stong

5 c at 5 b at jut Yet At At At At At At At At At At At At Pt Pt jut jut jut jut Qt jut at 111 1 t t t t t t t t t t t t t t t t Pt Pt Pt Pt jut j j j j at Bet At j Qt Rt St j j j j at 4 Kt Qt Qt Rt St j j Pt j at 311 1 t t 321 1 111 1 Bet Bet At t Qt Yet u h a a a a Q X 4 y P Y I I I I I I I I I I I I I I I I I 7 Q Z j A X P 0 A 0 A k A A Q 2 A B 2 B B 0 B B A B X P 8 A B u J I 4 q Y P M I F 0 u 8 V O v O 3 C 5 8 U 8 T o P b b I 2 N l I i s R p q C K 9 y q N P d K z m m P A A X X X X X X X X X X X X X

stong

# Disclaimer and license
# This code is provided without any warranty whatsoever, express or implied. I don't take responsibility for what you choose to do with it.
# Only use this code in accordance with United States and local law. It is provided for educational purposes only.
# Don't use the code unless you already own a legitimate product license for Sublime Text or Sublime Merge.
# By using or studying the code you agree to abide by these terms and conditions.
# Do not contact me if the script is broken because I am not offering support for it.
# You may freely redistribute this code as long as this license is also attached.

# this script should be run in the binaryninja console
def yeet():

stong

def annotate_relocs():
    def find_relocation(bv, start, end):
        # assume that relocations can't straddle functions
        funcs = bv.get_functions_containing(start)
        if not funcs: return
        for func in funcs:
            bb = func.get_basic_block_at(start)
            if not bb: continue
            bb._buildStartCache()
            for i, insn_start in enumerate(bb._instStarts):

stong

## Find Available Target Editions
DISM.exe /Online /Get-TargetEditions

## Convert Server Standard 2019 Evaluation to Server Standard 2019
DISM /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEula

## How To Activate 
slmgr /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
slmgr /skms [server]:[port]
slmgr /ato

stong

// TLDR:
// Whitebox 128-bit rsa with e=17. Input is multiplied by a constant before the RSA

#include <Windows.h>
#include <stdio.h>
#include <stdint.h>

extern "C" void __fastcall rsa_encrypt (uint8_t* in, uint8_t* out);

// 1. Func is ~90kb, and control flow is simple. Should be decompilable just extremely SLOW.

stong

This PoC has been moved to an actual repo here.

stong

import sys
import os
from pwn import *

def tee_process(p):
    import threading
    import ctypes
    libc = ctypes.CDLL(None)
    splice = libc.splice
    tee = libc.tee

stong

cast rpc eth_sendTransaction '{"data": "'$(cat constructor_bytecode.txt)$(cat bytecode.txt)'"}'

stong

package org.mapleir;

import org.mapleir.app.client.SimpleApplicationContext;
import org.mapleir.app.service.ApplicationClassSource;
import org.mapleir.app.service.InstalledRuntimeClassSource;
import org.mapleir.asm.ClassHelper;
import org.mapleir.asm.ClassNode;
import org.mapleir.asm.MethodNode;
import org.mapleir.context.AnalysisContext;
import org.mapleir.context.BasicAnalysisContext;

stong

twitter.com##div[aria-label="Trending"]
twitter.com##aside[aria-label="Who to follow"]
twitter.com##a[aria-label="Search and explore"]
twitter.com##svg[aria-label="Verified account"]
twitter.com##a[aria-label="Communities"]
twitter.com##a[aria-label="Verified Orgs"]
twitter.com##a[aria-label="Jobs"]
twitter.com##a[aria-label="Top Articles"]
twitter.com##a[aria-label^="Notifications"]
twitter.com##a[aria-label="Home"]