Skip to content

Instantly share code, notes, and snippets.

Wack0 / getduid.cs
Last active Apr 6, 2020
clipc!GetOfflineDeviceUniqueID PoC.
View getduid.cs
using System;
using System.Runtime.InteropServices;
ODUID_UEFI_DEV_LOCK_UNLOCK, // there is no code for this in clipsvc.dll, given the enum name, this could be Windows Phone only?
ODUID_XBOX_CONSOLE_ID, // this should never be seen, with xbox one a different function is called to get the console ID
Wack0 / peb.c
Created Dec 31, 2017
Getting a pointer to the PEB in C, for every architecture that NT was ported to (where at least one build of the port was leaked/released)
View peb.c
// Gets a pointer to the PEB for x86, x64, ARM, ARM64, IA64, Alpha AXP, MIPS, and PowerPC.
// This relies on MS-compiler intrinsics.
// It has only been tested on x86/x64/ARMv7.
inline PEB* NtCurrentPeb() {
#ifdef _M_X64
return (PEB*)(__readgsqword(0x60));
#elif _M_IX86
return (PEB*)(__readfsdword(0x30));
Wack0 / cex_crypto.cs
Created May 23, 2017
Compaq/HP Recovery Media (c. late 1990s-early 2000s) .CEX File Decryptor
View cex_crypto.cs
Compaq/HP Recovery Media (c. late 1990s-early 2000s) .CEX File Decryptor
another rrrring of lightningggg production by slipstream/RoL!
Yesterday I received in the post some Compaq recovery media I ordered from Yahoo! Auctions Japan to dump.
Having done that, I took a closer look at the disc images.
The recovery media came in two CDs: a boot CD ("COMPAQ Restore CD"), and an OS CD ("Compaq CD for Microsoft Windows
NT Workstation 4.0 Operating System").
Wack0 / mastostats.php
Last active Apr 19, 2017
CLI Mastodon network stats script. Uses Updates every 60 seconds.
View mastostats.php
// This class adapted from:
class Colors {
private static $foreground_colors = array(
Wack0 /
Created Apr 5, 2017
missingno.sav Game Boy reversing challenge (TheZZAZZ April Fools challenge 2017) writeup

missingno.sav Game Boy reversing challenge writeup


On March 31st 2017, TheZZAZZGlitch released his April Fools 2017 event.
The event being a crafted save file for Pokémon Blue, it being a small game where you need to use memory patching or debugging techniques to beat it.

After you beat the game, a password is generated which allowed you to submit your score to the event website.
The best score (naturally, that score is 31337) can only be obtained by either patching the key-generation routine ("crackme"), or making your own keygen ("keygenme").
I, personally, did the latter.

Wack0 / blob10_pass.php
Created Jan 20, 2017
Blobby 10 password generation algorithm
View blob10_pass.php
// Blobby 10 zip-password generation algorithm.
foreach ($argv as $zip) {
$p = '[';
$firstchar = ord($zip[0]);
$whitelisted_zips = array(
Wack0 / SbpParse.cs
Created Jan 13, 2017
Secure Boot Policy parser
View SbpParse.cs
using System;
using System.IO;
using LipingShare.LCLib.Asn1Processor;
using System.Runtime.InteropServices;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
namespace SbpParse {
View gist:25a155e9f7ecef46da180b55b7e87931

Setup: App: Unpacked + partially-deobfuscated:

Deobfuscated taskscheduler .xml string:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="">
Wack0 / nit2016.asm
Created Nov 29, 2016
NIT2016? Very similar to the 2013 payload...
View nit2016.asm
; Input MD5 : 614D07EF7777CFF5CFDF741587A097DA
; Input CRC32 : B326AB6B
; ---------------------------------------------------------------------------
; File Name : C:\Users\raylee\nit - Copy.bin
; Format : Binary file
; Base Address: 0000h Range: 0000h - 02FCh Loaded length: 02FCh
Wack0 / upwned247.php
Last active Jun 14, 2021
UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision/others IoT webcams : remote code exec: reverse shell PoC. (works only in qemu usermode)
View upwned247.php
Updated version, 2016-12-02: fixed shellcode so it *actually* works on QEMU
usermode emulation (seems I pushed an old version), and removed debug output.
If anyone wants to fix this, go ahead (no pun intended).
However, I don't have a vulnerable product and am unwilling to acquire one.