Skip to content

Instantly share code, notes, and snippets.

Wladimir J. van der Laan laanwj

  • The Netherlands
Block or report user

Report or block laanwj

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@laanwj
laanwj / 99-aithra-serial.rules
Last active Oct 9, 2019
udev rules example for lots of serial devices (put in /etc/udev/rules.d)
View 99-aithra-serial.rules
# serial devices
# get attributes using: udevadm info -a -n /dev/ttyUSBn
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Flyswatter2", ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="serial/flyswatter-jtag"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Flyswatter2", ENV{ID_USB_INTERFACE_NUM}=="01", SYMLINK+="serial/flyswatter-tty"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Dual RS232-HS", ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="serial/unleashed-jtag"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Dual RS232-HS", ENV{ID_USB_INTERFACE_NUM}=="01", SYMLINK+="serial/unleashed-tty"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", ATTRS{product}=="Quad RS232-HS", ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="serial/zodiac-jtag0"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", ATTRS{product}=="Quad RS232-HS", ENV{ID_USB_IN
View gist:dcc0f30d52fdeeed57689e1edf6cc7f5
udp://tracker.openbittorrent.com:80
udp://tracker.opentrackr.org:1337
udp://tracker.coppersurfer.tk:6969
udp://tracker.leechers-paradise.org:6969
udp://zer0day.ch:1337
udp://explodie.org:6969
@laanwj
laanwj / gitian.md
Last active Jun 28, 2019
gitian buildling on debian 9.5
View gitian.md

Some changes are needed to build on debian because of the switch of the guest OS to bionic.

lxc that comes with debian is not high enough version to support bionic (the minimum is 2.1.1), so need to build from scratch.

debootstrap that comes with debian will give the following error:

    $ bin/make-base-vm --lxc --suite bionic --arch amd64                                                                                              
    E: No such script: /usr/share/debootstrap/scripts/bionic
@laanwj
laanwj / alphanumeric.md
Last active Jun 27, 2019
Alphanumeric instructions on RISC-V
View alphanumeric.md

Alphanumeric shellcode on RISC-V

Although common on x86, it was initially believed that it was not possible to make alphanumeric shellcode for ARM. Later it turned out it was.

Similar to that, I wondered if it was possible to make alphanumeric shell-code for RISC-V.

(Basic shellcode in RISC-V Linux provides a good introduction to shellcode for RISC-V, including how to avoid NUL bytes.)

First, I enumerated all the possible instructions that could be formed from these characters with a little Rust program and generated some statistics.

@laanwj
laanwj / run.gdbscript
Last active Jun 12, 2019
Start bitcoind in a screen in a debugger
View run.gdbscript
set disable-randomization off
set $_exitcode = -999
set height 0
handle SIGTERM nostop print pass
handle SIGPIPE nostop
define hook-stop
if $_exitcode != -999
quit
else
shell echo | mail -s "NOTICE: app has stopped on unhandled signal" root
@laanwj
laanwj / decrypt.py
Last active Jun 6, 2019
Decrypt router configuration
View decrypt.py
#!/usr/bin/env python3
# W.J. van der Laan 2017, distributed under MIT license
import binascii
import base64
import json
import os, sys
from Crypto import Random
from Crypto.Cipher import AES
KEY = binascii.a2b_hex(b'fffffbffeffffbfffbbfffbfdbfff7ffffffffffffffdfffff7fffffbfffffff')
View BLATSTING.txt
Wladimir van der Laan 2016. This document is in the public domain.
BLATSTING reverse-engineering notes. Based on files from the EQGRP free dump,
more specifically in Firewall/BLATSTING/BLATSTING_201381/LP/lpconfig.
In https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html,
BLATSTING is described as "A firewall software implant that is used with EGREGIOUSBLUNDER
(Fortigate) and ELIGIBLEBACHELOR (TOPSEC)".
If true, it's interesting how this implant can target both vendors. Presumably they both use the same Linux
You can’t perform that action at this time.