Skip to content

Instantly share code, notes, and snippets.


Claud Xiao secmobi

View GitHub Profile
AKosterin /
Last active Jul 3, 2019
New Dexguard String decoder for JEB 1.5. Tested on GFE 3.1.3. This release auto parse decoder function.
import jeb.api.IScript;
import jeb.api.JebInstance;
import jeb.api.ast.*;
import jeb.api.ast.Class;
import jeb.api.dex.*;
import jeb.api.ui.JavaView;
import jeb.api.ui.View;
import java.util.Arrays;
import java.util.HashMap;
andyg5000 / usr.sbin.sshd
Created Jan 5, 2016
SSHD AppArmor profile
View usr.sbin.sshd
# ------------------------------------------------------------------
# Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2012 Canonical Ltd.
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
# ------------------------------------------------------------------
View top100AppProjects.csv
Project # of Top 100 Free Apps (US)
facebook-ios-sdk 67
Bolts-iOS 48
AFNetworking 39
Google-Mobile-Ads-SDK 38
Reachability (Apple) 38
Crashlytics 37
Flurry-iOS-SDK 31
CocoaPods 30
GoogleConversionTracking 29
AKosterin /
Created Aug 16, 2015
JEB Plugin for decrypt DexGuard encrypted Strings.
import jeb.api.IScript;
import jeb.api.JebInstance;
import jeb.api.ast.*;
import jeb.api.ast.Class;
import jeb.api.dex.Dex;
import jeb.api.dex.DexCodeItem;
import jeb.api.dex.DexFieldData;
import jeb.api.dex.DexMethod;
import jeb.api.ui.JavaView;
import jeb.api.ui.View;
These two files should help you to import passwords from mac OS X keychains to 1password.
1) You have some experience with scripting/are a power-user. These scripts worked for me
but they haven't been extensively tested and if they don't work, you're on your own!
Please read this whole document before starting this process. If any of it seems
incomprehensible/frightening/over your head please do not use these scripts. You will
probably do something Very Bad and I wouldn't want that.
2) You have ruby 1.9.2 installed on your machine. This comes as standard with Lion, previous
versions of OS X may have earlier versions of ruby, which *may* work, but then again, they
sheagcraig /
Last active Dec 6, 2018
Check for Adware per Apple Kbase article
"""Identify or remove files known to be involved in Adware/Malware
Most of the code applies to building a list of malware files. Thus,
both extension attribute and removal handling are included.
Cleans files as a Casper script policy; thus, it expects four total
arguments, the first three of which it doesn't use, followed by
steakknife /
Last active Aug 29, 2015
After reading the AppBuyer article...
#!/usr/bin/env bash
set -e
MALWARES='Unflod AdThief AppBuyer'
# folks say
Unflod() { # aka SSLCreds
cat << PWND
Fuzion24 /
Last active Aug 29, 2015
Nexus 5 Local DOS - Reboots Phone with zero permissions
package com.nexus5.dos;
import android.content.Intent;
import android.os.Bundle;
import android.view.Menu;
import android.view.MenuItem;
import android.view.View;
import android.widget.Button;
public class MainActivity extends ActionBarActivity {
k3170makan / AndroidManifestFuzzer
Last active Oct 5, 2016
Nifty Little Bash Script for Fuzzing Application AndroidManifest.xml's
View AndroidManifestFuzzer
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue
walkie / fslogger.c
Last active Jul 22, 2020
Patched version of Amit Singh's fslogger utility, which logs file system events in OS X.
View fslogger.c
* fslogger.c
* A patched version of Amit Singh's fslogger utility, which logs file system
* events in OS X.
* This version fixes a small bug where four characters were missing from
* the beginning of each file path. It also eliminates a compiler warning.
* To compile:
You can’t perform that action at this time.