Skip to content

Instantly share code, notes, and snippets.

from pwn import *
import struct
context.log_level = 'debug'
SHELLCODE_NAME = 'shell.bin'
p = remote('fe80::5054:ff:fe63:5e7a%qemu', 31337)
ROP Analyze
Written by St4rk
The code is a total mess and I don't know python (it's one of many reasons
that I decided to use python here, to learn)
Feel free to modify and do whatever you want
# imports
st4rk / pad.c
Created October 28, 2019 21:43
View pad.c
void __cdecl pl_mv00_pad() {
int v0; // eax
v0 = G->Key & 0xC0;
if (v0 != 128 && v0 != 192 || *(s8*)(&G->Key_trg) >= 0)
goto LABEL_57;
if (sub_45F960())
View stuff.c
void *conf_lcd_io_for_rendering()
s_unknown_1 *g_struct; // r10
s_lcd_bg_io_conf *lcd_bg_io_conf; // r5
void *result; // r0
s_blending_io_conf *blending_io_conf; // r5
lcd_bg_io_conf = g_struct->lcd_bg_io_conf_200AC40;
IO_MOSAIC = lcd_bg_io_conf->mosaic_size; // set mosaic mode
memcpy32(&lcd_bg_io_conf->background_cnt0, &IO_BG0CNT, 0x38u);// configure BG
View gist:d4b79347cae5841a1d57da055cb770e9
[ 140.152498] Service <Debug> core/hle/service/audio/audout_u.cpp:AppendAudioOutBuffer_1:93: Key value: 0x108130230
[ 140.157304] Service <Debug> core/hle/service/audio/audout_u.cpp:AppendAudioOutBuffer_1:93: Key value: 0x108130258
[ 140.162091] Service <Debug> core/hle/service/audio/audout_u.cpp:AppendAudioOutBuffer_1:93: Key value: 0x108130280
[ 140.475143] Service <Debug> core/hle/service/audio/audout_u.cpp:GetReleasedAudioOutBuffer_1:116: Key value: 0x1080BA060
[ 140.480349] Service <Debug> core/hle/service/audio/audout_u.cpp:GetReleasedAudioOutBuffer_1:116: Key value: 0x1080BA088
Attempted to read from unmapped memory: 0xdce00c8930b2922a
#!/usr/bin/env python
Stack Pivot ropemporium
from pwn import *
import struct
import binascii
View sims.c
The Sims 3 save game checksum fix
#include <stdio.h>
#include <stdlib.h>
// the sims 3 code: sub_20935D0
unsigned int checksum(unsigned char *savegame, size_t size)
st4rk / parse_dump.cpp
Last active May 28, 2017 20:17
cmd: g++ parse.cpp -o kparse -lstdc++fs
View parse_dump.cpp
#include <iostream>
#include <cstdio>
#include <cstdlib>
#include <experimental/filesystem>
namespace fs = std::experimental::filesystem;
FILE *main_dump = nullptr;
bool parseFileToDump(const std::string& f) {
unsigned char *tmpBuff = nullptr;
st4rk / des_avr.c
Last active March 2, 2017 19:42
WIP DES Algorithm implementation focused to run on ATmega328p
View des_avr.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "des.h"
#ifdef DES_DEBUG
void printbin(unsigned char data) {
View des.h
#ifndef _DES_H_
#define _DES_H_
#define DES_DEBUG
* Permuted Choice 1