Skip to content

Instantly share code, notes, and snippets.

View rpw's full-sized avatar

Ralf-Philipp Weinmann rpw

112 followers · 8 following
View GitHub Profile
@rpw
rpw / find_baseaddr.py
Created March 21, 2023 11:50
# reverse engineering tricks: Determine load addresses using string reference differentials
# (c) 2017-2023 Comsecuris GmbH
from idc import *
from idautils import *
from sets import Set
ATTEMPTS = 1
#############################################################################
@rpw
rpw / 20221207-openai-buchberger.tex
Created December 7, 2022 09:23
\documentclass[a4paper]{article}
\usepackage{helvet}
\usepackage{amsmath}
\usepackage{amsthm}
\renewcommand{\familydefault}{\sfdefault}
\author{OpenAI's ChatGPT}
\title{A description of Buchberger's algorithm}
\begin{document}
\maketitle
\begin{abstract}
@rpw
rpw / find_baseaddr.py
Created October 22, 2020 14:24
Find base addresses of flat firmware binaries using differences between string references
# Reverse engineering tricks:
# Determine load addresses using differences between string references
# (c) 2017 Comsecuris UG
from idc import *
from idautils import *
from sets import Set
ATTEMPTS = 10
@rpw
rpw / Dockerfile
Created August 20, 2020 14:21
Dockerfile for sys (https://github.com/PLSysSec/sys)
# Debian 10 requires LLVM 9 to be installed from source (no package, no backport),
# hence we use Debian 11 (testing) for now (to be released in 2021).
FROM debian:bullseye
MAINTAINER Ralf-Philipp Weinmann <ralf@comsecuris.com
RUN apt-get update && apt-get upgrade -y && \
apt-get install -y apt-utils build-essential sudo screen tmux
# Add user
RUN useradd -c 'User' -G sudo -s /bin/bash -m -g users user
@rpw
rpw / extract_gnu_debugdata_for_ida.sh
Created June 21, 2020 10:56
#!/bin/bash
# quick and dirty bash script to extract .gnu_debugdata section
# from ELF binaries to generate an IDC script that adds these
# names as symbols
# --rpw, 2020-06-21
SYMBOLFILE=debugdata_symbols.elf
if [ $# -lt 1 ]; then
echo "you need to supply a path to a binary"
@rpw
rpw / ARM-843419.md
Last active February 11, 2016 18:58

The following text is verbatim from the ARM Processor Cortex-A53 MPCore Product Revision r0 Software Developers Errata Notice.

Description

When executing in AArch64 state, a load or store instruction which uses the result of an ADRP instruction as a base register, or which uses a base register written by an instruction immediately after an ADRP to the same register, might access an incorrect address.

Configurations affected

All configurations of Cortex-A53 are affected.

Conditions

There are two instruction sequences which can trigger this erratum, both only in AArch64 state.