Skip to content

Instantly share code, notes, and snippets.

View disconnect3d's full-sized avatar
🎯
deadlocking the reality

Disconnect3d disconnect3d

🎯
deadlocking the reality
487 followers · 78 following
View GitHub Profile
@disconnect3d
disconnect3d / Working GDB on macOS 11.md
Created July 1, 2021 21:02 — forked from mike-myers-tob/Working GDB on macOS 11.md
Steps to get GDB actually working in April 2021 on macOS

Debug with GDB on macOS 11

The big reason to do this is that LLDB has no ability to "follow-fork-mode child", in other words, a multi-process target that doesn't have a single-process mode (or, a bug that only manifests when in multi-process mode) is going to be difficult or impossible to debug, especially if you have to run the target over and over in order to make the bug manifest. If you have a repeatable bug, no big deal, break on the fork from the parent process and attach to the child in a second lldb instance. Otherwise, read on.

Install GDB

Don't make the mistake of thinking you can just brew install gdb. Currently this is version 10.2 and it's mostly broken, with at least two annoying bugs as of April 29th 2021, but the big one is https://sourceware.org/bugzilla/show_bug.cgi?id=24069

$ xcode-select install  # install the XCode command-line tools
@disconnect3d
disconnect3d / subprocess.py
Created June 20, 2021 10:45 — forked from thomasballinger/subprocess.py
Using a pseudo-terminal to interact with interactive Python in a subprocess
from subprocess import Popen, PIPE
import pty
import os
from select import select
import sys
import tty
master, slave = pty.openpty()
p = Popen(['python'], stdin=slave, stdout=PIPE, stderr=PIPE)
pin = os.fdopen(master, 'w')
@disconnect3d
disconnect3d / release-android-debuggable.md
Created September 19, 2020 15:16 — forked from nstarke/release-android-debuggable.md
How to make a Release Android App debuggable

How to make a Release Android App debuggable

Let's say you want to access the application shared preferences in /data/data/com.mypackage.
You could try to run adb shell and then run-as com.mypackage ( or adb shell run-as com.mypackge ls /data/data/com.mypackage/shared_prefs), but on a production release app downloaded from an app store you're most likely to see:

run-as: Package 'com.mypackage' is not debuggable
@disconnect3d
disconnect3d / compiling_asm.md
Created September 5, 2020 18:59 — forked from yellowbyte/compiling_asm.md
how to assemble assembly with NASM assembler to 32-bit or 64-bit ELF binary with or without libc

32-bit ELF binary

how to assemble and link:

nasm -f elf32 -o <filename>.o <filename>.asm
ld -m elf_i386 -o <filename> <filename>.o

template code (hello world):

section .text
global _start
@disconnect3d
disconnect3d / ASLR+vsyscall.rst
Created October 14, 2019 23:00 — forked from kholia/ASLR+vsyscall.rst
Notes on ASLR and vsyscall page

Goals

This documents tries to address some concerns with enabling PIE.

Argument 1

One of the criticism of "Using PIE by default on AMD64" is,

@disconnect3d
disconnect3d / README.md
Created August 21, 2019 17:55 — forked from FrankSpierings/README.md
Linux Container Escapes and Hardening
@disconnect3d
disconnect3d / 300.py
Created January 3, 2018 08:07 — forked from sroettger/300.py
One solution for the 34c3ctf's 300 heap challenge.
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
# The 300 challenge was a heap challenge that allowed you to make allocations of size 0x300.
# You could free allocations and read/write to them even after they got freed.
# The tricky part about the challenge was that you don't control the size and can't for example use the usual fastbin techniques.
# This exploit overwrites the check_action variable so that the libc doesn't abort on errors anymore.
# Afterwards we can get a write-what-where primitive using unsafe unlink.
@disconnect3d
disconnect3d / crypto-coursera.org
Created October 30, 2016 20:21
crypto-notes