Andrea Fioraldi andreafioraldi
andreafioraldi
/ calculate_pi.stout
Created
April 27, 2017 17:47
Calculate PI using my own programming language: Stout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Calculate PI using my own programming language: Stout | |
| author = Andrea Fioraldi | |
| copyright = Copyright 2017, Andrea Fioraldi | |
| license = MIT | |
| mail = andreafioraldi@gmail.com | |
| */ | |
| use IO; |
andreafioraldi
/ rpn.stout
Created
July 29, 2017 09:37
An expression solver based on the reverse polish notation written in Stout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| An expression solver based on the reverse polish notation written in Stout. | |
| author = Andrea Fioraldi | |
| copyright = Copyright 2017, Andrea Fioraldi | |
| license = MIT | |
| mail = andreafioraldi@gmail.com | |
| */ | |
| library IO; |
andreafioraldi
/ soocat.sh
Created
November 5, 2017 14:53
— forked from superkojiman/soocat.sh
Quick function to run a binary under socat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add to .bashrc | |
| # You're welcome | |
| function soocat { | |
| socat tcp-l:${2},reuseaddr,fork EXEC:${1} | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" | |
| echo "The script is in the directory $SCRIPTPATH" |
andreafioraldi
/ csaw18_es1337_exploit.html
Created
April 9, 2019 09:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <script> | |
| function print(text) { | |
| if (arguments.length > 1) text = Array.prototype.slice.call(arguments).join(' '); | |
| console.log(text); | |
| var element = document.getElementById('output'); | |
| if (element) { |
andreafioraldi
/ CDemu libmirage buffer overflow detailed issue
Created
August 25, 2019 13:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hi, | |
| I found a critical bug in libmirage 3.2.2, specifically in the CSO filter. | |
| The file content that triggers the bug (PoV) is the following (344 bytes in hex): | |
| 43 49 53 4F 00 00 00 00 FF 00 00 00 00 00 00 FF | |
| FF 00 00 00 00 30 00 00 00 00 00 00 61 61 00 00 | |
| 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A | |
| 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A | |
| 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A |
andreafioraldi
/ CDemu libmirage null ptr deref
Created
August 25, 2019 17:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hi, | |
| I found a Null Pointer Dereference in libmirage 3.2.2, specifically in the NRG parser. | |
| I'm writing you directly here and not in the public bug tracker cause I'm not sure if this is a security issue or not. | |
| The content of the file that triggers the bug is the following (12 bytes in hex): | |
| 02 80 F4 4B 4E 45 52 4F 00 00 00 04 | |
| The issue appears at the memcpy at line 103 (mirage_parser_nrg_build_block_index routine) of images/image-nrg/parser.c: | |
| /* Populate block index */ |
andreafioraldi
/ dmg2img vfdecrypt command injection
Created
August 27, 2019 08:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This: | |
| if (*cmd && *inFile) { | |
| sprintf(cmd, | |
| "strings %s | grep '^[0-9a-fA-F]*$' | awk '{ if (length($1) == 72) print; }'", | |
| inFile); | |
| system(cmd); | |
| exit(0); | |
| } |
andreafioraldi
/ neg_int_feedback.diff
Last active
October 23, 2019 19:05
An example of a domain-specific custom coverage for AFL++ QEMU mode. This patch hooks functions calls and give feedbacks to the fuzzer if an argument of the function (the first 4 are considered in this naive example) is not a pointer and is a negative integer (can be both a 32 bit negative or a 64 bit negative).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c | |
| index d0d44844..d10d51ce 100644 | |
| --- a/accel/tcg/tcg-runtime.c | |
| +++ b/accel/tcg/tcg-runtime.c | |
| @@ -167,3 +167,29 @@ void HELPER(exit_atomic)(CPUArchState *env) | |
| { | |
| cpu_loop_exit_atomic(ENV_GET_CPU(env), GETPC()); | |
| } | |
| + | |
| + |
andreafioraldi
/ neg_syscall_feedback.diff
Last active
October 23, 2019 19:07
An example of a domain-specific custom coverage for AFL++ QEMU mode. This patch provide a feedback for the fuzzer when the return value of a syscall is negative (so an error happened)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c | |
| index 51cfa006..510e4cbf 100644 | |
| --- a/linux-user/i386/cpu_loop.c | |
| +++ b/linux-user/i386/cpu_loop.c | |
| @@ -80,6 +80,8 @@ static void set_idt(int n, unsigned int dpl) | |
| } | |
| #endif | |
| +#include "../patches/afl-qemu-common.h" | |
| + |
OlderNewer