Skip to content

Instantly share code, notes, and snippets.

View mrphrazer's full-sized avatar

Tim Blazytko mrphrazer

389 followers · 5 following
View GitHub Profile
@mrphrazer
mrphrazer / gist:f0d13c1520eff596b048e0f754ec485a
Created July 26, 2023 14:46
### Keybase proof
I hereby claim:
* I am mrphrazer on github.
* I am mr_phrazer (https://keybase.io/mr_phrazer) on keybase.
* I have a public key ASBLJQRgveswHNa7aUL31GGoC_OdHg1a6Ab0wH_1x6uMBAo
To claim this, I am signing this object:
@mrphrazer
mrphrazer / graph_analysis.py
Created March 15, 2021 19:44
Control-flow graph analysis using Miasm
# (c) Tim Blazytko 2021
# implementation used in the blog post "Introduction to Control-flow Graph Analysis"
# https://synthesis.to/2021/03/15/control_flow_analysis.html
from miasm.core.graph import DiGraph
# define edges
edges = [
("a", "b"),
("a", "c"),
("b", "d"),
@mrphrazer
mrphrazer / flattening_heuristic.py
Created March 4, 2021 20:28
Flattening Heuristic Implementation
# (c) Tim Blazytko 2021
# implementation based on the blog post "Automated Detection of Control-flow Flattening"
# https://synthesis.to/2021/03/03/flattening_detection.html
import sys
from miasm.analysis.binary import Container
from miasm.analysis.machine import Machine
from miasm.core.locationdb import LocationDB
@mrphrazer
mrphrazer / asssembly
Last active November 5, 2015 23:03
angr test
0000000000400546 <foo>:
400546: 55 push %rbp
400547: 48 89 e5 mov %rsp,%rbp
40054a: 89 7d fc mov %edi,-0x4(%rbp)
40054d: 89 75 f8 mov %esi,-0x8(%rbp)
400550: 8b 45 f8 mov -0x8(%rbp),%eax
400553: c1 e0 02 shl $0x2,%eax
400556: 01 45 fc add %eax,-0x4(%rbp)
400559: 8b 45 fc mov -0x4(%rbp),%eax
40055c: 2b 45 f8 sub -0x8(%rbp),%eax
@mrphrazer
mrphrazer / test.c
Created November 5, 2015 20:34
angr test
#include<stdlib.h>
#include<stdio.h>
int foo(int a, int b)
{
a = a + 4*b;
b = a - b;
a = a*b;
b = a + 7;
@mrphrazer
mrphrazer / mipsel.dot
Created October 29, 2015 04:04
Mipsel assembly
digraph asm_graph {
loc_0000000000400710 [
shape="Mrecord" fontname="Courier New" label =<<table border="0" cellborder="0" cellpadding="3"><tr><td colspan="2" align="center" bgcolor="grey">loc_0000000000400710</td></tr> <tr><td align="left">ADDIU SP, SP, 0xFFFFFFC8</td></tr><tr><td align="left">SW RA, 0x34(SP)</td></tr><tr><td align="left">SW FP, 0x30(SP)</td></tr><tr><td align="left">ADDU FP, SP, ZERO</td></tr><tr><td align="left">SW A0, 0x38(FP)</td></tr><tr><td align="left">SW A1, 0x3C(FP)</td></tr><tr><td align="left">SW A2, 0x40(FP)</td></tr><tr><td align="left">LW V1, 0x38(FP)</td></tr><tr><td align="left">LW V0, 0x3C(FP)</td></tr><tr><td align="left">ADDU V1, V1, V0</td></tr><tr><td align="left">LW V0, 0x40(FP)</td></tr><tr><td align="left">ADDU V0, V1, V0</td></tr><tr><td align="left">SW V0, 0x20(FP)</td></tr><tr><td align="left">LW V1, 0x38(FP)</td></tr><tr><td align="left">LW V0, 0x3C(FP)</
@mrphrazer
mrphrazer / nux_api.py
Created May 24, 2015 02:37
miasm v1 nux_api
#
# Copyright (C) 2011 EADS France, Fabrice Desclaux <fabrice.desclaux@eads.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of