Skip to content

Instantly share code, notes, and snippets.

Nicholas Starke nstarke

  • Bondurant, IA
Block or report user

Report or block nstarke

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View lldp-fuzzer.py
#!/usr/bin/env python
#
# A naive LLDP Fuzzer
# Released Jun 18, 2019
# Author: Nicholas Starke
#
from scapy.all import *
import time
@nstarke
nstarke / extract-netgear-chk-firmware.md
Created May 12, 2019
Extract Netgear .chk Firmware
View extract-netgear-chk-firmware.md

Extract Netgear .chk Firmware

I recently ran into a situation where binwalk -M -e $FIRMWARE failed me. This was for a Netgear firmware image that ended in a .chkextension.

The firmware file name was R7960P-V1.0.1.34_1.0.20.chk.

This is the output when I ran binwalk R7960P-V1.0.1.34_1.0.20.chk:

$ binwalk R7960P-V1.0.1.34_1.0.20.chk
@nstarke
nstarke / JScrambler-Review.md
Last active May 28, 2019
JScrambler Review
View JScrambler-Review.md

I've recently been working on JavaScript Obfuscation. I've read as much as I can from the internet about options and capabilities. It is clear there is one winner out of all the offerings available.

JScrambler Review

JScrambler (https://jscrambler.com/) is a paid product featuring JavaScript Obfuscation capabilities. When it comes to obfuscating JavaScript, it is the gold standard.

This is what the internet proclaimed as I read it [1]. However, it was truly difficult to assess how accurate these claims are; essentially the only public obfuscation examples they provide are:

https://jscrambler.com/products/code-integrity/javascript-obfuscation

@nstarke
nstarke / egodeath-obfuscator-example2.html
Last active May 6, 2019
Egodeath Obfuscator Example 2
View egodeath-obfuscator-example2.html
console.assert = function (){};
console.clear = function (){};
console.count = function (){};
console.error = function (){};
console.group = function (){};
console.groupCollapsed = function (){};
console.groupEnd = function (){};
console.info = function (){};
console.log = function (){};
console.table = function (){};
@nstarke
nstarke / slice.sh
Created Feb 24, 2019
Slice audio file into equal sized parts
View slice.sh
#!/bin/sh
for LINE in *.wav
do
echo "$LINE"
mkdir -p -- "_$LINE/4"
mkdir -p -- "_$LINE/16"
mkdir -p -- "_$LINE/64"
LENGTH=$(soxi -D "$LINE")
INTERVAL=$(echo "$LENGTH/4" | bc -l)
@nstarke
nstarke / toy-obfuscator01.js
Created May 6, 2018
JavaScript: Toy Obfuscator 1
View toy-obfuscator01.js
// Toy Obfuscator 1
// This is not meant to be a serious attempt at obfuscation, though it does work.
// run with CODE_FILE=source.js node toy-obfuscator01.js
var fs = require('fs');
var code = fs.readFileSync(process.env.CODE_FILE).toString();
var globalReserved = [];
var matrix = [];
var magicBlank = Math.floor(Math.random() * 127) + 127;
@nstarke
nstarke / dell-precision-7510-problem.md
Created May 3, 2018
Dell Precision 7510 System Failure after Monitor turns off in Ubuntu 16.04 / 17.10 / 18.04
View dell-precision-7510-problem.md

Dell Precision 7510 System Failure after Monitor turns off in Ubuntu 16.04 / 17.10 / 18.04

I have been experiencing a problem with my Dell Precision 7510 laptop. When using Ubuntu, configured to turn the monitor off after n minutes, the computer would become unresponsive if I let it stay "asleep" for longer than a few minutes.
At this point, when I tried to wake the laptop up by pressing a key or moving the mouse, the computer wouldn't respond at all. The only option was to restart the computer using a hard stop (pressing the power key for 5 seconds).

After months of problems and troubleshooting, I isolated the problem to the system BIOS, and indeed, according to the Dell Bios Changelog (link here) some of the bug fixes mention problems with crashes related to the monitor shutting off. It is worth noting that I had this problem with BIOS revision 1.15.4 and 1.14.4. BIOS version 1.15.4 is the latest a

@nstarke
nstarke / snmp-fuzzer.js
Created Apr 16, 2018
Simple SNMP Fuzzer
View snmp-fuzzer.js
// Simple SNMP Fuzzer
// Date: April 16, 2018
// Author: Nicholas Starke
// Run with: INTERVAL=500 REMOTE_PORT=161 REMOTE_HOST=127.0.0.1 node snmp-fuzzer.js
// requires bluebird
// npm install bluebird
if (!process.env.REMOTE_HOST) {
console.error('[*] Must set REMOTE_HOST environment variable');
@nstarke
nstarke / poc.js
Last active May 16, 2018
iOS 11.2.6 Memory Corruption Issue in CoreFoundation
View poc.js
// iOS Memory Corruption Issue in CoreFoundation
// Date: April 9th, 2018
// Author: Nick Starke
//
// This PoC was tested against iOS 11.2.6
// 11.3 does not seem to be vulnerable
// Causes an error in Safari, or an application crash if an app makes a HTTP request.
//
// Run this script using NodeJS:
// $ node poc.js
@nstarke
nstarke / xen-connect-two-vms-via-virtual-serial-port.md
Created Jan 5, 2018
Xen - Connect two VMs via Virtual Serial Port
View xen-connect-two-vms-via-virtual-serial-port.md

Xen - Connect two VMs via Virtual Serial Port

I have recently been working on debugging The Windows kernel.

For the version of Windows I am using (7 professional / 32-bit), the easiest way to debug the kernel is via serial port.

In VirtualBox this is easy, as VirtualBox provides robust serial port options that allow the user to specify a unix socket to use as a virtual serial cable. If the unix socket doesn't exist before the VM is booted VirtualBox, when booting the server VM, will create the unix socket on the filesystem. The client VM can then connect to the unix socket by specifying the same path in the VirtualBox serial port settings.

However, for my purposes it became necessary to use Xen as the hypervisor. I started by installing and configuring Xen on an Ubuntu server, then spinning up two Windows HVM guest VMs.

You can’t perform that action at this time.