Skip to content

Instantly share code, notes, and snippets.

View RKX1209's full-sized avatar

Ren Kimura RKX1209

327 followers · 24 following
View GitHub Profile
@RKX1209
RKX1209 / Ricerca.png
Last active February 20, 2020 04:08
Ricerca Security, Inc. logo
Ricerca.png
@RKX1209
RKX1209 / fuzz_template.json
Created February 11, 2020 07:23
Fuzzing Firm (python3 fuzzing.py fuzz_template.json)
{
"PROJECT": "afl",
"ROOT": ".",
"FUZZER": "$ROOT/afl/afl-fuzz",
"SCHEDULE": "",
"PREPROCESS": "",
"BINARY": "imginfo",
"BINVERSION": "19",
"BINOPT": "-f @@",
"BINPATH": "$ROOT/dataset/apps/$BINARY",
@RKX1209
RKX1209 / tiny_fuzzer.py
Last active May 4, 2020 08:11
python3 ./tiny_fuzzer.py -i <initial seed>
#!/usr/bin/python3
import argparse
import HTMLParser
import io
import os
import re
import shutil
import string
import subprocess
@RKX1209
RKX1209 / generate_dictionary.py
Created February 11, 2020 04:48
./generate_dictionary.py --fuzzer <binary executable> --out ./out.dict
#!/usr/bin/python2
#
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Generate a dictionary for libFuzzer or AFL-based fuzzer.
Invoked manually using a fuzzer binary and target format/protocol specification.
Works better for text formats or protocols. For binary ones may be useless.
"""
@RKX1209
RKX1209 / MyCVEs.md
Last active December 12, 2019 08:25
CVE list that I found. One day, I'm gonna become a Pokemon Master.

Misc

CVE ID Software Description
CVE-2019-14247 mpg321 Heap OOB Write
CVE-2019-14248 nasm NULL ptr dereference
CVE-2019-14249 libdwarf Divide by Zero
CVE-2019-14250 nm-new Heap OOB Read
CVE-2019-16161 Onigmo NULL ptr dereference
CVE-2019-16162 Onigmo Heap OOB Read
CVE-2019-16163 Oniguruma Stack Exhaution
@RKX1209
RKX1209 / bff.patch
Last active March 28, 2019 04:57
CERT BFF 2.8 patch
diff --git a/bff-2.8/batch.sh b/bff-2.8/batch.sh
index a7fb5ef22a..6c0af417df 100755
--- a/bff-2.8/batch.sh
+++ b/bff-2.8/batch.sh
@@ -66,7 +66,8 @@ contains() {
scriptlocation=`echo "$(cd "$(dirname "$0")"; pwd)/"`
echo Script location: $scriptlocation/bff.py
platform=`uname -a`
-PINURL=https://software.intel.com/sites/landingpage/pintool/downloads/pin-3.0-76991-gcc-linux.tar.gz
+#PINURL=https://software.intel.com/sites/landingpage/pintool/downloads/pin-3.0-76991-gcc-linux.tar.gz
@RKX1209
RKX1209 / js_sandbox.patch
Created January 13, 2019 02:40
js_sandbox, pwn666 (PlaidCTF 2016)
diff --git a/build/toolchain.gypi b/build/toolchain.gypi
index 9f4cedc478..b93c5c4962 100644
--- a/build/toolchain.gypi
+++ b/build/toolchain.gypi
@@ -158,6 +158,11 @@
}],
],
'target_defaults': {
+ 'cflags': [
+ '-fPIC',
@RKX1209
RKX1209 / input-tracer.py
Last active February 18, 2022 08:01
Different path tracer
import networkx
import angr
import tracer
import sys
import os
import logging
import pickle
import argparse
from collections import Counter
@RKX1209
RKX1209 / lava-m-file.diff
Last active November 27, 2018 05:56
LAVA for 32bit /usr/bin/file source code
diff --git a/src/apprentice.c b/src/apprentice.c
index 47b4c87..fe04a17 100644
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -282,7 +282,7 @@ static const struct type_tbl_s special_tbl[] = {
# undef XX_NULL
private int
-get_type(const struct type_tbl_s *tbl, const char *l, const char **t)
+get_type(int *data_flow, const struct type_tbl_s *tbl, const char *l, const char **t)
@RKX1209
RKX1209 / emucorn.patch
Last active March 10, 2018 22:12
Unicorn ARM64 tracer patch, for debugging your own emulator (HEAD: Mephisto 6092782cc0e64f34aaa4eab623e7a8c518d1abc2)
diff --git a/Cpu.cpp b/Cpu.cpp
index 61c2aa7..64c9b8f 100644
--- a/Cpu.cpp
+++ b/Cpu.cpp
@@ -1,4 +1,5 @@
#include "Ctu.h"
+#define ARM64_REG_X(r) UC_ARM64_REG_X ## r
void intrHook(uc_engine *uc, uint32_t intNo, void *user_data) {
((Cpu *) user_data)->interruptHook(intNo);