oasisfeng

package com.oasisfeng.security.masterkeypatch;

import java.lang.reflect.Field;
import java.util.LinkedHashMap;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
import java.util.zip.ZipFile;

import android.util.Log;
import de.robv.android.xposed.IXposedHookLoadPackage;

blackmart.markdown

Hello reddit. Today, I'm going to be reverse engineering the Blackmart app. In case you don't know, Blackmart is an alternative Android app store which allows you to download paid apps for free.

###Redirecting and capturing the traffic### First of all, I will need to redirect the traffic of my tablet to my computer so I can use Wireshark to look at the data. To do this, I use LANS.py. It is a small python script which allows you to do MITM attacks.

LANS.py also shows you the URLs of the pages used by an app. It really helps with reverse-engineering APIs.

After redirecting the traffic to my computer and starting Wireshark, I run the Blackmart app, look at the recent apps section, do 2 searches for terraria and chronometer and download a chronometer app.

After doing these, I stop the capture, save it and start looking at the data.

CTurt

/*
	PoC for FreeBSD kernel integer overflow in nfssvc system call
	Refer to bug report here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206626
	
	System call only accessible as root.
	
	Running this test will panic affected versions of FreeBSD.
	
	clang nfssvc.c -o n
	su

winocm

/*
 * Shadowmapping, a way of bypassing iOS 'kernel page bits protection'. 
 * (ARM32 only for now obviously.)
 *
 * Also a very nice and easy way of copying data in and out of kernel memory
 * by breaking the barrier entirely. Thank you TTBCR and split TTBR0/TTBR1!<3
 *
 * Control flow goes like this if you have a write anywhere exploit:
 *
 *  - Find location of kernel_pmap (dereference to get kernel_pmap_store.)

tarcieri

require 'openssl'

# Don't use this
module Encryption
  def self.cipher(mode)
    cipher = OpenSSL::Cipher::Cipher.new("aes-256-ecb")
    cipher.send mode
    cipher.key = "ABANDON ALL HOPE YE WHO USE ECB!"
    cipher.padding = 0
    cipher

dooglus

// g++ UniversalTimer.o BinaryData.o FileDataPtr.o BtcUtils.o BlockObj.o BlockUtils.o libcryptopp.a -o bootstrap.out -Icryptopp -DUSE_CRYPTOPP -D__STDC_LIMIT_MACROS -lpthread bootstrap.cpp

#include "BlockUtils.h"

int main(void)
{
	string btcdir("/home/chris/.bitcoin");
	string bootstrap(btcdir + "/" + "bootstrap.dat");
	BlockDataManager_FileRefs::GetInstance().SelectNetwork("Main");
	BlockDataManager_FileRefs & bdm = BlockDataManager_FileRefs::GetInstance(); 

fi01

//Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <pthread.h>
#include <sys/mman.h>
#include <sys/syscall.h>
#include <linux/futex.h>

xerub

#  Fix clang function prologues
#  WARNING: this WILL patch bytes in the database
#
#  Copyright (c) 2015 xerub
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#

bazad

#! /bin/bash
#
# git-xnu.sh
# Brandon Azad
#
# A script to download Apple's XNU kernel source code and create a git
# repository.
#

XNU_DIR="xnu"

smealum

import sys
import wave
import struct

# bit0 is a single period sine wave at 1024Hz with a given amplitude
# bit1 is the same but with ~2.7 times the amplitude
bits = [[0x00, 0x09, 0x12, 0x1A, 0x21, 0x27, 0x2C, 0x2F, 0x30, 0x2F, 0x2C, 0x27, 0x21, 0x1A, 0x12, 0x09, 0x00, 0xF6, 0xED, 0xE5, 0xDE, 0xD8, 0xD3, 0xD0, 0xD0, 0xD0, 0xD3, 0xD8, 0xDE, 0xE5, 0xED, 0xF6], [0x00, 0x18, 0x30, 0x46, 0x59, 0x69, 0x75, 0x7C, 0x7F, 0x7C, 0x75, 0x69, 0x59, 0x46, 0x30, 0x18, 0x00, 0xE7, 0xCF, 0xB9, 0xA6, 0x96, 0x8A, 0x83, 0x81, 0x83, 0x8A, 0x96, 0xA6, 0xB9, 0xCF, 0xE7]]
bits[0] = [b^0x80 for b in bits[0]]
bits[1] = [b^0x80 for b in bits[1]]
bits[0] = struct.pack('%sB' % len(bits[0]), *bits[0])