Recursively scan all executables (PE, ELF and MachO!) in a folder and generate IDA databases in parallel
Usage
node batch.js [path]
codecolorist ChiChou
View awake.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // frida -U --attach-frontmost -l awake.js | |
| ObjC.schedule(ObjC.mainQueue, () => { | |
| try { | |
| ObjC.classes.UIApplication.sharedApplication().setIdleTimerDisabled_(ptr(1)) | |
| } finally { | |
| } | |
| }) |
View iproxy.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import concurrent.futures | |
| import frida | |
| pool = concurrent.futures.ThreadPoolExecutor(max_workers=4) | |
| def make_handler(dev: frida.core.Device, port:int, buffer_size=4096): | |
| async def handler(reader, writer): |
ChiChou
/ ctree_rename.py
Last active
June 27, 2020 07:48
View ctree_rename.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| import idautils | |
| import idaapi | |
| import ida_funcs | |
| import ida_name | |
| import ida_bytes | |
| import ida_nalt | |
| import ida_hexrays as hr | |
View phase.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| # preinstalled python is python2 | |
| filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent' | |
| evil = ''' | |
| <!---><!--> | |
| <key>platform-application</key> | |
| <true/> | |
| <key>com.apple.private.security.no-container</key> | |
| <true/> |
ChiChou
/ frida-lockdown.py
Last active
April 9, 2020 16:50
View frida-lockdown.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import frida | |
| import struct | |
| import plistlib | |
| class Channel(object): | |
| def __init__(self, name=''): | |
| self.name = name | |
| self.dev = frida.get_usb_device() | |
| self.pipe = self.dev.open_channel('lockdown:%s' % name) |
View pwn2own.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "idYear": "11", | |
| "idBase": 249, | |
| "zdiId": "ZDI-11-249", | |
| "zdiCan": "ZDI-CAN-1159", | |
| "affectedVendors": "Microsoft", | |
| "cve": "CVE-2011-1347", | |
| "publishDate": "2011-08-09", | |
| "lastUpdate": "", |
View cfprefs.m
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #include <sandbox.h> | |
| int sandbox_init_with_parameters(const char* profile, | |
| uint64_t flags, | |
| const char* const parameters[], | |
| char** errorbuf); | |
| #define SANDBOX_PROFILE "/System/Library/Frameworks/WebKit.framework/Versions/A/Resources/com.apple.WebProcess.sb" | |
| #define SANDBOX_NAMED_EXTERNAL 0x0003 |
View sort-ver.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (() => { | |
| const trs = document.querySelector('table').querySelectorAll('tr') | |
| const rows = [].slice.call(trs, 3, trs.length - 1) | |
| const footer = trs[trs.length - 1] | |
| const sorted = rows.sort((a, b) => { | |
| const parse = tr => tr.querySelector('td:nth-of-type(2) a').textContent | |
| .match(/((\d+\.?)+)\.tar\.gz/)[1] | |
| .split('.') | |
| .map(s => parseInt(s, 10)) |
ChiChou
/ int64.babel.js
Created
December 17, 2018 10:50
View int64.babel.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { Struct } from "./utils"; | |
| function operator(target, name, descriptor) { | |
| const oldValue = descriptor.value; | |
| descriptor.value = function() { | |
| if (arguments.length != oldValue.length) | |
| throw Error("Not enough arguments for function " + name); | |
| for (let arg of arguments) | |
| if (!(arg instanceof Int64)) |
NewerOlder