skochinsky

; class 0/41
.class public super com/intel/dal/ipt/framework/AppletImpl
.super com/intel/util/IntelApplet


.field protected mIptf Lcom/intel/dal/ipt/framework/IptFramework;

.field  mReplyBuffer [B

.field  mInitialized Z

skochinsky

; found JEFF at 0x00022C04?
; JEFF length=00020D94
; class 0/235
.class public super abstract com/intel/crypto/CertificateChain
.super java/lang/Object
   .const [o304] = Int 16384 ; 0x00004000


.field protected static final MAX_CERTIFICATE_CHAIN_LENGTH I

skochinsky

{
  real_time:956280.161440 global_time:588919, event:`SYSCALL: socketcall' (state:ENTERING_SYSCALL) tid:18704, ticks:260023746443
 eax:0xffffffda ecx:0xbfb415f4 edx:0x0 ebx:0x11 esp:0xbfb414fc ebp:0x80f48ef8 esi:0xb5f50000 edi:0x0 eip:0x70000002 eflags:0x246 xcs:0x73 xss:0x7b xds:0x7b xes:0x7b xfs:0x0 xgs:0x33 orig_eax:0x66
}
{
  real_time:956280.161458 global_time:588920, event:`SYSCALLBUF_RESET' tid:18704, ticks:260023746443
}
{
  real_time:956280.161644 global_time:588921, event:`SYSCALL: socketcall' (state:EXITING_SYSCALL) tid:18704, ticks:260023746443
 eax:0xfffffff5 ecx:0xbfb415f4 edx:0x0 ebx:0x11 esp:0xbfb414fc ebp:0x80f48ef8 esi:0xb5f50000 edi:0x0 eip:0x70000002 eflags:0x246 xcs:0x73 xss:0x7b xds:0x7b xes:0x7b xfs:0x0 xgs:0x33 orig_eax:0x66

skochinsky

.version 49 0 

.class public super com/intel/crypto/NotInitializedException 
.super com/intel/crypto/CryptoException 

.method public <init> : ()V 
    .code stack 1 locals 1 
L0:     aload_0 
L1:     invokespecial Method com/intel/crypto/CryptoException <init> ()V 
L4:     return 

skochinsky

struct PFRegionEntry
{
  UINT32 FileOffset;
  UINT32 Size;
  UINT64 FlashAddress;
  UINT32 NameOffset; //absolute offset
};

struct PFHeader
{

skochinsky

import zipfile
import httpio
import sys

def usage():
  print("httpzip.py <url> [filename]")

if len(sys.argv)>1:
    url = sys.argv[1]
else:

skochinsky

# based on code from http://trendystephen.blogspot.be/2008/01/rich-header.html
import sys
import struct

# I'm trying not to bury the magic number...
CHECKSUM_MASK = 0x536e6144 # DanS (actuall SnaD)
RICH_TEXT = 'Rich'
RICH_TEXT_LENGTH = len(RICH_TEXT)
PE_START = 0x3c
PE_FIELD_LENGTH = 4

skochinsky

/*scan for far jumps or calls and print their location and destinations
 jmp: 1= search for jumps(0= calls)
 low16: only consider destinations with offset < 16
*/
static scan_jmp_call(jmp, low16)
{
    // start at the minimal address
    auto a = 0;
    auto x, seg, offs, dest;
    for (a = 0; x != BADADDR; a = x + 5 )// skip 5 bytes (size of far jmp/call opcode)

skochinsky

#
# arm64_sysregs_ios.py
# Brandon Azad
#
# Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre.
#

import idautils
import idc

skochinsky

#! python2
#-------------------------------------------------------------------------------
# Name:        dump_hdr.py
# Purpose:     dump header of a FujiFilm FinePix firmware update
# see https://reverseengineering.stackexchange.com/questions/22549/identifying-rom-segment-in-unknown-firmware-update-file
# Author:      Igor Skochinsky
#
# Created:     16-11-2019
# Copyright:   (c) Igor Skochinsky 2019
# Licence:     MIT