.h> | |
| #include<stdlib.h> | |
| #include<string.h> | |
| uint8_t bytecode[] = | |
| { | |
| 0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x08, 0x09, 0x00, 0x0F, 0x0B, 0xE4, 0xA1, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0A, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x0F, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x14, 0x00, 0x0A, 0x08, 0x0F, 0x0B, 0xDA, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <fstream> | |
| #include "pin.H" | |
| using std::cerr; | |
| using std::ofstream; | |
| using std::ios; | |
| using std::string; | |
| using std::endl; | |
| #define OFFSET 0xfff |
AmunRha
/ disasm_crackme_3kctf21.py
Last active
June 23, 2021 21:51
This is the solve script and output for the Crack Me challenge from 3kctf21 which implements a custom VM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data = opcode[2048:] | |
| rbp = [0]*4 | |
| opcode = [0x06, 0x00, 0x00, 0x06, 0x01, 0x01, 0x06, 0x02, 0x02, 0x06, 0x03, 0x03, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x01, 0x08, 0x00, 0x00, 0x05, 0x00, 0x02, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x08, 0x00, 0x00, 0x06, 0x00, 0x04, 0x06, 0x01, 0x05, 0x06, 0x02, 0x06, 0x06, 0x03, 0x07, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x01, 0x08, 0x00, 0x00, 0x05, 0x00, 0x02, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x08, 0x00, 0x00, 0x06, 0x00, 0x08, 0x06, 0x01, 0x09, 0x06, 0x02, 0x0A, 0x06, 0x03, 0x0B, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x01, 0x08, 0x00, 0x00, 0x05, 0x00, 0x02, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x08, 0x00, 0x00, 0x06, 0x00, 0x0C, 0x06, 0x01, 0x0D, 0x06, 0x02, 0x0E, 0x06, 0x03, 0x0F, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x0 |
AmunRha
/ year3000_solve.py
Created
April 27, 2021 21:10
This is a solution for the challenge year3000 using gdb scripting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gdb | |
| import os | |
| ins_32 = ['x/i 0x65E', 'x/i 0x665', 'x/wx 0x2008'] | |
| ins_64 = ['x/i 0x816', 'x/i 0x81D', 'x/gx 0x201010'] | |
| SIZE_32 = 5468 | |
| SIZE_64 = 6136 | |
| def parse(info): |
AmunRha
/ ida-vs-r2-vs-gdb.md
Created
April 8, 2021 11:46
— forked from trib0r3/ida-vs-r2-vs-gdb.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from itertools import cycle | |
| from secret import flag | |
| key = "XOR_OP" | |
| # the cipher list: cipher = [27, 27, 20, 44, 16, 39, 105, 59, 58, 111, 58, 36, 7, 23, 29, 13, 16, 97, 43, 16, 62, 107, 34, 99] | |
| for i, j in zip(cycle(key), flag): | |
| cipher.append(ord(i)^ord(j)) |