Skip to content

Instantly share code, notes, and snippets.

View danzek's full-sized avatar
🎵
Listening to meowzek

Dan danzek

🎵
Listening to meowzek
93 followers · 229 following
View GitHub Profile
@danzek
danzek / directcopy.cpp
Created April 13, 2017 21:27
Direct Copy
/* only works on NTFS: does not work for resident files (files within the $MFT)
* from http://www.rohitab.com/discuss/topic/24252-ntfs-directcopy-method-from-napalm/
* retrieved on April 13, 2017
* posted by user Napalm (http://www.rohitab.com/discuss/user/3860-napalm/) 09 April 2007 - 03:13 AM
DirectCopy v2.0 - by Napalm @ NetCore2K
------------------------------------
Please try and read and understand this source code. You will learn something.
Sector = 512 Bytes of disk space
@danzek
danzek / ewf_ext_helper.py
Last active January 2, 2018 21:40
EWF Extensions Helper
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Expert Witness Format (EWF) Extension Helper
Provides generator methods that provide the next expected file extension for EWF and EWF 2 file formats. For instance:
* E01
* E02
@danzek
danzek / reformat_encase_internet.py
Last active January 2, 2018 21:41
#!/usr/bin/python -tt
# -*- coding: utf-8 -*-
"""
Given the starting line number from the html output (and optional ending line number), parses Internet history
artifacts from a default EnCase 7 HTML report into a nicer looking table. Be sure to customize fields and field widths
as needed.
Copyright 2015, Dan O'Day (d@4n68r.com)
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
@danzek
danzek / bruteforcegesture.py
Last active October 17, 2022 18:22
Prototype code for brute forcing Android gesture.key files
#!/usr/bin/env python
"""Cracks a gesture.key file (Android pattern lock), reverse-engineers the Android method of creating an unsalted SHA1
hash value from the 3-9 digit pattern code (each digit consisting of 9 possible values: 0-8).
Note that Android > v2.33 requires minimum of four values, but three makes this work for old ones too.
The original Android source code for pattern locks:
/*
@danzek
danzek / pdtime.py
Last active January 2, 2018 21:43
Parse Droid Time - Utility to parse Android Unix timestamps in CSV files
#!/usr/bin/python
#
# pdtime = parse Droid time - Utility to parse Android Unix timestamps in csv files
#
# Given a csv file or list of csv files containing Android timestamps, create a "parsed" directory and
# output new csv files with timestamps parsed in human-readable format, with no timezone adjustments.
# Android timestamps should be stored in UTC/GMT, and are parsed as such.
#
# Sample timestamp: 1311341729264, Android has three extra numbers than regular UNIX timestamps, because
# it stores UNIX epoch in milliseconds. It must be divided by 1000 to make it a normal UNIX timestamp.
@danzek
danzek / mapGPSv1.py
Last active January 25, 2024 22:38
X-Ways Python X-Tension: Plot EXIF location data in a KML file
# Extracts GPS coordinates from images in X-Ways Forensic software and creates a KML file plotting
# the location data that can be opened in Google Earth.
#
# Using public code for extracting GPS EXIF data from https://gist.github.com/moshekaplan/5330395
# based on original code at https://gist.github.com/erans/983821 using PIL 1.1.7 library
#
# Copyright (c) 2013 Dan O'Day. All rights reserved. https://code.google.com/p/digital0day/
# This software distributed under the Eclipse Public License 1.0 (EPL-1.0)
# http://www.opensource.org/licenses/EPL-1.0
#
@danzek
danzek / keybase.md
Created August 9, 2014 18:44

Keybase proof

I hereby claim:

  • I am danzek on github.
  • I am digital0day (https://keybase.io/digital0day) on keybase.
  • I have a public key whose fingerprint is ED5F 14F3 C51F 9CC9 0C57 809B 3FC9 7A65 5B4A 6C98

To claim this, I am signing this object: