Tolya Korniltsev korniltsev

## idapython_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                korniltsev
                / idapython_cheatsheet.md
            
            
              Created
              October 2, 2022 05:52
                — forked from icecr4ck/idapython_cheatsheet.md
            
              
                Cheatsheet for IDAPython
              
          
    IDAPython cheatsheet

Important links


Porting IDAPython plugins to IDA 7.4
Hex-Rays IDAPython official documentation

Basic commands

Get informations on the binary


## nemty_str_decoder.py
import base64
from Crypto.Cipher import ARC4

def str_decrypt(enc_data):
    key = 'fuckav\x00'
    cipher = ARC4.new(key)
    try:
       enc_data = base64.b64decode(enc_data)
    except:
        return enc_data

## stacktrace.cxx
/*
 * Copyright (c) 2009-2017, Farooq Mela
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright

## qemu-2.7.0-aslr_heap_pie_nx_wxorx_mmap.patch
diff -Naur qemu-2.7.0.orig/cpu-exec.c qemu-2.7.0/cpu-exec.c
--- qemu-2.7.0.orig/cpu-exec.c	2016-09-02 17:34:17.000000000 +0200
+++ qemu-2.7.0/cpu-exec.c	2017-01-19 09:34:00.817088525 +0100
@@ -33,6 +33,9 @@
 #include "hw/i386/apic.h"
 #endif
 #include "sysemu/replay.h"
+#include "syscall_defs.h"
+
+extern int do_nx;

## _.md

      
              2 files
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                korniltsev
                / _.md
            
            
              Created
              January 13, 2020 07:24
                — forked from Jinmo/_.md
            
              
                C/C++ header to IDA
              
          
    Usage

In IDAPython,
execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])


## listdevices
#!/bin/bash

for id in $(idevice_id -l); do
	ideviceinfo_data=$(ideviceinfo -u $id)

	product_type=$(echo "$ideviceinfo_data" | grep ProductType | sed 's/ProductType: //g')

	# strip 'iPhone' or 'iPad' and the comma from the product type
	short_product_type=$(echo "$product_type" | sed 's/iPhone//g; s/iPad//g; s/,//g' )

## unflower_cms.py
from elftools.elf.constants import P_FLAGS
from elftools.elf.elffile import ELFFile
from unicorn import Uc, UC_ARCH_ARM, UC_MODE_LITTLE_ENDIAN, UC_HOOK_CODE, UC_PROT_READ, UC_PROT_WRITE, UC_PROT_EXEC
from unicorn.arm_const import *
from capstone import Cs, CS_ARCH_ARM, CS_MODE_THUMB, CsInsn
from keystone import Ks, KS_MODE_THUMB, KS_ARCH_ARM

# 找到.text节

filename = "./libcms.so"

## scapy_bridge.py
#!/usr/bin/python2

"""
    Use scapy to modify packets going through your machine.
    Based on nfqueue to block packets in the kernel and pass them to scapy for validation
"""

import nfqueue
from scapy.all import *
import os

## qemu-networking.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                korniltsev
                / qemu-networking.md
            
            
              Created
              August 6, 2019 22:37
                — forked from extremecoders-re/qemu-networking.md
            
              
                Setting up Qemu with a tap interface
              
          
    Setting up Qemu with a tap interface

There are two parts to networking within QEMU:

The virtual network device that is provided to the guest (e.g. a PCI network card).
The network backend that interacts with the emulated NIC (e.g. puts packets onto the host's network).

Example: User mode network


## OkApy.py
import requests
import json
import urllib
import gzip
import cStringIO

urllib.quote_plus = urllib.quote


class Request:
	import base64
	from Crypto.Cipher import ARC4

	def str_decrypt(enc_data):
	key = 'fuckav\x00'
	cipher = ARC4.new(key)
	try:
	enc_data = base64.b64decode(enc_data)
	except:
	return enc_data
	/*
	* Copyright (c) 2009-2017, Farooq Mela
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are met:
	*
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	diff -Naur qemu-2.7.0.orig/cpu-exec.c qemu-2.7.0/cpu-exec.c
	--- qemu-2.7.0.orig/cpu-exec.c 2016-09-02 17:34:17.000000000 +0200
	+++ qemu-2.7.0/cpu-exec.c 2017-01-19 09:34:00.817088525 +0100
	@@ -33,6 +33,9 @@
	#include "hw/i386/apic.h"
	#endif
	#include "sysemu/replay.h"
	+#include "syscall_defs.h"
	+
	+extern int do_nx;
	#!/bin/bash

	for id in $(idevice_id -l); do
	ideviceinfo_data=$(ideviceinfo -u $id)

	product_type=$(echo "$ideviceinfo_data" \| grep ProductType \| sed 's/ProductType: //g')

	# strip 'iPhone' or 'iPad' and the comma from the product type
	short_product_type=$(echo "$product_type" \| sed 's/iPhone//g; s/iPad//g; s/,//g' )
	from elftools.elf.constants import P_FLAGS
	from elftools.elf.elffile import ELFFile
	from unicorn import Uc, UC_ARCH_ARM, UC_MODE_LITTLE_ENDIAN, UC_HOOK_CODE, UC_PROT_READ, UC_PROT_WRITE, UC_PROT_EXEC
	from unicorn.arm_const import *
	from capstone import Cs, CS_ARCH_ARM, CS_MODE_THUMB, CsInsn
	from keystone import Ks, KS_MODE_THUMB, KS_ARCH_ARM

	# 找到.text节

	filename = "./libcms.so"
	#!/usr/bin/python2

	"""
	Use scapy to modify packets going through your machine.
	Based on nfqueue to block packets in the kernel and pass them to scapy for validation
	"""

	import nfqueue
	from scapy.all import *
	import os
	import requests
	import json
	import urllib
	import gzip
	import cStringIO

	urllib.quote_plus = urllib.quote


	class Request: