Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Ryan Welton Fuzion24

🏠
Working from home
View GitHub Profile
@Fuzion24
Fuzion24 / AndroidManifest.xml
Created May 6, 2012
Code that will install and remove apks from an Android device without user interaction
View AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.packagemanager.poc"
android:versionCode="1"
android:versionName="1.0" >
<uses-sdk android:minSdkVersion="8" />
<uses-permission android:name="android.permission.INSTALL_PACKAGES" />
<uses-permission android:name="android.permission.DELETE_PACKAGES" />
@Fuzion24
Fuzion24 / Description
Created May 6, 2012
Android Reversing - Showing an uber basic conditional patch
View Description
Running apktool d APKNAME.apk will result in output that can be modified and later repackaged and ran.
isRegistered() is hardcoded to return false.
Changing
const/4 v0, 0x0
to
const/4 v0, 0x1
will cause isRegistered to ALWAYS return true. Thus always telling the application that it is registered.
View sock_diag.c
/*
* CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8
*
* Ported by fuzion24
*
* Tested on Nexus 4
* cshell@mako:/ $ cat /proc/version
* Linux version 3.4.0-perf-gf43c3d9 (android-build@vpbs1.mtv.corp.google.com) (gcc version 4.6.x-google 20120106 (prerelease) (GCC) ) #1 SMP PREEMPT Mon Jun 17 16:55:05 PDT 2013
* shell@mako:/data/local/tmp $ ./diag_sock_exploit
* Sock diag handlers c11d8048
View chrome_tor.sh
#! /bin/sh
#Opens Chrome canary (or Chromium or w/e CHROME_PATH points to) in igcognito mode.
#Uses very popular user agent
#Sets Tor as the socks proxy
CHROME_PATH="/Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary"
tor &> /dev/null & \
@Fuzion24
Fuzion24 / Readme.md
Last active Oct 11, 2017
O-LLVM + Kryptonite Obfuscation with Android NDK
View Readme.md

O-LLVM + Overclok's Kryptonite Obfuscation with Android NDK.

@Fuzion24
Fuzion24 / RootChecker.java
Last active May 27, 2016
A few different mechanisms to check for root on an Android device
View RootChecker.java
package com.test.rootchecker;
import java.io.File;
import java.util.List;
import java.util.Map;
import android.content.Context;
import android.content.pm.ApplicationInfo;
public class RootChecker {
View kasan_results
[ 0.000000] Linux version 4.5.0-rc2+ (fuzion24@bitbox) (gcc version 6.0.0 20160221 (experimental) (GCC) ) #4 SMP Mon Feb 22 14:12:37 EST 2016
[ 0.000000] Command line: root=/dev/sda
[ 0.000000] x86/fpu: Legacy x87 FPU detected.
[ 0.000000] x86/fpu: Using 'lazy' FPU context switches.
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fffdfff] usable
[ 0.000000] BIOS-e820: [mem 0x000000007fffe000-0x000000007fffffff] reserved
View -
/* CVE-2014-0196 DOS PoC [Written May 5th, 2014]
* by DigitalCold <digitalcold0@gmail.com>
*
* Note: this crashes my i686 Gentoo system running 3.12.14
* and an old Backtrack 5r3 running 3.2.6. Any advice on how to gain
* code exec would be greatly appreciated.
*
* Usage: gcc -O2 -o pty pty.c -lutil && ./pty
*
* CVE: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0196.html
View all_tz_functions.md
LOAD:FE82CDA8                 DCD aTzbsp_pil_init     ; "tzbsp_pil_init_image_ns"
LOAD:FE82CDAC                 DCD 0x3D
LOAD:FE82CDB0                 DCD tzbsp_pil_init_image_ns+1
LOAD:FE82CDB4                 DCD 2
LOAD:FE82CDB8                 DCD 4
LOAD:FE82CDBC                 DCD 4
LOAD:FE82CDC0                 DCD 0x805
LOAD:FE82CDC4                 DCD aTzbsp_pil_auth     ; "tzbsp_pil_auth_reset_ns"
LOAD:FE82CDC8 DCD 0x3D