Skip to content

Instantly share code, notes, and snippets.

Avatar

Brendan Dolan-Gavitt moyix

View GitHub Profile
@moyix
moyix / README.txt
Created Oct 26, 2020
Recover edge information from afl-showmap
View README.txt
If you have a list of edge hashes produced by AFL (e.g. from something like this):
./afl-showmap -o foo.edges -t 500 -q -e -- ./program arg1
Re-run the program using gdb to trace the sequence of block IDs:
./collect_coverage.sh trace.txt ./program arg1
Print edges in the trace:
@moyix
moyix / gist:bd62e8bfe518967eb7e8679403581c57
Created Oct 22, 2020
Hashcat benchmark on 2x 3090 FE
View gist:bd62e8bfe518967eb7e8679403581c57
hashcat (v6.1.1) starting in benchmark mode...
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
View synth.smt2
; Synthesis example:
; specification: x * 9
; template: x << (hb1 ? x : hn1) + (hb2 ? x : hn2)
(declare-const hb1!1 (_ BitVec 64))
(declare-const hb2!3 (_ BitVec 64))
(declare-const hn1!2 (_ BitVec 64))
(declare-const hn2!4 (_ BitVec 64))
(assert
(forall ((x!0 (_ BitVec 64)))
(= (bvmul x!0 #x0000000000000009)
View z3ex.c
// gcc z3ex.c -o z3ex -l z3
#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#include "z3.h"
int main(void) {
Z3_config cfg;
Z3_context ctx;
cfg = Z3_mk_config();
@moyix
moyix / tree.sh
Created Dec 16, 2019
A very silly script to make a Christmas tree with 224 cores in htop
View tree.sh
# Upper
cpulimit -l 1 -- taskset -c 0 ./pct
cpulimit -l 18 -- taskset -c 1 ./pct
cpulimit -l 35 -- taskset -c 2 ./pct
cpulimit -l 52 -- taskset -c 3 ./pct
cpulimit -l 69 -- taskset -c 4 ./pct
cpulimit -l 86 -- taskset -c 5 ./pct
cpulimit -l 103 -- taskset -c 6 ./pct
cpulimit -l 1 -- taskset -c 63 ./pct
View make_testcases_onefile.sh
#!/bin/bash
for f in "$@"; do
objdump -d /bin/ls | grep -Eo '\$0x[0-9a-f]+' | cut -c 2- | sort -u | python -c 'import sys, struct; print("\n".join("\""+struct.pack("<I" if len(l) <= 11 else "<Q", int(l,0)).encode("string_escape")+"\"" for l in sys.stdin.readlines()))'
strings "${f}" | python -c 'import sys; print("\n".join("\""+line.strip().encode("string_escape")+"\"" for line in sys.stdin.readlines()))'
done
View plotframes.py
#!/usr/bin/env python
from itertools import cycle
import matplotlib.pyplot as plt
import squarify
import gzip
import sys
colormap = {}
allinsns = eval(open(sys.argv[1]).read())
View gdbcmds.txt
shell sleep 5
set logging file UUID.gdb.log
set logging on
target remote localhost:9999
file /nas/brendan/syzkaller_recordings/kernels/UUID/vmlinux
break panic
commands 1
break __delay
c
end
@moyix
moyix / aigen.php
Last active Feb 27, 2019
PHP code generated by GPT-2
View aigen.php
<?php
require ' vendor/autoload.php ' ;
/**
* Handles an HTTP request that contains information for registering/unregistering
* a FNA application.
@moyix
moyix / parse_dmesg.py
Created Feb 13, 2019
Small parser using Construct for the Linux kernel log buffer
View parse_dmesg.py
#!/usr/bin/env python
from datetime import timedelta
import sys
from construct import *
Message = Aligned(4, Struct(
"ts_nsec" / Int64ul,
"length" / Int16ul,
"text_len" / Int16ul,
You can’t perform that action at this time.