Skip to content

Instantly share code, notes, and snippets.

Avatar
:shipit:
hacking intensifies

Tim Strazzere strazzere

:shipit:
hacking intensifies
View GitHub Profile
View extract_gnu_debugdata_for_ida.sh
#!/bin/bash
# quick and dirty bash script to extract .gnu_debugdata section
# from ELF binaries to generate an IDC script that adds these
# names as symbols
# --rpw, 2020-06-21
SYMBOLFILE=debugdata_symbols.elf
if [ $# -lt 1 ]; then
echo "you need to supply a path to a binary"
View to_decrypt
This file has been truncated, but you can view the full file.
antistatic/spinnerwheel/AbstractWheel$1
antistatic/spinnerwheel/AbstractWheel$2
antistatic/spinnerwheel/AbstractWheel$3
antistatic/spinnerwheel/AbstractWheel$SavedState
antistatic/spinnerwheel/g$1
antistatic/spinnerwheel/g$2
bolts/AndroidExecutors$UIThreadExecutor
bolts/BoltsExecutors$ImmediateExecutor
bolts/CancellationTokenSource$1
@strazzere
strazzere / ADVDeobfuscator.py
Created May 17, 2018
Use unicorn to deobfuscate simple ADVobfuscator string encryptions, used by secneo
View ADVDeobfuscator.py
#!/usr/bin/env python
# fsck secneo
from __future__ import print_function
from unicorn import *
from unicorn.arm_const import *
from capstone import *
import binascii
DEBUG = False
View filename_validation.py
#!/usr/bin/env python
# diff
from __future__ import print_function
from unicorn import *
from unicorn.arm_const import *
import binascii
import sys
# code to be emulated
View test.config
# sample synergy configuration file
#
# comments begin with the # character and continue to the end of
# line. comments may appear anywhere the syntax permits.
# +-------+ +--------+ +---------+
# |Laptop | |Desktop1| |iMac |
# | | | | | |
# +-------+ +--------+ +---------+
section: screens
View LocationRequest.java
// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3)
package com.google.android.gms.location;
import android.os.*;
import com.google.android.gms.common.internal.ReflectedParcelable;
import com.google.android.gms.common.internal.safeparcel.AbstractSafeParcelable;
import com.google.android.gms.common.internal.zzz;
@strazzere
strazzere / output.bash
Created Sep 12, 2017
Baksmali to Smali
View output.bash
rigby:contents diff$ ls -l
total 12600
-rw-r--r-- 1 diff staff 13268 Dec 31 1979 AndroidManifest.xml
drwxr-xr-x 6 diff staff 204 Sep 12 14:03 META-INF
-rw-r--r-- 1 diff staff 623 Dec 31 1979 androidannotations-api.properties
drwxr-xr-x 4 diff staff 136 Sep 12 14:03 assets
-rw-r--r-- 1 diff staff 939 Dec 31 1979 build-data.properties
-rw-r--r-- 1 diff staff 5646628 Dec 31 1979 classes.dex
drwxr-xr-x 3 diff staff 102 Sep 12 14:03 jsr305_annotations
drwxr-xr-x 5 diff staff 170 Sep 12 14:03 lib
@strazzere
strazzere / blah.c
Created Sep 6, 2017
Example of calling android method from native code
View blah.c
void Log(std::string s){
JNIEnv *env;
g_JavaVM->GetEnv((void**)&env, JNI_VERSION_1_6);
jstring jstr1 = env->NewStringUTF(s.c_str());
jclass clazz = env->FindClass("diff/strazzere/secret/method");
// Later part is dalvik notation for parameters and return value, string param and void return value here
jmethodID mid = env->GetStaticMethodID(clazz, "methodname", "(Ljava/lang/String;)V");
View backdoor.go
package main
import (
"fmt"
"net"
"os"
"sync"
"time"
)
@strazzere
strazzere / Makefile
Created Jul 14, 2017
Decryption for most Kony
View Makefile
all:
gcc decrypt.c -I/usr/local/opt/boringssl/include -L/usr/local/opt/boringssl/lib -lcrypto -o kony_decrypt
You can’t perform that action at this time.