Skip to content

Instantly share code, notes, and snippets.

View kokjo's full-sized avatar

Jonas Rudloff kokjo

100 followers · 7 following
View GitHub Profile
@kokjo
kokjo / sendfd.c
Last active April 16, 2024 10:27
Send a file descriptor over an abstract unix domain socket
// compile with: gcc -static -o sendfd sendfd.c
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <strings.h>
int send_fd(int sock, int fd){
// This function does the arcane magic for sending
// file descriptors over unix domain sockets
struct msghdr msg;
@kokjo
kokjo / recvfd.c
Last active April 14, 2024 06:07
Receive a file descriptor over a abstract unix domain socket.
// compile with gcc -static -o recvfd recvfd.c
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <strings.h>
static int recv_fd(int sock){
// This function does the arcane magic recving
// file descriptors over unix domain sockets
struct msghdr msg;
@kokjo
kokjo / subclass_registration.py
Created March 23, 2020 20:43
class A(type):
def __new__(cls, clsname, bases, attrs):
print cls, clsname, bases, attrs
newclass = super(A, cls).__new__(cls, clsname, bases, attrs)
return newclass
class B(object):
__metaclass__ = A
class C(B): pass
@kokjo
kokjo / crack_seed.c
Created May 1, 2017 12:11
Solution for reeses revenge from Defcon quals 2017
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <pthread.h>
typedef struct {
unsigned int s[32];
unsigned int i;
} ctx_t;
@kokjo
kokjo / doit_gameboy.py
Created April 23, 2017 21:19
Please don't judge!
from pwn import *
def ld_c(num): return [0x0e, num & 0xff]
def ld_a(num): return [0x3e, num & 0xff]
def ld_l(num): return [0x2e, num & 0xff]
def ld_h(num): return [0x26, num & 0xff]
def ld_ff_c_a(): return [0xe2]
def set_iomem(reg, val): return ld_c(reg & 0xff) + ld_a(val) + ld_ff_c_a()
def ld_a_hl_inc(): return [0x2a]
def adc_a_hl(): return [0x8e]
@kokjo
kokjo / demo.c
Created October 10, 2016 12:43
The old demo tool from pwntools.
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv) {
@kokjo
kokjo / generate.py
Created January 2, 2015 22:15
proof-of-concept shellcode permutation generator
from random import sample, choice
def parse(text):
parts = {}
deps = {}
lines = text.strip().split("\n")
for line in lines:
lineid, linedeps, content = line.split(";", 2)
lineid = lineid.strip()
linedeps = map(lambda dep: dep.strip(), linedeps.strip().split(","))
@kokjo
kokjo / gist:b2ffb623feb8fe767ac37ac3e0d39cbe
Created March 29, 2020 16:33
pysvd output
jonas@x250:~/code/pysvd$ python stlink.py
Target voltage 3.19165580183
Target Coreid 0x0
Peripheral 'AES' - 0x400e0000
Register 'CTRL' DECRYPT=1 DATASTART=0 XORSTART=0 BYTEORDER=0
Register 'CMD' START=1 STOP=0
Register 'STATUS' RUNNING=1
Register 'IEN' DONE=1
Register 'IF' DONE=1
Register 'IFS' DONE=1
@kokjo
kokjo / doit-compilterbot-36c3.py
Created December 29, 2019 20:04
from pwn import *
import base64
template = """
%%>
%%:pragma clang diagnostic ignored "-Wunused-local-typedef"
%%:pragma clang diagnostic ignored "-Wunused-variable"
%%:define str(x) %%:x
%%:define hxp str(
@kokjo
kokjo / doit-splitcode-36c3.py
Created December 29, 2019 20:08
#!/usr/bin/env python
from pwn import *
from subprocess import Popen, PIPE
context(arch='amd64', os='linux', terminal=['sakura','-x'])
r = remote("78.46.163.223", 1336)
r.recvuntil('"')
hsh = r.recvuntil('"')[:-1]
r.recvuntil("ends with ")
num = r.recvuntil(' ')