Duncan Ogilvie mrexodia
❤️
mrexodia
/ Decrypted iTunes Library.grammar
Created
December 27, 2014 00:26
Decrypted iTunes Library File Format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <ufwb version="1.9"> | |
| <grammar name="Decrypted iTunes Library" start="id:148" author="Mr. eXoDia" email="mr.exodia.tpodt@gmail.com" fileextension="itl" uti="com.apple.itunes.db"> | |
| <description>Grammar for decrypted iTunes Library files.</description> | |
| <structure name="Defaults" id="149" repeatmin="0" repeatmax="-1" encoding="ISO_8859-1:1987" endian="little" signed="no"/> | |
| <structure name="iTunes Library" id="148" repeatmin="0" repeatmax="-1" extends="id:149" order="variable"> | |
| <structref name="hdfm" id="152" repeatmin="0" repeatmax="-1" structure="id:151"/> | |
| <structref name="msdh" id="154" repeatmin="0" repeatmax="-1" structure="id:153"/> | |
| </structure> | |
| <structure name="hdfm" id="151" length="this.headerLength" repeatmin="0" repeatmax="-1" extends="id:149" endian="big"> |
mrexodia
/ reverseshell.cpp
Last active
November 5, 2023 13:17
Reverse shell winapi c++ windows cmd. Useful for debugging production environments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <winsock2.h> | |
| #include <windows.h> | |
| #include <ws2tcpip.h> | |
| #pragma comment(lib, "Ws2_32.lib") | |
| /* | |
| THIS IS FOR DEBUGGING ONLY, DO NOT RUN THIS CODE IN PRODUCTION UNDER ANY CIRCUMSTANCE! | |
| https://github.com/dev-frog/C-Reverse-Shell/blob/master/re.cpp | |
| https://github.com/tudorthe1ntruder/reverse-shell-poc/blob/master/rs.c | |
| https://eternallybored.org/misc/netcat/ |
mrexodia
/ Encrypted iTunes Library.grammar
Created
December 16, 2014 20:27
Encrypted iTunes Library File Format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <ufwb version="1.9"> | |
| <grammar name="Encrypted iTunes Library" start="id:4" author="Mr. eXoDia" email="mr.exodia.tpodt@gmail.com" fileextension="itl" uti="com.apple.itunes.db"> | |
| <description>Grammar for encrypted iTunes Library files.</description> | |
| <structure name="Defaults" id="5" encoding="ISO_8859-1:1987" endian="little" signed="no"/> | |
| <structure name="iTunes Library" id="4" extends="id:5"> | |
| <structref name="hdfm" id="8" structure="id:7"/> | |
| <binary name="encryptedData" id="9" length="remaining"> | |
| <description>This chunk of data is encrypted using AES/ECB/NoPadding with the key "BHUILuilfghuila3". After decryption, you have to inflate the data using ZLIB. |
mrexodia
/ LowUtilities.cpp
Last active
September 20, 2023 08:09
— forked from D4stiny/LowUtilities.cpp
A dependency-less implementation of GetModuleHandle and GetProcAddress.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // An implementation of GetModuleHandle and GetProcAddress that works with manually mapped modules, forwarded exports, | |
| // without a CRT standard library, and uses no Windows API or dependencies. | |
| // | |
| // Author: Bill Demirkapi | |
| // License: MIT, appended at the bottom of this document if you care about licensing and want to credit me in your own project. | |
| // | |
| #include <Windows.h> | |
| #include <winternl.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Website: https://software.intel.com/content/www/us/en/develop/articles/pin-a-binary-instrumentation-tool-downloads.html | |
| # License: https://software.intel.com/sites/landingpage/pintool/pinlicense.txt | |
| # This snippet: https://gist.github.com/mrexodia/f61fead0108603d04b2ca0ab045e0952 | |
| # TODO: lunix support | |
| # Thanks to Francesco for showing me this method | |
| CPMAddPackage( | |
| NAME IntelPIN | |
| VERSION 3.18 | |
| URL https://software.intel.com/sites/landingpage/pintool/downloads/pin-3.18-98332-gaebd7b1e6-msvc-windows.zip |
mrexodia
/ IDAReferences.java
Last active
May 5, 2023 23:12
Actually nice to use references for Ghidra
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Emulate IDA's xref window | |
| //@author Duncan Ogilvie | |
| //@category Analysis | |
| //@keybinding X | |
| //@menupath Navigation.IDA References | |
| //@toolbar | |
| // Reference: https://www.reddit.com/r/ghidra/comments/h07yoo/comment/fukuj1c | |
| import ghidra.app.cmd.data.CreateArrayCmd; | |
| import ghidra.app.decompiler.ClangFuncNameToken; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" ?> | |
| <bzexclusions> | |
| <!-- Editable Exclusions: You may edit this file. WARNING: ONLY FOR ADVANCED USERS! --> | |
| <!-- To restore the defaults, remove this file (it will return).--> | |
| <!-- --> | |
| <!-- Rule 1: All the excludefname_rule below are case insensitive. --> | |
| <!-- --> | |
| <!-- Rule 2: a file must match ALL criteria on the line to be excluded from backup. --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <cstdint> | |
| #include <cstring> | |
| #include <type_traits> | |
| #include <Windows.h> | |
| void read_memory(const void* address, void* dst, size_t len) | |
| { | |
| printf("read_memory(%p, %zu)\n", address, len); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ClearTypes | |
| AddStruct ST | |
| AppendMember char, a | |
| AppendMember int, y | |
| SizeofType ST | |
| VisitType ST | |
| AddType "unsigned int", DWORD | |
| SizeofType DWORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| int gtfo(const char* text = "") | |
| { | |
| printf("gtfo! (%s)\n", text); | |
| return -1; | |
| } | |
| int main(int argc, char* argv[]) |
NewerOlder