@strazzere Tim Strazzere strazzere

@strazzere strazzere / ADVDeobfuscator.py
Created May 17, 2018
Use unicorn to deobfuscate simple ADVobfuscator string encryptions, used by secneo
View ADVDeobfuscator.py
#!/usr/bin/env python
# fsck secneo
from __future__ import print_function
from unicorn import *
from unicorn.arm_const import *
from capstone import *
import binascii
DEBUG = False
@strazzere strazzere / filename_validation.py
Created Mar 23, 2018
View filename_validation.py
#!/usr/bin/env python
# diff
from __future__ import print_function
from unicorn import *
from unicorn.arm_const import *
import binascii
import sys
# code to be emulated
@strazzere strazzere / test.config
Created Oct 24, 2017
test
View test.config
# sample synergy configuration file
#
# comments begin with the # character and continue to the end of
# line. comments may appear anywhere the syntax permits.
# +-------+ +--------+ +---------+
# |Laptop | |Desktop1| |iMac |
# | | | | | |
# +-------+ +--------+ +---------+
section: screens
@strazzere strazzere / LocationRequest.java
Last active Sep 13, 2017
LocationRequest
View LocationRequest.java
// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3)
package com.google.android.gms.location;
import android.os.*;
import com.google.android.gms.common.internal.ReflectedParcelable;
import com.google.android.gms.common.internal.safeparcel.AbstractSafeParcelable;
import com.google.android.gms.common.internal.zzz;
@strazzere strazzere / output.bash
Created Sep 12, 2017
Baksmali to Smali
View output.bash
rigby:contents diff$ ls -l
total 12600
-rw-r--r-- 1 diff staff 13268 Dec 31 1979 AndroidManifest.xml
drwxr-xr-x 6 diff staff 204 Sep 12 14:03 META-INF
-rw-r--r-- 1 diff staff 623 Dec 31 1979 androidannotations-api.properties
drwxr-xr-x 4 diff staff 136 Sep 12 14:03 assets
-rw-r--r-- 1 diff staff 939 Dec 31 1979 build-data.properties
-rw-r--r-- 1 diff staff 5646628 Dec 31 1979 classes.dex
drwxr-xr-x 3 diff staff 102 Sep 12 14:03 jsr305_annotations
drwxr-xr-x 5 diff staff 170 Sep 12 14:03 lib
@strazzere strazzere / blah.c
Created Sep 6, 2017
Example of calling android method from native code
View blah.c
void Log(std::string s){
JNIEnv *env;
g_JavaVM->GetEnv((void**)&env, JNI_VERSION_1_6);
jstring jstr1 = env->NewStringUTF(s.c_str());
jclass clazz = env->FindClass("diff/strazzere/secret/method");
// Later part is dalvik notation for parameters and return value, string param and void return value here
jmethodID mid = env->GetStaticMethodID(clazz, "methodname", "(Ljava/lang/String;)V");
@strazzere strazzere / backdoor.go
Last active May 3, 2018
View backdoor.go
package main
import (
"fmt"
"net"
"os"
"sync"
"time"
)
@strazzere strazzere / Makefile
Created Jul 14, 2017
Decryption for most Kony
View Makefile
all:
gcc decrypt.c -I/usr/local/opt/boringssl/include -L/usr/local/opt/boringssl/lib -lcrypto -o kony_decrypt
@strazzere strazzere / detect.go
Created Jul 7, 2017
Quick test for Otto VM detection techniques
View detect.go
package main
import (
"fmt"
"github.com/robertkrimen/otto"
)
func main() {
vm := otto.New()
@strazzere strazzere / example.go
Created Jun 27, 2017
safer unsafe otto run
View example.go
package main
import (
"errors"
"fmt"
"os"
"time"
"github.com/robertkrimen/otto"
)