Skip to content

Instantly share code, notes, and snippets.

Avatar

codecolorist ChiChou

View GitHub Profile
@ChiChou
ChiChou / iproxy.py
Last active Aug 4, 2020
iproxy based on frida
View iproxy.py
import asyncio
import concurrent.futures
import frida
pool = concurrent.futures.ThreadPoolExecutor(max_workers=4)
def make_handler(dev: frida.core.Device, port:int, buffer_size=4096):
async def handler(reader, writer):
View ctree_rename.py
import idc
import idautils
import idaapi
import ida_funcs
import ida_name
import ida_bytes
import ida_nalt
import ida_hexrays as hr
View phase.py
import os
# preinstalled python is python2
filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent'
evil = '''
<!---><!-->
<key>platform-application</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>
@ChiChou
ChiChou / README.md
Last active May 26, 2020
Recursively scan all executables in a folder and generate IDA databases in parallel
View README.md

Recursively scan all executables (PE, ELF and MachO!) in a folder and generate IDA databases in parallel

Usage

node batch.js [path]

View frida-lockdown.py
import frida
import struct
import plistlib
class Channel(object):
def __init__(self, name=''):
self.name = name
self.dev = frida.get_usb_device()
self.pipe = self.dev.open_channel('lockdown:%s' % name)
@ChiChou
ChiChou / pwn2own.json
Created Dec 16, 2019
Pwn2Own bugs from ZDI offcial site
View pwn2own.json
[
{
"idYear": "11",
"idBase": 249,
"zdiId": "ZDI-11-249",
"zdiCan": "ZDI-CAN-1159",
"affectedVendors": "Microsoft",
"cve": "CVE-2011-1347",
"publishDate": "2011-08-09",
"lastUpdate": "",
@ChiChou
ChiChou / test.js
Last active May 17, 2019
frida.re trace child process without enable_spawn_gating()
View test.js
const fs = require('fs')
const { promisify } = require('util')
const frida = require('frida')
async function main() {
const read = promisify(fs.readFile)
const source = await read('trace.js')
const opt = { runtime: 'v8' }
View cfprefs.m
#import <Foundation/Foundation.h>
#include <sandbox.h>
int sandbox_init_with_parameters(const char* profile,
uint64_t flags,
const char* const parameters[],
char** errorbuf);
#define SANDBOX_PROFILE "/System/Library/Frameworks/WebKit.framework/Versions/A/Resources/com.apple.WebProcess.sb"
#define SANDBOX_NAMED_EXTERNAL 0x0003
@ChiChou
ChiChou / sort-ver.js
Created Feb 25, 2019
opensource.apple.com sort by version
View sort-ver.js
(() => {
const trs = document.querySelector('table').querySelectorAll('tr')
const rows = [].slice.call(trs, 3, trs.length - 1)
const footer = trs[trs.length - 1]
const sorted = rows.sort((a, b) => {
const parse = tr => tr.querySelector('td:nth-of-type(2) a').textContent
.match(/((\d+\.?)+)\.tar\.gz/)[1]
.split('.')
.map(s => parseInt(s, 10))
View int64.babel.js
import { Struct } from "./utils";
function operator(target, name, descriptor) {
const oldValue = descriptor.value;
descriptor.value = function() {
if (arguments.length != oldValue.length)
throw Error("Not enough arguments for function " + name);
for (let arg of arguments)
if (!(arg instanceof Int64))