Skip to content

Instantly share code, notes, and snippets.

@emonti
emonti / extract_lockdownd_services.rb
Created Oct 23, 2015
extract_lockdownd_services.rb
View extract_lockdownd_services.rb
#!/usr/bin/env ruby
fname = ARGV.shift
fname || exit!
offset = nil
size = nil
`otool -l \"#{fname}\" |grep -A11 ^Section`.split(/^--$/).each do |sect_txt|
lines = sect_txt.lines.map(&:chomp)
@emonti
emonti / its_a_bash_thing.txt
Last active Aug 29, 2015
It's a bash thing
View its_a_bash_thing.txt
~ export x="() { :;}; echo vulnerable"
~ bash -c "echo hi"
vulnerable
hi
~ sh -c "echo hi"
vulnerable
hi
~ /bin/sh --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
@emonti
emonti / keybase.md
Created Jun 13, 2014
Keybase Proof
View keybase.md

Keybase proof

I hereby claim:

  • I am emonti on github.
  • I am emonti (https://keybase.io/emonti) on keybase.
  • I have a public key whose fingerprint is 9281 C1DF F521 9F9C 2C8F 1608 CB1A 656F B6F8 E778

To claim this, I am signing this object:

@emonti
emonti / extract_e7_datas.rb
Created Jan 10, 2014
quick/dirty tool to extract embeded gzip files out of the evasi0n7 jailbreak binary -- requires otool so probably OSX
View extract_e7_datas.rb
#!/usr/bin/env ruby
fname = ARGV.shift
fname || exit!
sections = `otool -l \"#{fname}\" |grep -A11 ^Section`.split(/^--$/).map do |sect_txt|
lines = sect_txt.lines.map(&:chomp)
Hash[ lines.map{|ln| ln.strip.split(' ', 2) } ]
end.select{|sect| sect["segname"] == "__DATA" and sect["sectname"] =~ /^data_\d+$/ }
@emonti
emonti / make_xpwn_dylib.sh
Created Jan 10, 2014
quick/dirty build a dynamic lib from xpwn - eric monti WARNING: this was for something really specific -- YMMV... drop this in your top-level directory where you checked out planetbeing/xpwn and cross your fingers ;)
View make_xpwn_dylib.sh
#!/bin/bash
# quick/dirty build a dynamic lib from xpwn - eric monti
# WARNING: this was for something really specific -- YMMV...
# drop this in your top-level directory where you checked out planetbeing/xpwn and cross your fingers ;)
cmake -f CMakeLists.txt
make || exit 1
rm -rf ./sharedlib
mkdir -p ./sharedlib/lib
@emonti
emonti / llvm_disassembler.rb
Last active Oct 13, 2015
Multi-arch bytecode disassembler using libLLVM
View llvm_disassembler.rb
#!/usr/bin/env ruby
# author eric monti ~ nov 20, 2012
# license: DWTFYW
require 'rubygems'
require 'ffi'
class LLVMDisassembler
module C
extend FFI::Library
ffi_lib ['LLVM', 'LLVM-3.2svn', 'LLVM-3.1', 'LLVM-3.0']
@emonti
emonti / 1dgrid.c
Created Sep 28, 2012
1d grid example for malic
View 1dgrid.c
#include <stdio.h>
int main()
{
// Notice, there are no brackets around the rows this time.
// This is a 1-dimensional array. Even though it looks 2d in
// the code, it's one long list to the computer.
//
// Using a 1-dimensional array, we can still treat the data
// inside of it as a grid in our code, though.
@emonti
emonti / 2dgrid.c
Created Sep 28, 2012
2d grid example for malic
View 2dgrid.c
#include <stdio.h>
#define ROWS 10
#define COLUMNS 7
// This is a 2-dimensional array.
// It makes accessing the values of a
// bitmap easy by using x/y references.
int grid[ROWS][COLUMNS] = {
{0,0,0,0,0,0,0}, // 7 columns across
@emonti
emonti / dyldcache.c
Created Mar 8, 2012
dyldcache.c dyld_shared_cache dumper
View dyldcache.c
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <sys/stat.h>
@emonti
emonti / dyld_shared_cache.bt
Created Mar 8, 2012
dyld_shared_cache.bt 010 Editor Binary template
View dyld_shared_cache.bt
//--------------------------------------
//--- 010 Editor v3.2.2 Binary Template
//
// File: dyld_shared_cache.bt
// Author: Eric Monti
// Revision: 0.0.1
// Purpose: Parses Mac/iOS dyld_shared_cache format
//--------------------------------------
You can’t perform that action at this time.