XMPPwocky

#include <stdio.h>
#include <string.h>

void main() {
	const char *code = (const char *)main;
	int oldcount = -1;
	while (1) {
		int count = 0;
		const char *temp = code;
		while (temp) {

XMPPwocky

import angr, claripy, simuvex

b = angr.project.Project("binari", load_options={"auto_load_libs": False})
s = b.factory.blank_state(addr=0x401300)

positions = [] # item positions
for i in range(10):
    posl = [claripy.BVS("POSY"+str(i), 32), claripy.BVS("POSX"+str(i),32)]
    s.mem[0x6042c0+(0x18*i)].dword = posl[0].reversed
    s.mem[0x6042c4+(0x18*i)].dword = posl[1].reversed

XMPPwocky

import angr, claripy, simuvex

b = angr.project.Project("binari", load_options={"auto_load_libs": False})
s = b.factory.blank_state(addr=0x401300)

positions = [] # item positions
for i in range(10):
    posl = [claripy.BVS("POSY"+str(i), 32), claripy.BVS("POSX"+str(i),32)]
    s.mem[0x6042c0+(0x18*i)].dword = posl[0].reversed
    s.mem[0x6042c4+(0x18*i)].dword = posl[1].reversed

XMPPwocky

# coding: utf-8
import angr,claripy,simuvex;

b = angr.project.Project("binaro")
s = b.factory.blank_state(addr=0x400dfd)

length = claripy.BVS("strlen", 64) # how long the string is; doesn't matter really
stri = claripy.BVS("str", 8*40) # the actual string

s.regs.rdi = 0x1000 # argument

XMPPwocky

import java.io.*;
import java.nio.file.Path;
import java.nio.file.Paths;

abstract class OSFile implements Serializable {
  String file = "";
  abstract String getFileName();
}

class WindowsFile extends OSFile  {

XMPPwocky

# coding: utf-8

import angr, claripy, simuvex
s=b.factory.blank_state(addr=0x401300)
b=angr.project.Project("binari")
p=b.factory.path(s);pg=b.factory.path_group(p, immutable=Tru
e)
p=b.factory.path(s);pg=b.factory.path_group(p, immutable=True)
p=b.factory.path(s);pg=b.factory.path_group(p, immutable=True)
s=b.factory.blank_state(addr=0x401300)

XMPPwocky

import dpkt, socket, struct, binascii, sys, time, random

if len(sys.argv) < 2:
    print "Usage: poc.py pcapfile"
    print "PCAP file must contain only the UDP packets of a Steam connection."
    sys.exit(1)

capture = dpkt.pcap.Reader(open(sys.argv[1]))
cap_messages_out = [] 
cap_messages_in = []

XMPPwocky

Keybase proof

I hereby claim:

• I am xmppwocky on github.
• I am xmppwocky (https://keybase.io/xmppwocky) on keybase.
• I have a public key ASAJmqEolo4SEPD0LngKRKMxU0lZSn6MnnrPwUqqXHCvEgo

To claim this, I am signing this object:

XMPPwocky

  fn main() {
println!("hello world");
  }

XMPPwocky

fn main() {
  println!("hello world");
}