Skip to content

Instantly share code, notes, and snippets.

💭
I may be slow to respond.

Ryan Welton Fuzion24

💭
I may be slow to respond.
Block or report user

Report or block Fuzion24

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View kasan_results
[ 0.000000] Linux version 4.5.0-rc2+ (fuzion24@bitbox) (gcc version 6.0.0 20160221 (experimental) (GCC) ) #4 SMP Mon Feb 22 14:12:37 EST 2016
[ 0.000000] Command line: root=/dev/sda
[ 0.000000] x86/fpu: Legacy x87 FPU detected.
[ 0.000000] x86/fpu: Using 'lazy' FPU context switches.
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fffdfff] usable
[ 0.000000] BIOS-e820: [mem 0x000000007fffe000-0x000000007fffffff] reserved
View all_tz_functions.md
LOAD:FE82CDA8                 DCD aTzbsp_pil_init     ; "tzbsp_pil_init_image_ns"
LOAD:FE82CDAC                 DCD 0x3D
LOAD:FE82CDB0                 DCD tzbsp_pil_init_image_ns+1
LOAD:FE82CDB4                 DCD 2
LOAD:FE82CDB8                 DCD 4
LOAD:FE82CDBC                 DCD 4
LOAD:FE82CDC0                 DCD 0x805
LOAD:FE82CDC4                 DCD aTzbsp_pil_auth     ; "tzbsp_pil_auth_reset_ns"
LOAD:FE82CDC8                 DCD 0x3D
View gist:c4bbc8938c197554b62a
bitbox ➜ aosp find . -type f -name "*.java" -print0 | xargs -0 -r grep -E --files-with-matches --null -- "(public|private) native" | xargs -0 -r grep -E --files-with-matches -- "implements (Serializable|Parcelable)"
./frameworks/ml/bordeaux/learning/stochastic_linear_ranker/java/android/bordeaux/learning/StochasticLinearRanker.java
./frameworks/base/media/java/android/media/MediaPlayer.java
./frameworks/base/graphics/java/android/graphics/Region.java
./frameworks/base/core/java/android/view/InputChannel.java
./frameworks/base/core/java/android/hardware/camera2/impl/CameraMetadataNative.java
./external/chromium_org/chrome/android/java/src/org/chromium/chrome/browser/ChromeBrowserProvider.java
./libcore/libart/src/main/java/java/lang/String.java
./libcore/libart/src/main/java/java/lang/Class.java
@Fuzion24
Fuzion24 / Patching-CVE-2015-1474.md
Last active Sep 25, 2015
Patching CVE-2015-1474 -- Remotely exploitable graphics buffer overflow on my Nexus device (N5 5.0.1)
View Patching-CVE-2015-1474.md

This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).

Building patched libui for your nexus device

repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16

cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
View chrome_tor.sh
#! /bin/sh
#Opens Chrome canary (or Chromium or w/e CHROME_PATH points to) in igcognito mode.
#Uses very popular user agent
#Sets Tor as the socks proxy
CHROME_PATH="/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary"
tor &> /dev/null & \
View -
/* CVE-2014-0196 DOS PoC [Written May 5th, 2014]
* by DigitalCold <digitalcold0@gmail.com>
*
* Note: this crashes my i686 Gentoo system running 3.12.14
* and an old Backtrack 5r3 running 3.2.6. Any advice on how to gain
* code exec would be greatly appreciated.
*
* Usage: gcc -O2 -o pty pty.c -lutil && ./pty
*
* CVE: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0196.html
View AddJavascript.md

Android 5.0

I/chromium( 6890): [INFO:CONSOLE(37)] "AddJavascriptInterface: top[Android]: com.WebAppInterface@3847a08c - 
error: Access to java.lang.Object.getClass is blocked", source: http://[REDACTED].com/ (37)

For applications targeting Android >= 5.0, you can enumerate the methods available from inside javascript. "Enumeration of methods will be enabled for applications targeting API levels newer than KitKat (to preserve compatibility with older apps)."

@Fuzion24
Fuzion24 / CVE-2013-2141.c
Created Sep 4, 2014
Kernel Stack Leak: CVE-2013-2141
View CVE-2013-2141.c
#include <stdio.h>
#include <signal.h>
#include <string.h>
/*
CVE-2013-2141
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f
*/
void * kernel_stack_address = NULL;
@Fuzion24
Fuzion24 / keybase.md
Created Jul 18, 2014
I don't think I like keybase =)
View keybase.md

Keybase proof

I hereby claim:

  • I am fuzion24 on github.
  • I am fuzion24 (https://keybase.io/fuzion24) on keybase.
  • I have a public key whose fingerprint is DCA7 93D3 BA47 EE72 0733 7426 464A 7A0A A335 84D8

To claim this, I am signing this object:

@Fuzion24
Fuzion24 / Install.md
Last active Aug 29, 2015
A simple file server to serve up an APK
View Install.md
wget https://gist.githubusercontent.com/Fuzion24/6dd7552a1c594911416f/raw/server.rb
wget https://s3.amazonaws.com/uploads.hipchat.com/35420/441986/5xRGtuTBdBnuisN/twitter.apk
gem install sinatra --no-rdoc
ruby server.rb ./twitter.apk
You can’t perform that action at this time.