Skip to content

Instantly share code, notes, and snippets.

@pyllyukko
pyllyukko / red_pill.r2
Created January 10, 2023 14:21
r2 graphing
# Run with r2 -q -i red_pill.r2 --
agn "red pill"
agn "see how deep the rabbit hole goes"
agn "story ends"
age "red pill" "see how deep the rabbit hole goes"
age "red pill" "story ends"
agg
@pyllyukko
pyllyukko / fineid.md
Last active January 14, 2024 09:49
FINEID notes

FINEID

Card

pcsc_scan (from pcsc-tools) output:

3B 7F 96 00 00 80 31 B8 65 B0 85 04 02 1B 12 00 F6 82 90 00
@pyllyukko
pyllyukko / UnlockYourFiles.exe.r2
Created October 26, 2021 16:14
#flareon8 02 - known
# 02 - known
# 435366bfc2e8aff17ff107bf1274b7dca0b189be54e7251aa192ec8e73064424
# few analysis commands to find the functions
aa
aac
# type analysis for win API calls
aaft
# name functions
afn strlen @0x00401000
#!/bin/bash
# pkg_audit.sh for FreeBSD
# Run from cron so it will mail the diff
umask 077
oldlog="/root/pkg_audit.txt"
newlog="$( /usr/bin/mktemp )"
@pyllyukko
pyllyukko / patch.sh
Last active September 9, 2020 13:43
Patch
#!/bin/sh
if [ -z "${R2PIPE_IN}" ]; then
echo "r2 -wqi ${0} /path/to/binary"
exit 1
fi
R="r2p"
hit="$(${R} '/x 83f81e0f8417')"
if [ -z "${hit}" ]
then
${R} '?E Failed :(' 1>&2
@pyllyukko
pyllyukko / Makefile.download_firefox
Last active November 22, 2017 17:30
Firefox downloader
#
# Makefile that downloads & verifies Firefox
#
FF_VERSION:=57.0
ARCH:=x86_64
SHELL:=/bin/bash
.PHONY: download
download: firefox/linux-$(ARCH)/en-US/firefox-$(FF_VERSION).tar.bz2
@pyllyukko
pyllyukko / ip_to_int.sh
Last active May 13, 2022 23:19
Convert IP address string to integer
#!/bin/sh
function ip_to_int() {
local -ai M=(0 16777216 65536 256 1)
local -i INT=0
local OIFS=${IFS}
IFS="."
set -- ${*}
for I in {1..4}
do
let INT+=$[${!I}*${M[${I}]}]
@pyllyukko
pyllyukko / crackme0x00.exe.r2
Last active June 3, 2017 17:17
Some IOLI CRACKME solutions
oo+
wx eb0e @ 0x0040137a
@pyllyukko
pyllyukko / convert.sed
Created March 12, 2017 14:47
Convert OCL hashcat hash-mode 5600 (NetNTLMv2) to JtR netntlmv2
#!/bin/sed
# https://hashcat.net/wiki/doku.php?id=example_hashes
# https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/pass_gen.pl
s/^\(.*\)::\(.*\):\(.*\):\(.*\):\(.*\)$/\2\\\1:::\3:\4:\5::/
/******
ghacks user.js * date: 18 Feb 2017 vs pyllyukko user.js
WHAT ghacks has that pyllyukko doesn't
******/
/*** 0100: STARTUP ***/
// 0101: disable "slow startup" options
// warnings, disk history, welcomes, intros, EULA, default browser check
user_pref("browser.slowStartup.notificationDisabled", true);
user_pref("browser.slowStartup.maxSamples", 0);