Skip to content

Instantly share code, notes, and snippets.

View kohnakagawa's full-sized avatar
🌴
On vacation

tsunekoh kohnakagawa

🌴
On vacation
111 followers · 17 following
View GitHub Profile
@kohnakagawa
kohnakagawa / XPR_pirrit_132.yara
Created May 2, 2024 12:56
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule macos_pirrit_install_flash
{
@kohnakagawa
kohnakagawa / arm64_bit_instruction_test.c
Created December 15, 2021 04:53
ARM64 の ubfx 命令の挙動をテストするためのプログラム
#include <stdio.h>
#include <stdint.h>
__attribute__((noinline))
uint64_t ubfx(uint64_t src) {
uint64_t ret = 0x5555555555555555;
asm volatile ("ubfx %0, %1, #4, #24"
: "=r"(ret)
: "r"(src));
return ret;
@kohnakagawa
kohnakagawa / windbgworkspace.reg
Created September 23, 2021 02:39
My WinDbg Workspace
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windbg\Workspaces]
"Default"=hex:57,44,57,53,01,00,00,00,33,00,00,00,68,00,5c,00,f3,ff,ff,ff,00,\
00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,03,02,01,31,43,00,\
6f,00,6e,00,73,00,6f,00,6c,00,61,00,73,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,10,00,04,00,19,\
19,19,00,00,00,00,00,01,00,02,00,10,00,04,00,cf,ce,9a,00,00,00,00,00,02,00,\
02,00,10,00,04,00,6f,6d,7e,00,00,00,00,00,03,00,02,00,10,00,04,00,cf,ce,9a,\
@kohnakagawa
kohnakagawa / HeapLayoutChecker.cpp
Last active September 1, 2021 14:05
Inspired by this blog post (https://www.rapid7.com/blog/post/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/)
#include <iostream>
#include <Windows.h>
#include <vector>
#include <algorithm>
class OffsetTracker
{
std::vector<int> offsets;
public:
@kohnakagawa
kohnakagawa / patch_2020_2021.diff
Last active June 1, 2021 07:30
diff --git a/src/PE/Binary.cpp b/src/PE/Binary.cpp
index 0884c625..34e881bf 100644
--- a/src/PE/Binary.cpp
+++ b/src/PE/Binary.cpp
@@ -1,5 +1,5 @@
-/* Copyright 2017 R. Thomas
- * Copyright 2017 Quarkslab
+/* Copyright 2017 - 2021 R. Thomas
+ * Copyright 2017 - 2021 Quarkslab
*
@kohnakagawa
kohnakagawa / execve.s
Created May 15, 2021 11:18
M1 Mac execve.s
.global _main
.p2align 4
_main:
adr x0, shell
mov x1, 0
mov x2, 0
mov x16,#0x3b
svc #0x80
ret
@kohnakagawa
kohnakagawa / get_pc.c
Last active February 3, 2022 09:03
null-free get_pc example
#include <Windows.h>
#include <stdio.h>
int main() {
int a;
__asm {
fldz;
fstenv ss : [esp - 0xc];
pop eax;
mov a, eax;
@kohnakagawa
kohnakagawa / check_cet_supported.c
Created March 27, 2021 07:53
Checks whether your cpu supports Intel CET or not (Linux).
#include <stdio.h>
#include <cpuid.h>
#include <stdint.h>
int cpu_supports_cet_shadow_stack() {
uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
__cpuid_count(7, 0, eax, ebx, ecx, edx);
return (ecx & (1 << 7)) != 0;
}
@kohnakagawa
kohnakagawa / openssl_pkcs7_sample.c
Created August 1, 2020 03:06
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include "openssl/err.h"
#include "openssl/objects.h"
#include "openssl/evp.h"
#include "openssl/x509.h"
#include "openssl/pkcs7.h"
#include "openssl/pem.h"
@kohnakagawa
kohnakagawa / README.md
Created July 1, 2020 12:27

RISC-V instructions used in real-world binaries

  • target: 856 binaries in /bin
name frequency (%) cumulative (%)
ld 14.101200487156945 14.101200487156945
mv 10.010240605850349 24.111441093007294
addi 9.590532965163105 33.7019740581704
sd 8.400851481380371 42.10282553955077