Tanguy Dubroca SiD3W4y
SiD3W4y
/ bruteforce_unicorn.py
Created
March 1, 2018 21:14
Bruteforce script solving a fun reversing challenge made by BZHugs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from unicorn import * | |
| from unicorn.x86_const import * | |
| import struct | |
| import sys | |
| MAIN_SYM = 0x580 | |
| PTRACE_SYM = 0x560 | |
| PUTS_SYM = 0x550 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x91E4F6A7,sceKernelLibcClock | |
| 0x27CC57F0,sceKernelLibcTime | |
| 0x71EC4271,sceKernelLibcGettimeofday | |
| 0xBFA98062,sceKernelDcacheInvalidateRange | |
| 0xC8186A58,sceKernelUtilsMd5Digest | |
| 0x9E5C5086,sceKernelUtilsMd5BlockInit | |
| 0x61E1E525,sceKernelUtilsMd5BlockUpdate | |
| 0xB8D24E78,sceKernelUtilsMd5BlockResult | |
| 0x840259F1,sceKernelUtilsSha1Digest | |
| 0xF8FCD5BA,sceKernelUtilsSha1BlockInit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| import string | |
| INSCOUNT_PATH="<path to pintools>/pintools/source/tools/ManualExamples/obj-intel64/inscount0.so" | |
| def inscount(user_data): | |
| # BadVM patched is a patched version removing the sleep calls | |
| p = subprocess.Popen(['pin', '-t', INSCOUNT_PATH, '--', './BadVM_patched'], | |
| stdin=subprocess.PIPE, | |
| stdout=subprocess.PIPE, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static void main(String[] args) { | |
| LinkedListHT ll = new LinkedListHT(); | |
| System.out.println("~~~ Test addHead Method ~~~"); | |
| System.out.println("Size of list should be 0, actually is: "+ll.size()); | |
| System.out.println(); | |
| ll.addHead(44); ll.addHead(222); | |
| ll.addHead(6); ll.addHead(222); | |
| System.out.println("List should be [222, 6, 222, 44].\nActually is: "+ll); | |
| System.out.println(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| def getvals(path): | |
| lines = open(path, "r").readlines() | |
| lst = [] | |
| for line in lines: | |
| line = line.strip() | |
| if len(line) >= 10: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| import sys | |
| def diffing(oldbuff, newbuff, op): | |
| offsets = set() | |
| for i in range(0, min(len(oldbuff), len(newbuff))): | |
| if op(oldbuff[i], newbuff[i]): | |
| offsets.add(i) |
SiD3W4y
/ gmod_api.json
Last active
July 10, 2019 11:32
gmod api function description in json format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "category": "client", | |
| "name": "EFFECT:Render", | |
| "args": [] | |
| }, | |
| { | |
| "category": "client", | |
| "name": "EFFECT:StartTouch", | |
| "args": [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> | |
| #include <stdio.h> | |
| union ARMOperand { | |
| uint8_t reg; | |
| int32_t immediate; | |
| }; | |
| struct ARMInstructionInfo { | |
| uint32_t opcode; |
SiD3W4y
/ trace_function_detection.py
Created
August 9, 2019 10:10
Binary ninja snippet script to add trace based function detection on gba roms (through mgba)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Trace function detection | |
| # | |
| # Binary ninja script for trace based function detection on gba using | |
| # the 'tracing' branch of this fork: https://github.com/SiD3W4y/mgba | |
| path = get_open_filename_input("mgba trace file") | |
| if not path: | |
| show_message_box("Function detection", "Please specify a file") | |
| lines = open(path, "r").readlines() |
SiD3W4y
/ entity_spawn_clean.c
Last active
August 21, 2019 17:14
Entity spawning logic for Zelda a Link to the past
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Function setting the position and id properties during spawn | |
| void entity_spawn(u8* bindata, u8 entity_id) | |
| { | |
| // Globals | |
| const u8* unk_arr_1 = (const u8*)0x8227c73; // ROM ptr | |
| u8* unk_arr_2 = (u8*)0x2006b80; // RAM ptr | |
| u8* entity_class = (u8*)0x30031d2; // Entity class array | |
| u8* unk_arr_4 = (u8*)0x3003322; | |
| u8* entity_low_y_pos = (u8*)0x3003102; // entity_low_y_pos | |
| u8* entity_high_y_pos = (u8*)0x3003122; // entity_high_y_pos |