Skip to content

Instantly share code, notes, and snippets.

😘

Wang Han aviraxp

😘
Block or report user

Report or block aviraxp

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:3c3a933a084e55c4be4158c010dcce19
case MSG_GESTURE_MOTION_DOWN: {
int k = 0;
while (k < ViewRootImpl.this.mBackupEventList.size()) {
try {
boolean ishandled = ViewRootImpl.this.mView.dispatchPointerEvent(
(MotionEvent) ViewRootImpl.this.mBackupEventList.get(k));
k++;
} catch (NullPointerException e) {
Log.e(ViewRootImpl.TAG, "mView does not exist, discard points. " + e);
break;
View gist:f8f7eea43dafaada16e041fde48f7a68
LSL X16, X19, #6
ADD X27, X23, #dword_B6BE8@PAGEOFF
SUB X17, X16, X19,LSL#3
ADD X18, X27, X17
LDR X0, [X18,#0x10]
CBZ X0, loc_4F7FC
BL .free
View gist:ad7370977cb2dd266143073099c1a9d0
LSL X16, X19, #6
ADD X27, X23, #dword_B6BE8@PAGEOFF
SUB X17, X16, X19,LSL#3
ADD X18, X27, X17
NOP
NOP
NOP
View gist:ae9de8dc927fe506b84493f245b5a531
.text:0000648A LDR R1, [SP,#0x38+ptr]
.text:0000648C MOVS R5, #2
.text:0000648E LDR.W R0, [R6,#0x1D4]
.text:00006492 BLX mct_list_remove
.text:00006496 STR.W R0, [R6,#0x1D4]
.text:0000649A LDR R0, [SP,#0x38+ptr]
.text:0000649C BLX j_isp_parser_thread_join
.text:000064A0 LDR R0, [SP,#0x38+ptr]
.text:000064A2 BLX j_isp_trigger_thread_join
.text:000064A6 LDR R0, [SP,#0x38+ptr]
View gist:2d26b9b4fb525c027a5baa79a9e808f9
.text:0000648A LDR R1, [SP,#0x38+ptr]
.text:0000648C MOVS R5, #2
.text:0000648E LDR.W R0, [R6,#0x1D4]
.text:00006492 BLX mct_list_remove
.text:00006496 STR.W R0, [R6,#0x1D4]
.text:0000649A LDR R0, [SP,#0x38+ptr]
.text:0000649C BLX j_isp_parser_thread_join
.text:000064A0 LDR R0, [SP,#0x38+ptr]
.text:000064A2 BLX j_isp_trigger_thread_join
.text:000064A6 LDR R0, [SP,#0x38+ptr]
View gist:3c9a98f7761440d0d369e40379174bea
<6>[ 23.576563] PM: noirq resume of devices complete after 1.064 msecs
<6>[ 23.578032] last active wakeup source: 800f000.qcom,spmi:qcom,pmi8998@2:qpnp,fg
<6>[ 23.578695] PM: early resume of devices complete after 0.683 msecs
<6>[ 23.579085] CPU4: update max cpu_capacity 816
<6>[ 23.584133] CPU3: update max cpu_capacity 1024
<6>[ 23.595941] PM: resume of devices complete after 17.241 msecs
<6>[ 23.596774] Restarting tasks ... done.
<6>[ 23.625721] PM: suspend exit 2018-05-29 06:19:12.102992243 UTC
<6>[ 23.725866] PM: suspend entry 2018-05-29 06:19:12.203132186 UTC
<6>[ 23.755710] Freezing user space processes ... (elapsed 0.003 seconds) done.
View gist:f97885fb81215dc006825092e647f04c
====1519734976.728230
Oops#1 Part1
<6>[20180227_20:36:16.602139]@1 wlan: loading driver v4.0.11.144
<6>[20180227_20:36:16.677694]@1 PM: suspend entry 2018-02-27 12:36:16.677657367 UTC
<4>[20180227_20:36:16.704389]@1 Freezing user space processes ... (elapsed 0.026 seconds) done.
<4>[20180227_20:36:16.714233]@1 Freezing remaining freezable tasks ... (elapsed 0.009 seconds) done.
<4>[20180227_20:36:16.714273]@1 Suspending console(s) (use no_console_suspend to debug)
<6>[20180227_20:36:16.720902]@1 R0: wlan: [4845:E :VOS] vos_get_context: Module ID 18 context is Null
<1>[20180227_20:36:16.720978]@1 Unable to handle kernel NULL pointer dereference at virtual address 00000280
<1>[20180227_20:36:16.721006]@1 pgd = 0000000000000000
View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

You can’t perform that action at this time.