Skip to content

Instantly share code, notes, and snippets.

View darkarnium's full-sized avatar
💭
🔥

Peter darkarnium

💭
🔥
137 followers · 7 following
View GitHub Profile
@darkarnium
darkarnium / ida-next-unknown.py
Last active September 21, 2021 18:59
IDA - Bind a hotkey to find the next address marked as Unknown (F3)
import idaapi
def find_next_unknown():
'''
Attempts to find the next unknown section from the cursor. This will only
look a maximum of 0xFFFF bytes into the future to prevent infinite loops.
'''
s_addr = ScreenEA()
@darkarnium
darkarnium / arm-ldr-string-patchup.py
Last active December 20, 2019 11:40
IDA - Attempt to patch-up any missing data references to ARM LDR pseudo-instructions where a known string is referenced.
import idautils
# Define the addresses to 'scan' for literal pools.
rom_scan_start = 0x8000000
rom_scan_end = 0x807FFFF
ldr_addrs = dict()
def get_ldr_psudo_instructions(s_addr, e_addr):
@darkarnium
darkarnium / arm-literal-pool-hammer.py
Created December 15, 2019 14:33
IDA - Attempt to locate literal pools, and mark subsequent sections as code
#
# NOTE: Before running, please ensure to set the minimal string length to 2
# characters. This can be done by right-clicking any white space in the
# IDA Strings window, selecting 'Setup', entering '2' into the 'Minimal
# string length' field, and clicking 'OK'.
#
import time
import idautils
@darkarnium
darkarnium / example.yar
Last active November 7, 2019 15:17
rule MyExample {
strings:
$a = /EXAMPLE[A-Z]{10}/ ascii wide nocase
$b = /EXAMPLE[A-Z]{5}KNOWN/ ascii wide nocase
condition:
for any i in (1..#a) : ( @a[i] != @b[i] )
// for any i in (1..#a) : ( @a[i] == @a[i] )
// any of them
}
@darkarnium
darkarnium / FT2232H.cfg
Last active December 24, 2019 22:21
OpenOCD - Fetch SRAM and process for OTA URLs
#
# FTDI MiniModule
#
# http://www.ftdichip.com/Support/Documents/DataSheets/Modules/DS_FT2232H_Mini_Module.pdf
#
interface ftdi
ftdi_device_desc "FT2232H MiniModule"
ftdi_vid_pid 0x0403 0x6010
transport select swd
@darkarnium
darkarnium / proxy.py
Created May 12, 2019 01:21
MySQL Proxy for OOO
import sys
import struct
import pprint
from pwn import *
import requests
def _pcap_hdr():
pcap_hdr_s = bytearray([
0xd4, 0xc3, 0xb2, 0xa1, # Magic_number.
@darkarnium
darkarnium / payload-pcap.py
Created May 11, 2019 21:25
Build a PCAP for a Payload
import sys
import struct
def _pcap_hdr():
pcap_hdr_s = bytearray([
0xd4, 0xc3, 0xb2, 0xa1, # Magic_number.
0x02, 0x00, # Major version number.
0x04, 0x00, # Minor version number.
0x00, 0x00, 0x00, 0x00, # GMT to local correction.
@darkarnium
darkarnium / FT2232HSWD.py
Last active April 18, 2020 01:28
Provides a very basic FT2232H SWD implementation
''' Provides a very basic (read: shitty) FT2232H SWD implementation. '''
import time
import logging
import binascii
from struct import pack
from struct import unpack
from operator import xor
from pyftdi.gpio import GpioController
@darkarnium
darkarnium / .bash_profile
Last active April 29, 2022 11:41
Bash setup
export PS1='\[\033[38;5;7m\][\[\]\[\033[38;5;2m\]\u\[\]\[\033[38;5;7m\]::\[\]\[\033[38;5;2m\]\h\[\]\[\033[38;5;7m\] \[\]\[\033[38;5;33m\]\W\[\]\[\033[38;5;7m\]][\[\]\[\033[38;5;202m\]$?\[\]\[\033[38;5;7m\]]\$ \[\]'
export HISTSIZE=
export HISTFILESIZE=
export HISTTIMEFORMAT="%y-%m-%d %T :: "
export PROMPT_COMMAND="history -a; $PROMPT_COMMAND"
export PYTHONSTARTUP=$HOME/.pythonrc.py
@darkarnium
darkarnium / Build.md
Created June 27, 2018 23:21
MIPS BE - Qemu Debug Build (Meraki)

Platform.

Assumes Ubuntu 14.04.

Install dependencies.

sudo apt-get update -y
sudo apt-get -y install git-core build-essential libssl-dev \
  libncurses5-dev unzip gawk zlib1g-dev gettext openjdk-8-jdk \
  mercurial libtest-xml-simple-perl python2.7 \
  subversion libxml-parser-perl qemu-system-mips bridge-utils