Skip to content

Instantly share code, notes, and snippets.

View extremecoders-re's full-sized avatar
🐶
🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶🐶

extremecoders-re

🐶
🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶 🐶🐶
461 followers · 0 following
View GitHub Profile
@extremecoders-re
extremecoders-re / pintool_build.md
Created February 7, 2016 06:56
Build your own Pin tool from scratch with Visual Studio 2010

###Build your own Pin tool from scratch with Visual Studio 2010 Intel PIN is a Dynamic Binary Instrumentation framework.

Building a pin tool from scratch is quite an intensive process and is not documented elsewhere. The official pin docs advises to use the sample project as a starting template.

Here I am depicting the steps to build a pin tool from a blank visual studio project. This is tested with Visual Studio 2010 and should also work with other versions.

Directory where pin is extracted: C:\pin

Project type : dll

@extremecoders-re
extremecoders-re / Solving ResolveMe TWO.md
Created February 23, 2016 18:50

Solving ResolveMe TWO crackme by deurus

Author: extremecoders
Date: 23-February-2016

The crackme requires microsoft java virtual machine to run and is coded in Visual J++. Now, J++ and Java are very similar with the former being developed by microsoft. Hence we can safely assume, that the crackme was coded in Java.

Preliminary Analysis

Running the crackme, presents us with the screen below.

@extremecoders-re
extremecoders-re / check.asm
Created March 21, 2016 14:33
.text:004010EC ; int __stdcall check(int part1, int part2)
.text:004010EC check proc near ; CODE XREF: DialogFunc+104p
.text:004010EC
.text:004010EC output = byte ptr -21h
.text:004010EC part1 = dword ptr 8
.text:004010EC part2 = dword ptr 0Ch
.text:004010EC
.text:004010EC push ebp
.text:004010ED mov ebp, esp
.text:004010EF add esp, 0FFFFFFDCh
@extremecoders-re
extremecoders-re / z3solver.py
Created March 26, 2016 14:19
from z3 import *
import binascii
import sys
# Calculates the installation id from the entered string
# This function just reverses the order of dwords in each quadword
def getInstallIdFromString(iid_string):
qword1, qword2, qword3, qword4 = iid_string.split('-')
dword1 = list(binascii.unhexlify(qword1))[3::-1]
@extremecoders-re
extremecoders-re / traceoep.py
Created March 31, 2016 09:44
import immlib
imm = immlib.Debugger()
OEP = 0x44F308
def killWatchDogThreads():
global imm
for i in xrange(3):
# Get return address
esp = imm.getRegs()['ESP']
@extremecoders-re
extremecoders-re / rebuildimp.py
Last active April 14, 2018 19:46
import immlib
imm = immlib.Debugger()
jmp_table1 = 0x4011F4
table1_entries = 35
jmp_table2 = 0x401330
table2_entries = 8
@extremecoders-re
extremecoders-re / angrsolver.py
Last active April 14, 2018 19:44
#!/usr/bin/env python
import angr
import simuvex
import binascii
import sys
part1 = None
part2 = None
@extremecoders-re
extremecoders-re / petya.bxrc
Created April 22, 2016 18:01
# configuration file generated by Bochs
plugin_ctrl: unmapped=1, biosdev=1, speaker=1, extfpuirq=1, parallel=1, serial=1, gameport=1
config_interface: win32config
display_library: win32
memory: host=32, guest=32
romimage: file="C:\Program Files\Bochs-2.6/BIOS-bochs-latest"
vgaromimage: file="C:\Program Files\Bochs-2.6/VGABIOS-lgpl-latest"
boot: disk
floppy_bootsig_check: disabled=0
# no floppya
@extremecoders-re
extremecoders-re / borkedsalsa.c
Created April 22, 2016 19:20
typedef unsigned int uint32_t;
typedef unsigned short uint16_t;
typedef unsigned char uint8_t;
static uint16_t rotl(uint16_t value, uint16_t shift)
{
return (value << shift) | (value >> (32 - shift));
}
@extremecoders-re
extremecoders-re / borkedsalsasnip.c
Created April 22, 2016 19:29
static uint16_t rotl(uint16_t value, uint16_t shift)
{
return (value << shift) | (value >> (32 - shift));
}
static void s20_quarterround(uint16_t *y0, uint16_t *y1, uint16_t *y2, uint16_t *y3)
{
*y1 = *y1 ^ rotl(*y0 + *y3, 7);
*y2 = *y2 ^ rotl(*y1 + *y0, 9);