Ga_ryo_ Ga-ryo

## House_of_Roman.md

      
              1 file
            
          
              10 forks
            
          
              0 comments
            
          
              59 stars
            
          
                romanking98
                / House_of_Roman.md
            
            
              Last active
              February 9, 2024 04:21
            
          
    Table of Contents


Disclamair
House Of Roman

------> 2.1 Assumptions

------> 2.2 Protections

------> 2.3 Quick Walkthrough

------> 2.4 Setting the FD to malloc_hook

------> 2.5 Fixing the 0x71 freelist

------> 2.6 Unsorted Bin attack on malloc_hook


## exploit.js
////////////////////////////////////////////////////////////////////////////
//
// The vulnerability was that the following line of code could change the type of the
// underlying Array from JavascriptNativeIntArray to JavascriptArray:
//
//  spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE;
//
// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed
// was removed. If the aItem then is not a JavascriptArray, the following code path is taken:
//     else

## ghe-revealer.rb
#!/usr/bin/sudo ruby

#
# revealer.rb -- Deobfuscate GHE .rb files.
#
# This is simple:
# Every obfuscated file in the GHE VM contains the following code:
#
# > require "ruby_concealer.so"
# > __ruby_concealer__ "..."

## jscore.md

      
              1 file
            
          
              4 forks
            
          
              3 comments
            
          
              24 stars
            
          
                mheiber
                / jscore.md
            
            
              Last active
              January 31, 2024 17:42
            
              
                Using JavaScriptCore in a Production iOS app
              
          
    OUTDATED


JavaScriptCore is a built-in iOS library that enables you to use JavaScript in apps alongside Objective-C and Swift. It lets developers read JavaScript from a string, execute it from Objective-C or Swift, and share data structures and functions across languages. We JavaScriptCore to share code between Web and iOS.

  
## spectrum.py
#!/usr/bin/env python
# encoding: utf-8

import sys
import os
import atexit
import time

import numpy as np
import pyaudio
	////////////////////////////////////////////////////////////////////////////
	//
	// The vulnerability was that the following line of code could change the type of the
	// underlying Array from JavascriptNativeIntArray to JavascriptArray:
	//
	// spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE;
	//
	// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed
	// was removed. If the aItem then is not a JavascriptArray, the following code path is taken:
	// else
	#!/usr/bin/sudo ruby

	#
	# revealer.rb -- Deobfuscate GHE .rb files.
	#
	# This is simple:
	# Every obfuscated file in the GHE VM contains the following code:
	#
	# > require "ruby_concealer.so"
	# > __ruby_concealer__ "..."
	#!/usr/bin/env python
	# encoding: utf-8

	import sys
	import os
	import atexit
	import time

	import numpy as np
	import pyaudio