With thanks to willpatera for the google apps script this is based on.
log-memory.py as appropriate)google code.js into the window| # Quick and dirty BN script for part of the whooo-r-u challenge during DEFCON Quals 2020. | |
| # Used to identify likely environment variables and library names that were | |
| # fed to other fuzzing sripts for SUID abuse | |
| from binaryninja import * | |
| import os | |
| from pprint import pprint | |
| import json | |
| libname = "getenv" #re-ran the script with different arguments, not elegant, but it's CTF and both take a string in the first parameter... |
| if which dig >/dev/null 2>/dev/null | |
| then | |
| alias remoteip="dig +short myip.opendns.com @resolver1.opendns.com" | |
| elif which curl >/dev/null 2>/dev/null | |
| then | |
| alias remoteip="curl http://ipecho.net/plain" | |
| fi | |
| function localip() | |
| { | |
| case "$OSTYPE" in |
| The number of cancelled conferences has really driven home to me that we have | |
| crap for online training. The educational market surely has solutions to these | |
| problems, but in the paid commercial training space, where are the platforms | |
| designed for live interactive training that aren't just video chat with a very | |
| thing skin on them?! | |
| Here's my proposed wish-list of features. I've added a [ranking] where [1] is | |
| must have, and [3] is nice to have. | |
| - [2] Ability to drive students to specific web resources or local |
| H4sIAAAAAAAAAzWQTUsCH4sIAAAAAAAAAzWQTUsCH4sIAAAAAAAAAzWQTUsCH4sIAAAAAAAAAzWQTUs | |
| URSG70QDMQRX123O0j9gURSG70QDMQRX123O0j9gURSG70QDMQRX123O0j9gURSG70QDMQRX123O0j9 | |
| DBKUpGRE7SSi1Vh30qhGDBKUpGRE7SSi1Vh30qhGBKUpGRE7SSi1Vh30qhOGBKUpGRE7SSi1Vh30qhO | |
| nCmxVYWbPvwH/YVqFYiLnCmxVYWbPvwH/YVqYiLnCmxVYWbPvwH/YVqYiLnCmKxVYWbPvwH/YVqYiLn | |
| TM2PVkm0CAp1eXfWKnd1TM2PVkm0CAp1efWKnd1TM2PVkm0CAp1efWKnd1TM2PVkvm0CAp1efWKnd1T | |
| 7rG5cN/znufcGQ5vohQ+7rG5cN/znufGQ5vohQ+7rG5cN/znufGQ5vohQ+7rG5cN/zSnufGQ5vohQ+7 | |
| 1RirbDLG5Dy6MhpWVZIo1RirbDLG5y6MhpWnVZIo1RirbDLG5y6MhpWnVZIo1RrbDLG5ty6MhpWnVZI | |
| hXfVaBo919t6UmN0eEBfhXfVaBo99t6UmN0peEfhXfVaBo99t6UmN0peEfhVXfaBo99t6dUmN0peEfh | |
| Q8tD0ubDV5tH+h1NBpHYQ8tD0ubV5tH+h1NOBpYQ8tD0ubV5tH+h1NOBpYQF8t0ubV5tH+vh1NOBpYQ | |
| 3Pz4on5Cav/9iPpJ+Y0f3Pz4onCav/9iPpJE+Yf3Pz4onjCav/9ipJE+Yf3XPzonjCav/9ifpJE+Yf3 |
| hs.hotkey.bind({"cmd", "alt", "ctrl", "shift"}, "4", function() | |
| local timeStamp = string.gsub(os.date("%Y-%m-%d_%T"), ":", ".") | |
| local fileName = os.getenv("HOME") .. "/Desktop/ss-" .. timeStamp .. ".png" | |
| local windowId = hs.window.frontmostWindow():id() | |
| hs.task.new("/usr/sbin/screencapture", nil, {"-l" .. windowId, fileName }):start() | |
| end) |
| import json | |
| from PySide2.QtGui import QGuiApplication | |
| settings = json.loads(binaryninja.Settings().serialize_schema()) | |
| table = """|Category|Setting|Default|Type|Description| | |
| |---|---|---|---|---| | |
| """ | |
| for category in settings: | |
| for setting in settings[category]['settings']: | |
| title = settings[category]['settings'][setting]['title'] |
| annotation="" | |
| for instruction in current_basic_block.get_disassembly_text(): | |
| if instruction.address >= current_selection[0] and instruction.address < current_selection[1]: | |
| address = instruction.address | |
| value = instruction.tokens[-1].value | |
| operand = instruction.tokens[-1].operand | |
| type = IntegerDisplayType.CharacterConstantDisplayType | |
| current_function.set_int_display_type(address, value, operand, type) | |
| annotation += chr(instruction.tokens[-1].value) | |
| log_info("Adding comment for string: %s" % annotation) |
| { | |
| "python" : | |
| { | |
| "interpreter": "/usr/local/Frameworks/Python.framework/Versions/3.7/lib/libpython3.7.dylib" | |
| } | |
| } |
| { | |
| "python" : | |
| { | |
| "interpreter" : "/usr/local/Frameworks/Python.framework/Versions/3.7/lib/libpython3.7.dylib" | |
| } | |
| } |