Skip to content

Instantly share code, notes, and snippets.

@sh4dowb
sh4dowb / phpkoru-deobfuscate-3.php
Last active February 19, 2024 21:14
PHPkoru.com v1.0.7 deobfuscator. Make sure to run it isolated, to prevent any attacks from eval'd code
<?php
// put encrypted code in encrypted.php, or use it like:
// $ php phpkoru-deobfuscate-3.php encryptedfilename.php
// UPDATED v1.0.7 , if you are getting error "IV passed is only 15 bytes long", try this
// for decrypting advanced (.dll/.so) version contact me on telegram
function trydecrypt($fn, $b64='fge_ebg13‎‎‎‎', $rot13='bcraffy_qrpelcg‎'){
eval('$'.$b64.'="base64_decode";');
eval('$'.$rot13.'="str_rot13";');
@sh4dowb
sh4dowb / unmarshal-ruby-date.py
Created May 15, 2023 18:09
decode/unmarshal Ruby Date in python
from datetime import date, timedelta
from rubymarshal.classes import UsrMarshal
from rubymarshal.reader import loads
data = b'\x04\x08U:\tDate[\x0bi\x00i\x03\xe5R%i\x00i\x00i\x00f\x0c2299161'
# 1984-12-18
data = loads(data)
if isinstance(data, UsrMarshal):
# data._private_data[1] is days since Julian Day (November 24, 4714 BC)
data = (date(1900, 1, 1) + timedelta(days=data._private_data[1] - 2415021)).strftime('%Y-%m-%d')
@sh4dowb
sh4dowb / phpkoru-deobfuscate-2.php
Last active September 15, 2024 00:25
PHPkoru.com v1.0.6 (new) deobfuscator. Make sure to run it isolated, to prevent any attacks from eval'd code
<?php
// V1.0.7 DEOBFUSCATOR: https://gist.github.com/sh4dowb/68c9e090a3006b1d19ce49a22529c0a5
// put encrypted code in encrypted.php, or use it like:
// $ php phpkoru-deobfuscate-2.php encryptedfilename.php
// for decrypting advanced version contact me on telegram
function decrypt($fn, $try=0){
$onfr64_qrpbqr = 'base64_decode';
@sh4dowb
sh4dowb / fuck-ethereum.py
Last active December 8, 2022 02:56
run a fucking ethereum VERY LIGHT client that uses cloudflare rpc
"""
do you have an app that fucking supports geth only?
and after new cryptobros got high and decided you should have at least 1 TB SSD and 10 fucking free days to synchronize to run a "fast" node, you can't be fucking bothered?
well I did, and there you fucking go. this fucking shit gets all stupid motherfucking data from cloudflare and handles account creation and sending etc
fuck you web 3.0
run geth with snap and dont run no consensus or what in the flying fuck that is
note that you probably need to add more methods to the cloudflare array for block and tx fetching etc.
I also added gas price fetching because the app was fucking dumb and sending 0x0
@sh4dowb
sh4dowb / catch_all.txt
Created January 15, 2022 19:32
catch-all mail server installation on ubuntu
# redirect MX record to your server ip
apt install postfix
adduser myuser # necessary - you cannot login as root on dovecot imap
# add user
nano /etc/postfix/virtual
# @example.com myuser
# info@example.com info # optional
@sh4dowb
sh4dowb / stake_limbo_verify.py
Created December 8, 2021 23:49
verify stake.com limbo outcome with python
import hmac
import hashlib
def getLimboOutcome(server, client, nonce):
server = server.encode()
client = client.encode()
nonce = str(nonce).encode()
round = 0
hash = hmac.new(server, client+b':'+nonce+b':'+str(round).encode('utf-8'), hashlib.sha256).digest()
first4 = hash[:4]
@sh4dowb
sh4dowb / decrypt.py
Created September 17, 2021 19:41
Decrypt crypto-js default AES encryption with OpenSSL KDF in Python 3
# I absolutely hated crypto-js for this. non-standard configurations, weird algorithms, ...
# well obviously you can encrypt it with a better configuration which people will not
# go crazy figuring out its implementation, but in this case I wasn't encrypting the data.
import base64
from Crypto.Hash import MD5
from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES
# generated using: CryptoJS.AES.encrypt('test 123456 plaintext', 'some password').toString()
@sh4dowb
sh4dowb / send_usdt.py
Last active March 16, 2024 18:55
tronapi python mass USDT payment - send mass USDT payments with python
import time
from tronapi import Tron
full_node = 'https://api.trongrid.io'
solidity_node = 'https://api.trongrid.io'
event_server = 'https://api.trongrid.io'
pkey = "private_key_hex"
payments = [
@sh4dowb
sh4dowb / atomic_eth.js
Created May 30, 2021 20:03
atomic wallet get eth private key / address by mnemonic seed
// fuck you atomic. why can't you just be fucking normal?
// east home innocent snake icon curtain series brave guard program history stand
// BIP39 seed:
var seed = new Uint8Array([70, 78, 5, 155, 232, 171, 38, 78, 191, 56, 142, 102, 122, 20, 65, 239, 127, 215, 39, 174, 28, 222, 17, 150, 102, 129, 182, 172, 246, 80, 15, 19, 79, 248, 113, 244, 95, 101, 33, 96, 203, 181, 243, 63, 23, 9, 71, 102, 37, 216, 196, 6, 77, 209, 18, 2, 107, 12, 239, 38, 249, 29, 107, 249]);
var s = require('ethereum-cryptography/pure/hdkey').HDKey;
var t = require('ethereumjs-wallet');
var w = s.fromMasterSeed(seed);
@sh4dowb
sh4dowb / decrypt_ruby_MessageEncryptor.py
Last active April 17, 2021 18:14
Decrypt Ruby's ActiveSupport::MessageEncryptor on Python 3
import hashlib
import base64
from Crypto import Random
from Crypto.Cipher import AES
import rubymarshal.reader
from pbkdf2 import PBKDF2
SECRET = "asdasd"
ITERATIONS = 65536
KEYLENGTH = 32