The CTREE is built from the optimized microcode (maturity at CMAT_FINAL
), it represents an AST-like tree with C statements and expressions. It can be printed as C code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
XZ Backdoor symbol deobfuscation. Updated as i make progress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab | |
use it on macOS: cc poc.c -o poc while True; do ./poc ; done | |
*/ | |
#include <errno.h> | |
#include <signal.h> | |
#include <fcntl.h> | |
#include <stdio.h> | |
#include <stdlib.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#TODO write a description for this script | |
#@author Chengbin, MyriaCore | |
#@category Functions | |
#@keybinding | |
#@menupath | |
#@toolbar | |
#TODO Add User Code Here |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Java.perform(function () { | |
var act = Java.use("android.app.Activity"); | |
act.getIntent.overload().implementation = function () { | |
var intent = this.getIntent() | |
var cp = intent.getComponent() | |
console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName()) | |
var ext = intent.getExtras(); | |
if (ext) { | |
var keys = ext.keySet() | |
var iterator = keys.iterator() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
/* | |
CVE-2020-8515: DrayTek pre-auth remote root RCE | |
Mon Mar 30 2020 - 0xsha.io | |
Affected: |
This gist contains lots of my written IDAPython snippets.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<script type="text/goscript"> | |
package main | |
import "fmt" | |
func bring_your_own_gadgts(x uint64, y uint64, z uint64, w uint64, v uint64) uint64 { | |
var a uint64 = 0xc3050f585a5e5f58; | |
var b uint64 = 0xdeadbeefdeadbeef+1 | |
var c uint64 = 0xdeadbeefdeadbeef+2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* ### | |
* IP: GHIDRA | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software |
Radare 2 动态调试 - 数据修改简易入门示范
以下部分内容直接从 Telegram 频道 duangsuse::Echo 拷贝,许可 CC-BY
Radare 2 是著名的开源跨平台逆向分析框架,能够读取多种文件格式、支持很多动态分析调试器、有很多种前端(诸如基于 Qt 的 Cutter)可以使用,也可以远程调试,支持插件并且 CLI 非常方便,能够进行许多厉害的静态分析。
Radare 2 堪比商业软件 IDA,R2 工程组里是有前端的,只不过他们比较喜欢推广 CLI Shell 而已,有些人可能认为 R2 没有前端只能用 CLI,实际上 R2 的 HTML 前端是非常友好的,也非常适合进行远程调试 这里 R2 在开源系逆向工程工具里的地位就好像类似于 KODI 在 Home Theater 软件里的地位了,自由软件一家独大
NewerOlder