Skip to content

Instantly share code, notes, and snippets.

View Fuzion24's full-sized avatar
🏠
Working from home

Ryan Welton Fuzion24

🏠
Working from home
View GitHub Profile
[ 0.000000] Linux version 4.5.0-rc2+ (fuzion24@bitbox) (gcc version 6.0.0 20160221 (experimental) (GCC) ) #4 SMP Mon Feb 22 14:12:37 EST 2016
[ 0.000000] Command line: root=/dev/sda
[ 0.000000] x86/fpu: Legacy x87 FPU detected.
[ 0.000000] x86/fpu: Using 'lazy' FPU context switches.
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fffdfff] usable
[ 0.000000] BIOS-e820: [mem 0x000000007fffe000-0x000000007fffffff] reserved
LOAD:FE82CDA8                 DCD aTzbsp_pil_init     ; "tzbsp_pil_init_image_ns"
LOAD:FE82CDAC                 DCD 0x3D
LOAD:FE82CDB0                 DCD tzbsp_pil_init_image_ns+1
LOAD:FE82CDB4                 DCD 2
LOAD:FE82CDB8                 DCD 4
LOAD:FE82CDBC                 DCD 4
LOAD:FE82CDC0                 DCD 0x805
LOAD:FE82CDC4                 DCD aTzbsp_pil_auth     ; "tzbsp_pil_auth_reset_ns"
LOAD:FE82CDC8                 DCD 0x3D
bitbox ➜ aosp find . -type f -name "*.java" -print0 | xargs -0 -r grep -E --files-with-matches --null -- "(public|private) native" | xargs -0 -r grep -E --files-with-matches -- "implements (Serializable|Parcelable)"
./frameworks/ml/bordeaux/learning/stochastic_linear_ranker/java/android/bordeaux/learning/StochasticLinearRanker.java
./frameworks/base/media/java/android/media/MediaPlayer.java
./frameworks/base/graphics/java/android/graphics/Region.java
./frameworks/base/core/java/android/view/InputChannel.java
./frameworks/base/core/java/android/hardware/camera2/impl/CameraMetadataNative.java
./external/chromium_org/chrome/android/java/src/org/chromium/chrome/browser/ChromeBrowserProvider.java
./libcore/libart/src/main/java/java/lang/String.java
./libcore/libart/src/main/java/java/lang/Class.java
@Fuzion24
Fuzion24 / Patching-CVE-2015-1474.md
Last active September 25, 2015 01:21
Patching CVE-2015-1474 -- Remotely exploitable graphics buffer overflow on my Nexus device (N5 5.0.1)

This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).

Building patched libui for your nexus device

repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16

cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
#! /bin/sh
#Opens Chrome canary (or Chromium or w/e CHROME_PATH points to) in igcognito mode.
#Uses very popular user agent
#Sets Tor as the socks proxy
CHROME_PATH="/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary"
tor &> /dev/null & \
@Fuzion24
Fuzion24 / -
Created November 17, 2014 22:53
/* CVE-2014-0196 DOS PoC [Written May 5th, 2014]
* by DigitalCold <digitalcold0@gmail.com>
*
* Note: this crashes my i686 Gentoo system running 3.12.14
* and an old Backtrack 5r3 running 3.2.6. Any advice on how to gain
* code exec would be greatly appreciated.
*
* Usage: gcc -O2 -o pty pty.c -lutil && ./pty
*
* CVE: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0196.html

Android 5.0

I/chromium( 6890): [INFO:CONSOLE(37)] "AddJavascriptInterface: top[Android]: com.WebAppInterface@3847a08c - 
error: Access to java.lang.Object.getClass is blocked", source: http://[REDACTED].com/ (37)

For applications targeting Android >= 5.0, you can enumerate the methods available from inside javascript. "Enumeration of methods will be enabled for applications targeting API levels newer than KitKat (to preserve compatibility with older apps)."

@Fuzion24
Fuzion24 / CVE-2013-2141.c
Created September 4, 2014 03:25
Kernel Stack Leak: CVE-2013-2141
#include <stdio.h>
#include <signal.h>
#include <string.h>
/*
CVE-2013-2141
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f
*/
void * kernel_stack_address = NULL;
@Fuzion24
Fuzion24 / keybase.md
Created July 18, 2014 20:09
I don't think I like keybase =)

Keybase proof

I hereby claim:

  • I am fuzion24 on github.
  • I am fuzion24 (https://keybase.io/fuzion24) on keybase.
  • I have a public key whose fingerprint is DCA7 93D3 BA47 EE72 0733 7426 464A 7A0A A335 84D8

To claim this, I am signing this object:

@Fuzion24
Fuzion24 / Install.md
Last active July 7, 2023 00:07
A simple file server to serve up an APK
wget https://gist.githubusercontent.com/Fuzion24/6dd7552a1c594911416f/raw/server.rb
wget https://s3.amazonaws.com/uploads.hipchat.com/35420/441986/5xRGtuTBdBnuisN/twitter.apk
gem install sinatra --no-rdoc
ruby server.rb ./twitter.apk