Skip to content

Instantly share code, notes, and snippets.

Brendan Dolan-Gavitt moyix

Block or report user

Report or block moyix

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View make_testcases_onefile.sh
#!/bin/bash
for f in "$@"; do
objdump -d /bin/ls | grep -Eo '\$0x[0-9a-f]+' | cut -c 2- | sort -u | python -c 'import sys, struct; print("\n".join("\""+struct.pack("<I" if len(l) <= 11 else "<Q", int(l,0)).encode("string_escape")+"\"" for l in sys.stdin.readlines()))'
strings "${f}" | python -c 'import sys; print("\n".join("\""+line.strip().encode("string_escape")+"\"" for line in sys.stdin.readlines()))'
done
View plotframes.py
#!/usr/bin/env python
from itertools import cycle
import matplotlib.pyplot as plt
import squarify
import gzip
import sys
colormap = {}
allinsns = eval(open(sys.argv[1]).read())
View gdbcmds.txt
shell sleep 5
set logging file UUID.gdb.log
set logging on
target remote localhost:9999
file /nas/brendan/syzkaller_recordings/kernels/UUID/vmlinux
break panic
commands 1
break __delay
c
end
@moyix
moyix / aigen.php
Last active Feb 27, 2019
PHP code generated by GPT-2
View aigen.php
<?php
require ' vendor/autoload.php ' ;
/**
* Handles an HTTP request that contains information for registering/unregistering
* a FNA application.
@moyix
moyix / parse_dmesg.py
Created Feb 13, 2019
Small parser using Construct for the Linux kernel log buffer
View parse_dmesg.py
#!/usr/bin/env python
from datetime import timedelta
import sys
from construct import *
Message = Aligned(4, Struct(
"ts_nsec" / Int64ul,
"length" / Int16ul,
"text_len" / Int16ul,
@moyix
moyix / top10_syzkaller_patches.txt
Created Jan 8, 2019
Linux kernel commits that fixed the largest number of Syzkaller-reported crashes
View top10_syzkaller_patches.txt
# commit message
44 99ba2b5aba24e022683a7db63204f9e306fe7ab9 bpf: sockhash, disallow bpf_tcp_close and update in parallel
15 1d88ba1ebb2763aa86172cd7ca05dedbeccc0d35 sctp: not allow transport timeout value less than HZ/5 for hb_timer
15 bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1 bpf, array: fix overflow in max_entries and undefined behavior in index_mask
10 66e58e0ef80a56a1d7857b6ce121141563cdd93e bpfilter: fix race in pipe access
9 3619dec5103dd999a777e3e4ea08c8f40a6ddc57 dh key: fix rounding up KDF output length
8 8e04944f0ea8b838399049bdcda920ab36ae3b04 mm,vmscan: Allow preallocating memory for register_shrinker().
8 d76c68109f37cb85b243a1cf0f40313afd2bae68 crypto: pcrypt - fix freeing pcrypt instances
8 58990d1ff3f7896ee341030e9a7c2e4002570683 bpf: reject passing modified ctx to helper functions
7 b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba packet: in packet_snd start writing at link layer allocation
View in_asm.txt
0xc11e3626 3239982630: add esp,0x8
0xc11e3629 3239982633: pop ebx
0xc11e362a 3239982634: ret
@moyix
moyix / klee_output.txt
Last active Jul 30, 2018
Simple example where KLEE can miss a bug (due to floating point)
View klee_output.txt
klee@e7588606c9e8:~$ klee --allow-external-sym-calls --libc=uclibc --posix-runtime ./toy_156.bc --sym-files 1 88 A
KLEE: NOTE: Using klee-uclibc : /home/klee/klee_build/klee/Release+Debug+Asserts/lib/klee-uclibc.bca
KLEE: NOTE: Using POSIX model: /home/klee/klee_build/klee/Release+Debug+Asserts/lib/libkleeRuntimePOSIX.bca
KLEE: output directory is "/home/klee/./klee-out-1"
KLEE: Using STP solver backend
KLEE: WARNING ONCE: calling external: syscall(16, 0, 21505, 61828272) at /home/klee/klee_src/runtime/POSIX/fd.c:980
KLEE: WARNING ONCE: calling __user_main with extra arguments.
KLEE: WARNING ONCE: Alignment of memory from call "malloc" is not modelled. Using alignment of 8.
KLEE: WARNING ONCE: ioctl: (TCGETS) symbolic file, incomplete model
KLEE: WARNING ONCE: calling external: printf(61699472, (ReadLSB w32 12 A-data)) at [no debug info]
View facedata.b64
FpzbgAQYgAS_sZsyMDJdtTmzUyx3OM4tG7MyrNY2tSJfs-Wxei4JN_OtxbWirTKdvTDmNCEurTSKLqiyEjPxshk19jpVL9y2kan5tHcylDAgtbE2hy1SMs0nmrYas4KymDLLN_UpTjUTs_46BKwUtwE4Fy1INj4m1qj1Lpio-zKjNvmtp7inMTm3bjjrr-y4PbCRN5A2AzcsN1O0CznbrSYuXCyotDEyFi0ttKgpvqxVMn0wDDcZuDmwc7MfrXazAKhoMPG3EjYfOP-ha7GrLxc4GS7ht3WsnDE4M9Qv9bNUrRmhZC3hsDA06qyXqt2udjYlsTA1HTlDuQy4IzcHqJSp9LRtMOE4szUvNsuzN7ClNCIzz6DSthO4Ha6gt1c3RDj-KOowxbeurDy2M7ZiLNesjLneL6kfdLQQuSWvhrLHKaE41TRLNDOlmDKJMFixNLYjtUqzmrJGNrKuxTOGtxu4HiBNL0Uz0SnNOeYyyDA9NnS4Tza3qBG63TOvK06zaDMrOBs36rSWOBm1C7Mnsfg2LTbAGbEd5jXmNCaoUbVNKSKpDTSENLGzpq3dMCAw6y_Ys1w0FjRrNIk5LzObtg60dLNLMW2zvrOqrMie5jL_MnC0ubiMqwAu-TAStiIiGTQoOHCxcaAuMYKtb7b6MHAyMKyCJ9-zOiygOKOyCrRTtl25hTU8Mx3AGqBSF0AKxOigAAAAF0AJH6UgAAAAFz_6X20gAAAAFVYVpxEdwB67MB0-6r04Gf0UQIpXXECGpIZAes_IQHD-W0BqEKdAZ9U_QF3iLUBbqRNAWMSVQFYnRUBUHlFAUIU6QE4nMUBKzfhASP0pQDqtqEAydv9ALDRrQCbHxEAV0441AAjIAQdkZjMtZjE2AA
View noptest.c
#include <stdio.h>
#include <string.h>
#include <sys/mman.h>
int main(int argc, char **argv) {
unsigned char bytes[] = {
0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0x90, // rep*14 nop
0xc3 // ret
};
unsigned char *code = (unsigned char *) mmap(NULL, 0x1000, PROT_READ|PROT_WRITE|PROT_EXEC,
You can’t perform that action at this time.