Skip to content

Instantly share code, notes, and snippets.

Eric Monti emonti

Block or report user

Report or block emonti

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@emonti
emonti / extract_lockdownd_services.rb
Created Oct 23, 2015
extract_lockdownd_services.rb
View extract_lockdownd_services.rb
#!/usr/bin/env ruby
fname = ARGV.shift
fname || exit!
offset = nil
size = nil
`otool -l \"#{fname}\" |grep -A11 ^Section`.split(/^--$/).each do |sect_txt|
lines = sect_txt.lines.map(&:chomp)
@emonti
emonti / its_a_bash_thing.txt
Last active Aug 29, 2015
It's a bash thing
View its_a_bash_thing.txt
~ export x="() { :;}; echo vulnerable"
~ bash -c "echo hi"
vulnerable
hi
~ sh -c "echo hi"
vulnerable
hi
~ /bin/sh --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
@emonti
emonti / keybase.md
Created Jun 13, 2014
Keybase Proof
View keybase.md

Keybase proof

I hereby claim:

  • I am emonti on github.
  • I am emonti (https://keybase.io/emonti) on keybase.
  • I have a public key whose fingerprint is 9281 C1DF F521 9F9C 2C8F 1608 CB1A 656F B6F8 E778

To claim this, I am signing this object:

@emonti
emonti / extract_e7_datas.rb
Created Jan 10, 2014
quick/dirty tool to extract embeded gzip files out of the evasi0n7 jailbreak binary -- requires otool so probably OSX
View extract_e7_datas.rb
#!/usr/bin/env ruby
fname = ARGV.shift
fname || exit!
sections = `otool -l \"#{fname}\" |grep -A11 ^Section`.split(/^--$/).map do |sect_txt|
lines = sect_txt.lines.map(&:chomp)
Hash[ lines.map{|ln| ln.strip.split(' ', 2) } ]
end.select{|sect| sect["segname"] == "__DATA" and sect["sectname"] =~ /^data_\d+$/ }
@emonti
emonti / make_xpwn_dylib.sh
Created Jan 10, 2014
quick/dirty build a dynamic lib from xpwn - eric monti WARNING: this was for something really specific -- YMMV... drop this in your top-level directory where you checked out planetbeing/xpwn and cross your fingers ;)
View make_xpwn_dylib.sh
#!/bin/bash
# quick/dirty build a dynamic lib from xpwn - eric monti
# WARNING: this was for something really specific -- YMMV...
# drop this in your top-level directory where you checked out planetbeing/xpwn and cross your fingers ;)
cmake -f CMakeLists.txt
make || exit 1
rm -rf ./sharedlib
mkdir -p ./sharedlib/lib
@emonti
emonti / llvm_disassembler.rb
Last active Oct 13, 2015
Multi-arch bytecode disassembler using libLLVM
View llvm_disassembler.rb
#!/usr/bin/env ruby
# author eric monti ~ nov 20, 2012
# license: DWTFYW
require 'rubygems'
require 'ffi'
class LLVMDisassembler
module C
extend FFI::Library
ffi_lib ['LLVM', 'LLVM-3.2svn', 'LLVM-3.1', 'LLVM-3.0']
@emonti
emonti / 1dgrid.c
Created Sep 28, 2012
1d grid example for malic
View 1dgrid.c
#include <stdio.h>
int main()
{
// Notice, there are no brackets around the rows this time.
// This is a 1-dimensional array. Even though it looks 2d in
// the code, it's one long list to the computer.
//
// Using a 1-dimensional array, we can still treat the data
// inside of it as a grid in our code, though.
@emonti
emonti / 2dgrid.c
Created Sep 28, 2012
2d grid example for malic
View 2dgrid.c
#include <stdio.h>
#define ROWS 10
#define COLUMNS 7
// This is a 2-dimensional array.
// It makes accessing the values of a
// bitmap easy by using x/y references.
int grid[ROWS][COLUMNS] = {
{0,0,0,0,0,0,0}, // 7 columns across
@emonti
emonti / dyldcache.c
Created Mar 8, 2012
dyldcache.c dyld_shared_cache dumper
View dyldcache.c
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <sys/stat.h>
@emonti
emonti / dyld_shared_cache.bt
Created Mar 8, 2012
dyld_shared_cache.bt 010 Editor Binary template
View dyld_shared_cache.bt
//--------------------------------------
//--- 010 Editor v3.2.2 Binary Template
//
// File: dyld_shared_cache.bt
// Author: Eric Monti
// Revision: 0.0.1
// Purpose: Parses Mac/iOS dyld_shared_cache format
//--------------------------------------
You can’t perform that action at this time.